You can use fwknop to automate this type of sysadmin level changes in a secure manner. 

-Reuben

On Tue, Dec 3, 2019, 3:09 PM CHRIZTOFFER HANSEN <chriztoffer@netravnen.de> wrote:

Jason A. Donenfeld wrote on 27/11/2019 13:29:
> On Wed, Nov 27, 2019 at 10:07 AM Chris Bennett <chris@ceegeebee.com> wrote:
>> However I've found the logged in user needs local Administrator access to activate and de-activate a tunnel.  Is there any way around this?  Is it in the roadmap to remove this requirement?
>
> No intention of reducing the security of the system, no. WireGuard
> requires administrator access because redirecting an entire machine's
> network traffic is certainly an administrator's task.

What if you this functionality is coded as opt-in, for e.g. a org/corp
sysadmin to enable for the users, and *not* opt-out?

The the default knob will still be secure, and the sysadmin has the
conscious possibility to put power in the hand of the users. And it will
  be the sysadm's choice. Not the team behind pushing the development of
WireGuard forward, taking a choice on behalf of the consumer/user base.

Chriztoffer
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard