Duplicate IP address, and permissions problems on Windows

Daniel Lenski dlenski at gmail.com
Wed Apr 7 23:05:02 UTC 2021

On Wed, Apr 7, 2021 at 1:18 AM David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2021-04-06 at 18:17 -0600, Jason A. Donenfeld wrote:
> > With regards to permissions, you must be Local System, which is
> > already the case if you're running inside a service. If you'd like to
> > run as a mere Administrator process, you can steal a token with a
> > technique like https://git.zx2c4.com/wireguard-tools/tree/src/ipc-uapi-windows.h#n14
> > or https://git.zx2c4.com/wireguard-windows/tree/elevate/doas.go#n30
> Great, thanks!
> Is there a list of precisely which operations require such privileges?
> Is it only *creating* an adapter? Or only if doing so requires the
> kernel driver to be loaded for the first time?

I'm a little confused by this. In my testing of our recent builds of
OpenConnect on Windows 2012 R2 with wintun-0.10.2…

Running as Administrator *has been* sufficient to allow OpenConnect to
open the Wintun adapters, as well as to configure them with "netsh",

Is there some additional environment we should be testing in, where
Administrator may *not* be sufficient?


More information about the WireGuard mailing list