Using WireGuard on Windows as non-admin - proper solution?

Phillip McMahon phillip.mcmahon at gmail.com
Sun Nov 29 13:09:11 CET 2020


Interesting thread to follow.

My larger concern here is that without an officially provided method
to run wg as non-admin on supported Windows platforms the following
may happen

1) Limited proliferation of wg in the huge corporate/SME space, or
similar cases where end-users are not admin and don't have access to
any form of admin entitlements, to provide modern management of VPN
config and security. This would be a huge miss. Network Configuration
Operators permissions would not be permissible in most orgs for
end-users.
2) Without that in a place a high probability of mutated versions of
wg existing all with varying quality of implementation for a non-admin
solution. This I think has the real potential to taint the reputation
of wg as a whole and misses out on a full native method to address
what I think is a huge use case to solve for.

I cannot imagine that the corporate and non-admin use case isn't on
the roadmap for wg. Maybe I am wrong, however, this thread doesn't
make that assumption any clearer.

On Sun, 29 Nov 2020 at 11:55, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> >>> One thing that is commonly implemented in other clients
> >> That sounds like it introduces a security vulnerability
> > Yes, it is
>
> I don't mean to be rude, but shouldn't the line of thought sort of
> come to a natural end there? We're trying very hard not to be in the
> business of creating security vulnerabilities, after all.



-- 
Use this contact page to send me encrypted messages and files

https://flowcrypt.com/me/phillipmcmahon

P.S. Drowning in email? Try SaneBox and take back control:
http://sanebox.com/t/old3m. I love it.


More information about the WireGuard mailing list