OpenVPN + Client Export v0.29: Way around Windows UAC ?

  • Hallo,

    I am using the OpenVPN RoadWarrior Setup and I am interested in how it works to make OpenVPN add routes and so on on a Windows 7 machine without popping up the UAC and to make it work for users without administrative priviledges.

    I read something on the forum and on github/redmine that this should work with OpenVPN 2.3 which can be downloaded with the OpenVPN Client Export utility.

    Can you please explain me:
    1.) If this is working for users without admin rights
    2.) What do I have to configure ?

    Thank you for your help.

  • Hi again,

    I think I found my problem.

    There is some difference to the "old" OpenVPN. The old version saved the config files and certificates here:

    C:\Program Files (x86)\OpenVPN\config

    Further it didn't make any difference if the config file and .p12 was in a subfolder.

    When using the management interface to add the routes without admin rights then the config is here:

    C:\Program Files (x86)\OpenVPN\OpenVPNManager\config

    And it makes a difference if these files are in a subfolder or not. If they are in a subfolder there is no connection to the management interface possible.

    I mixed my config files and its folder a little bit and this was the reason why it wasn't working. Now it dows -  8)

  • Rebel Alliance Developer Netgate

    Did you try using the client export option/checkbox for the OpenVPNManager gui?

    If you checked that, it uses a different GUI instead of the traditional OpenVPN windows GUI, so it probably does move things around a bit.

    I haven't tried that one myself, someone else contributed it, but it's supposed to work around the UAC issue. I believe it runs OpenVPN as a service.

    Running OpenVPN as a service can work fine for users, they just don't have the option to disconnect/reconnect or select different VPN profiles, so some people don't find it useful. There are instructions on the OpenVPN site for setting up the service registry entries.

  • Yes I tried with the "OpenVPNManager GUI" checkbox option.

    And it seems to run as a service and it works around the UAC control as far as I can see that with the few tests I did.
    And it still allows different OpenVPN configs so you are able to select them from the new/different GUI - but they all must be in the new folder path and they must not be in a subfolder and so - of course - must have different filenames for .key, .p12 and .ovpn.

    If the config is in the new path it seems that it will be run as a service and if it is in the "old" path it will run "normal".
    Configs in both paths are possible.

    At least it seems to work and the new features and the slightly different behaviour in GUI will need some time to test but is probably a good possibility to use. :)