search

openconnect / openconnect-gui

MOVED TO https://gitlab.com/openconnect/openconnect-gui
https://gitlab.com/openconnect/openconnect-gui
GNU General Public License v2.0
1.28k stars 237 forks source link

feature request: openconnect-gui without admin privileges #102

Open ilvipero opened 8 years ago

ilvipero commented 8 years ago

Openconnect-gui needs to be run as admin in order to function properly, this seems to be a limitation of the OpenVPN TAP device. I also use OpenVPN GUI and it has the same limitation. This seem as a minor annoyance but many companies set users as unprivileged or power users. This means that OpenVPN GUI and Openconnect-GUI cannot really work in those environments. For OpenVPN there are many alternative clients, paid and free, that work around the issue. Viscosity paid but really inexpensive, and SecurPoint is free. Both work well for unprivileged users.

I thought we could use Cisco Anyconnect VPN client but the license states clearly that it cannot be used:

Q. Can I use AnyConnect to make VPN connections with non-Cisco VPN head-ends? A. No, AnyConnect's VPN services may only be used with appropriately licensed Cisco equipment. Use of AnyConnect with non-Cisco VPN equipment is strictly prohibited by our license agreement.

I am aware of other workarounds such as "RunAsTool", that can eliminate this issue. However, it would be very nice if Openconnect-GUI could work for unprivileged users, just like Cisco Anyconnect or Viscosity VPN client.

nmav commented 8 years ago

One way to achieve that would be to use ocproxy instead of the windows TAP driver and register as system socks5 proxy. Not sure how feasible is that, or how many applications could benefit (I guess browsers would).

ilvipero commented 7 years ago

Hello, One of my colleagues just found out that latest version of openvpn client (2.4.0) for windows no longer requires administrative privileges. Since OpenConnect GUI uses some components from OpenVPN, could this help?

link to OpenVPN 2.4.0 changelog: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst link to openvpn download: https://openvpn.net/index.php/open-source/downloads.html

Quote from changelog:

New interactive Windows service The installer starts OpenVPNServiceInteractive automatically and configures it to start at system startup. The interactive Windows service allows unprivileged users to start OpenVPN connections in the global config directory (usually C:\Program Files\OpenVPN\config) using OpenVPN GUI without any extra configuration. Users who belong to the built-in Administrator group or to the local "OpenVPN Administrator" group can also store configuration files under %USERPROFILE%\OpenVPN\config for use with the interactive service.

orev commented 6 years ago

This feature would be a game-changer, as it was for OpenVPN. Removing the admin rights requirement opens the door to much wider adoption.