Hi Chris!
This is WireGuard design. Reconfiguring network - which (dis)connecting VPN is – is administrative task.
If your organization issues laptops to their employees, the corporate VPN should be up at all times. You don't want them to disconnect from VPN and use those laptops on compromised networks, do you?
I did have an issue when roaming laptops to and from corporate WiFi, as the endpoint IP changes – restarting the tunnel helped, but adding a scheduled task to reset endpoint IP every 2 minutes using wg.exe command line works like a charm here. If that's the reason you would want your users to manipulate WireGuard tunnels?
Best regards,
Simon
From: WireGuard <wireguard-bounces@lists.zx2c4.com> On Behalf Of Chris Bennett
Sent: Thursday, September 26, 2019 4:35 AM
To: wireguard@lists.zx2c4.com
Subject: Wireguard for Windows - local administrator necessary?
Hi there,
I've been experimenting with the use of the Windows Wireguard agent for corporate VPN access. It's been working really well!
However I've found the logged in user needs local Administrator access to activate and de-activate a tunnel. Is there any way around this? Is it in the roadmap to remove this requirement?
Thanks!
Chris