Actual plans for Windows client: PostUp/PreDown possible?
Stefan Puch
s.puch at web.de
Thu Nov 5 00:14:47 CET 2020
Hello!
I’d like to raise the question regarding an option for PostUp/PreDown with the
Windows client again, which was (to my research) first discussed here on the
mailing list at the beginning of December 2019 by Rémi and Jason A.
I thought about switching our OpenVPN setup to the modern Wireguard and started
reading if all my requirements could be fulfilled. So far I have some users with
no administrative privileges on their Windows computer when they want to connect
to a remote server in order to access some shared space (Samba filesystem).
Currently the users are using OpenVPN, which has a background service running
with admin rights (Windows service). Thus the users can simply use a shortcut on
the desktop to the OpenVPN-GUI including an appropriate config-file to connect
to the remote server. After the tunnel is established OpenVPN uses the
(optional) solution to place a batch file within the userspace
(%USERPROFILE%\OpenVPN\config) as CONFIG-NAME_up.bat / CONFIG-NAME_down.bat
where some stuff can be placed to mount a Samba filesystem after the connecting
and tunnel are established (net use z: \\10.0.0.1\data) and to unmount before
the tunnel is disconnected.
I’ve seen the concerns from Jason A. about spreading malware and the hint that
“Linux command line users can generally be trusted to check the config files
they're writing into /etc/wireguard”. From my point of view the same holds with
the solution provided from OpenVPN to use the batch files, which are optional,
can be checked by the user and have to be explicitly defined for each VPN profile.
Looking into the Windows specific todo list on the Wireguard homepage I didn’t
find any comments if this will be considered for later versions of the windows
client, if there will or won’t be a solution like this.
Maybe I have missed something, so my question would be, if someone can tell me
something about the current status or a possible implementation?
Kind regards
Stefan
More information about the WireGuard
mailing list