You can use fwknop to automate this type of sysadmin level changes in a secure manner.
-Reuben On Tue, Dec 3, 2019, 3:09 PM CHRIZTOFFER HANSEN <chriztof...@netravnen.de> wrote: > > Jason A. Donenfeld wrote on 27/11/2019 13:29: > > On Wed, Nov 27, 2019 at 10:07 AM Chris Bennett <ch...@ceegeebee.com> > wrote: > >> However I've found the logged in user needs local Administrator access > to activate and de-activate a tunnel. Is there any way around this? Is it > in the roadmap to remove this requirement? > > > > No intention of reducing the security of the system, no. WireGuard > > requires administrator access because redirecting an entire machine's > > network traffic is certainly an administrator's task. > > What if you this functionality is coded as opt-in, for e.g. a org/corp > sysadmin to enable for the users, and *not* opt-out? > > The the default knob will still be secure, and the sysadmin has the > conscious possibility to put power in the hand of the users. And it will > be the sysadm's choice. Not the team behind pushing the development of > WireGuard forward, taking a choice on behalf of the consumer/user base. > > Chriztoffer > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard >
_______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard