Announcement

**mdh** · 11-16-2007, 06:54 AM

Its only an issue with Vista. Then again, almost everything is an issue with Vista.

**GhostyDog** · 11-16-2007, 08:04 AM

Originally posted by mdh View Post

Its only an issue with Vista. Then again, almost everything is an issue with Vista.

Well I'm finding it to be an issue with XP as well, an administrative user can just connect via openvpn gui but all my users are standard users and when I try to connect logged in as them I get various error messages, am I better of starting a new thread detailing the errors I am getting?

**mdh** · 11-16-2007, 08:24 AM

Wow, I haven't seen a standard user in years! You could try setting up a standard (bad word here) for local accounts where standard users are granted rights to run this program, or if you're lucky, where you could push group policy out to their machine upon domain login. In the first case, that may mean the "friendly IT visit" for each person. If so, bring earplugs. If they logged in to the local machine after logging out of the domain, the cached login might go away, so it should properly be setup for both worlds. Thoughts?

**Silver Bullet** · 11-16-2007, 08:29 AM

Possibly adding them to the "Network Configuration Operators" built-in group will give them the necessary rights to connect with OpenVPN.

**GhostyDog** · 11-16-2007, 08:56 AM

Originally posted by mdh View Post

Wow, I haven't seen a standard user in years! You could try setting up a standard (bad word here) for local accounts where standard users are granted rights to run this program, or if you're lucky, where you could push group policy out to their machine upon domain login. In the first case, that may mean the "friendly IT visit" for each person. If so, bring earplugs. If they logged in to the local machine after logging out of the domain, the cached login might go away, so it should properly be setup for both worlds. Thoughts?

My Domain is fairly locked down, no user has administrative access to their own machine or any other, all software is deployed via Group Policy Software Installation and I've managed to maintain a standard platform across the business of Windows XP Pro and Office 2K3. In this way I can support 100 users at 2 sites and remote home workers on my own, about the worst problem I get is "I spilt coke on my keyboard". We have an AUP but I leave nothing to chance or disgruntled employees who I may have no control over.

Originally posted by Silver Bullet View Post

Possibly adding them to the "Network Configuration Operators" built-in group will give them the necessary rights to connect with OpenVPN.

Tried that, didn't work, didn't work as a Power User either

. Has anybody seen endpoint security software cause issues with OpenVPN? I have software called Devicewall that runs on all machines to stop people wandering off with data on ipods and usb drives. It can also stop network devices being used like wireless network devices.

**juank** · 11-16-2007, 10:12 AM

Did you check is the workstations are running the Windows Firewall thing? Or any "Antivirus" that decides to start blocking TCP ports?

I've had problems in the past, not with untangle, but with other "services" being blocked by the Windows firewall or our Mcafee Antivirus.

**GhostyDog** · 11-16-2007, 10:38 AM

Originally posted by juank View Post

Did you check is the workstations are running the Windows Firewall thing? Or any "Antivirus" that decides to start blocking TCP ports?

I've had problems in the past, not with untangle, but with other "services" being blocked by the Windows firewall or our Mcafee Antivirus.

Windows Firewall is a system configuration not a user one, whilst logged in as domain admin OpenVPN works perfectly, log in as a user and it stalls.

I think the best thing is to start a new thread, considering this is going off topic onto resolving the issues.

Cheers for all your input so far people

Very much appreciated.

Sean

**juank** · 11-16-2007, 10:54 AM

HowTo Run OpenVPN as a non-admin user in Windows

Hey,

Check this out:

HowTo Run OpenVPN as a non-admin user in Windows

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

With the current implementation of the TAP-Win32 driver included with OpenVPN, administrator privileges is required to open the TAP device. This means that openvpn.exe must be executed with administrator privileges. In many situations it's un recommended to do your day-to-day work logged on with an administrator account. Especially corporate environments often have a policy that users should never have administrator rights even on their local machine. Fortunately there are a few ways to work around this so OpenVPN can be used even in these environments.

Here I present you with two ways to run OpenVPN / OpenVPN GUI as a non-admin user: ....

**Silver Bullet** · 11-16-2007, 10:55 AM

Do they have appropriate permissions in the Program Files/OpenVPN directory?

**Silver Bullet** · 11-16-2007, 11:06 AM

I came across this. It suggests granting the users permissions to the OpenVPN service. Which makes since.

Running OpenVPN GUI as a non-admin user on the Windows PC...

You'll have to give the selected user access to start/stop the OpenVPN service:
Download subinacl (a component of the XP Resource Kit) from the Microsoft Website.
Open up a Command Prompt and run the following commands:

cd c:\program files\Windows Resource kits\Tools\
subinacl /SERVICE "OpenVPNService" /GRANT={username}=TO
exit

You'll need to change the following registry keys on the client PC: HKLM\Software\OpenVPN-GUI\allow_edit=0
HKLM\Software\OpenVPN-GUI\allow_password=0
HKLM\Software\OpenVPN-GUI\allow_proxy=0

And that's it... at this point, you should be able to log out and log back in (you'll need to do that *EVERY TIME* you make a change to the OpenVPN-GUI registry keys!), right click the OpenVPN icon in the systray, enter your username and password, and get a connection.

Might be worth trying it on a test PC first.

**Silver Bullet** · 11-16-2007, 11:09 AM

I just saw juank's post and it looks similar to the one I just posted. So, we're probably on to something here.

**GhostyDog** · 11-16-2007, 05:31 PM

Um... hate to say this but did anybody look at the link I posted in the first message on this thread?

**Silver Bullet** · 11-16-2007, 05:52 PM

Haha! That's pretty funny.

If you're in a Windows Domain, then why don't you just give them the permissions to the service in group policy? You may have to install the OpenVPN client on the Domain Controller to get it to show up as an available service. Otherwise you could create a security template from a XP box.

**GhostyDog** · 11-19-2007, 02:02 AM

Sorted it, not really happy with how I sorted it, but it's sorted

Announcement

Release of OpenVPN GUI 2.0 and Untangle integration?

Release of OpenVPN GUI 2.0 and Untangle integration?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment