wireguard on multi user windows ?

Simon Rozman simon at rozman.si
Mon Nov 30 12:13:21 CET 2020


If your chief finds out, your company laptop is being used by your kid and wife, taken to kid's school and what not, *then*, your chief will get very very very unhappy. :)

Imagine your kid having a trojan horse running on his desktop, just locks the desktop, you borrow back the computer to do some company work. When you connect to your company, the trojan horse gets all the network access to your company resources your VPN connection allows.

The WireGuard tunnel profiles are bound to computer, not individual users with a reason: on Windows, VPN connects the entire computer to a network. Not just a particular user.

Sorry, WireGuard is and will remain "unusable" for such ill and unsafe practices like yours.

Regards, Simon

-----Original Message-----
From: WireGuard <wireguard-bounces at lists.zx2c4.com> on behalf of Henning Ryll <henning.ryll at web.de>
Date: Sunday, 29 November 2020 at 22.03
To: "wireguard at lists.zx2c4.com" <wireguard at lists.zx2c4.com>
Subject: wireguard on multi user windows ?


    I'm looking for a (more or less) secure solution of installing and running wireguard.

    In our family we have only one notebook running win10/64.
    Since this is the only device with internet access it has to be reliable as possible. So we are running 4 accounts.
    admin, father, mother, son. Of course only the admin has admin rights. But all users have operator rights because the notebook is taken to different locations i.e. at school, to friends, during holiday.

    I'm running OpenVPN to do my homework with this notebook too. And because my openvpn.p12 file is protected by a password my family can not use it because the did not know my password. Even if they have physical access to it.

    But with wireguard there is no such protection. And with the new wireguard for windows the key files have been moved.
    And as far as i undertstud everybody in the operator group can start the wireguard tunnel.
    But my chief will be very very unhappy if this will occur ....

    How to install wireguard on a multiuser system. And only the owner of a keyfile can run his tunnel?
    Other users may be able to run other tunnels.
    Or is wireguard still unuseable for me and I have to stay at OpenVPN?


More information about the WireGuard mailing list