Wireguard for Windows - local administrator necessary?

Jason A. Donenfeld Jason at zx2c4.com
Thu Dec 12 21:26:59 CET 2019

On Thu, Dec 12, 2019 at 8:12 PM zrm <zrm at trustiosity.com> wrote:
> It makes sense that users shouldn't be able to manipulate WireGuard
> tunnels by default, but shouldn't it be possible to change the default
> through something less drastic than giving the user full administrator
> access?

I have no desire to add complex ACL schemes inside WireGuard. Catering
to that kind of user demand inevitably results in a security disaster.
Network and firewall config is an administrative task. Be
administrator. If you want to do otherwise, you're free to run your
own service that listens for commands on a named pipe with whatever
ACLs you want. But the development of that kind of ACL'd backdoor is
up to you and your organization.

More information about the WireGuard mailing list