Using WireGuard on Windows as non-admin - proper solution?

Riccardo Paolo Bestetti pbl at bestov.io
Mon Nov 30 19:34:43 CET 2020


On Sun Nov 29, 2020 at 9:59 PM CET, Jason A. Donenfeld wrote:
> Alright. Well, if you do think of good reasons why NCO is not a good
> match for unpriv'd WireGuard control, please let me know. The whole
> basis of going that route is the apparent intuition that these two
> types of things, network modification and tunnel up/down, are one and
> the same. But if you have in mind a way where the analogy breaks down,
I had actually never thought about this specifically before this
discussion, but after deploying v0.3 I realized that network
modification and tunnel up/down are /not/ one and the same!

It makes sense that an employee, or even I when running as a non-admin,
would be able to up/down interfaces; but not create, modify or delete
them. It's the same with software: a standard user cannot install it or
uninstall it, but [s]he can use it.

I think this model really works well. I'm happy with it.

Riccardo



More information about the WireGuard mailing list