From: Simon Rozman <simon@rozman.si>
To: Chris Bennett <chris@ceegeebee.com>,
"wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: RE: Wireguard for Windows - local administrator necessary?
Date: Wed, 27 Nov 2019 11:27:10 +0000 [thread overview]
Message-ID: <99D61A626FDA8A4B90A270669121BE10C9B3E6A8@PLANJAVA.amebis.doma> (raw)
In-Reply-To: <CABPTpJBGQcze6b3_tJij8Ysp8zwb_4fyQAEv_fy4Bx9YpVcpRw@mail.gmail.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 1309 bytes --]
Hi Chris!
This is WireGuard design. Reconfiguring network - which (dis)connecting VPN is – is administrative task.
If your organization issues laptops to their employees, the corporate VPN should be up at all times. You don't want them to disconnect from VPN and use those laptops on compromised networks, do you?
I did have an issue when roaming laptops to and from corporate WiFi, as the endpoint IP changes – restarting the tunnel helped, but adding a scheduled task to reset endpoint IP every 2 minutes using wg.exe command line works like a charm here. If that's the reason you would want your users to manipulate WireGuard tunnels?
Best regards,
Simon
From: WireGuard <wireguard-bounces@lists.zx2c4.com> On Behalf Of Chris Bennett
Sent: Thursday, September 26, 2019 4:35 AM
To: wireguard@lists.zx2c4.com
Subject: Wireguard for Windows - local administrator necessary?
Hi there,
I've been experimenting with the use of the Windows Wireguard agent for corporate VPN access. It's been working really well!
However I've found the logged in user needs local Administrator access to activate and de-activate a tunnel. Is there any way around this? Is it in the roadmap to remove this requirement?
Thanks!
Chris
[-- Attachment #1.1.2: Type: text/html, Size: 4904 bytes --]
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 4919 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-12-12 9:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-26 2:35 Wireguard for Windows - local administrator necessary? Chris Bennett
2019-11-27 11:27 ` Simon Rozman [this message]
2019-12-12 19:11 ` zrm
2019-12-12 20:26 ` Jason A. Donenfeld
2019-11-27 12:29 ` Jason A. Donenfeld
2019-12-03 21:07 ` [wireguard] " CHRIZTOFFER HANSEN
2019-12-04 0:35 ` Reuben Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=99D61A626FDA8A4B90A270669121BE10C9B3E6A8@PLANJAVA.amebis.doma \
--to=simon@rozman.si \
--cc=chris@ceegeebee.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.