Using WireGuard on Windows as non-admin - proper solution?
mailinglists at pcfreak.de
Fri Nov 13 13:03:34 CET 2020
a long time ago (wow 7 years now) OpenVPN was facing the same problem
and I had to come up with a solution at this time which I wrote down here:
especially the part "New and working solution for Windows 7 (and above)"
- Sorry, the images are gone since Dropbox killed public folders but I
still have them
somewhere lying arround.
I used Scheduled Tasks at logon of any user that automatically created
another !privileged! scheduled task for the nonprivileged user and
It was a bit of a hack but it worked until first SecurePoint, then
Sophos and finally OpenVPN.net came up with a client that communicated
with a service and
did no longer need administrative privileges to bring up a connection.
I think you could reproduce the same with Wireguard using my old scripts
posted above etc.
Not very nice but as always, time will tell.
On 13.11.2020 03:16, Jason A. Donenfeld wrote:
> Hi Viktor,
> I am actually interested in solving this. I took an initial stab at it
> here, but I'm not super comfortable with the implementation or the
> security implications:
> Aside from doing this from within our existing UI, the general
> solution using the service-based building blocks is to simply allow
> users to start and stop services that begin with "WireGuardTunnel$".
> So the flow is something like:
> 1. wireguard /installtunnelservice path\to\sometunnel.conf.
> 2. Change the ACLs on WireGuardTunnel$sometunnel to fit your user.
> 3. Have the user use `net start` and `net stop`, or similar, to
> control whether the service is up or down.
> That's not super pretty, but it should work, and it is automatable.
> Meanwhile, I'll keep thinking about various ways to do this in a more
> "first-party" way.
More information about the WireGuard