From: vh217@werehub.org
To: wireguard@lists.zx2c4.com
Subject: Using WireGuard on Windows as non-admin - proper solution?
Date: Thu, 12 Nov 2020 16:18:42 +0100 [thread overview]
Message-ID: <3415567b-5441-f3b1-7a38-f0bae3a14cfc@werehub.org> (raw)
Hello,
I've been wondering about using WireGuard on Windows as a non-admin user.
I have seen Jason's reply in this regard [1] and I understand the
rationale. This however effectively means that WireGuard can't be
directly used on company-issued machines where users who need to connect
to company servers are usually not given administrator rights.
So I would like to open up two discussion points:
1) Is this use case something WireGuard was even meant for? I.e. should
we even try to bend wg to be able to do this kind of stuff?
2) If the answer is yes, what would be the least hacky/workaround-ey way
to do it?
I found a couple solutions on the Internet to this problem [2], [3] but
both of them seem to be kind of complicated for setting up with dozens
of clients.
In my mind there are two ways about the solution:
1) Somehow allow the user to be able to perform this one administrative
task.
2) Since wg is essentially quiet when not being used, leave the wg
tunnel on at all times. (aka "fire [up] and forget")
The 1) is more or less covered in the solutions in [2] and [3] so that
doesn't seem like a way if we want something easy.
That leaves us with 2) which seems to work fine, although we've run into
an issue with overlapping routes, i.e. if the remote company LAN is
something like 192.168.1.0/24 and wg server 172.17.1.1 and the wg adds a
route "192.168.1.0/24 via 172.17.1.1" then when the client is physically
present in the company their LAN stops working. This could probably be
easily fixed by setting up route metric as a PostUp, though my
Windows-route-fu is weak in this one.
Any input on this would be greatly appreciated, since the info on the
Internet seems to be rather scattered around.
Also, if anyone has an idea on how to modify the route metric in the
PostUp, I think that might be an elegant solution to this.
Thanks!
Viktor
[1] https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg04292.html
[2]
https://www.reddit.com/r/WireGuard/comments/frizel/solution_managing_wireguard_on_windows_as_a/
[3] https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/
next reply other threads:[~2020-11-12 23:35 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 15:18 vh217 [this message]
2020-11-13 2:16 ` Jason A. Donenfeld
2020-11-13 12:03 ` Der PCFreak
2020-11-15 15:28 ` Patrik Holmqvist
2020-11-19 16:56 ` Jason A. Donenfeld
2020-11-20 11:49 ` Patrik Holmqvist
2020-11-20 12:52 ` Jason A. Donenfeld
2020-11-20 13:10 ` Patrick Fogarty
2020-11-20 13:14 ` Patrik Holmqvist
2020-11-17 10:18 ` Viktor H
2020-11-26 7:09 ` Chris Bennett
2020-11-21 10:05 ` Jason A. Donenfeld
2020-11-22 12:55 ` Jason A. Donenfeld
2020-11-23 14:57 ` Fatih USTA
2020-11-24 23:42 ` Riccardo Paolo Bestetti
2020-11-25 1:08 ` Jason A. Donenfeld
2020-11-25 7:49 ` Riccardo Paolo Bestetti
2020-11-25 10:30 ` Jason A. Donenfeld
2020-11-25 11:45 ` Jason A. Donenfeld
2020-11-25 14:08 ` Riccardo Paolo Bestetti
[not found] ` <8bf9e364f87bd0018dabca03dcc8c19b@mail.gmail.com>
2020-11-25 20:10 ` Riccardo Paolo Bestetti
2020-11-25 21:42 ` Jason A. Donenfeld
2020-11-26 8:53 ` Adrian Larsen
2020-11-28 14:28 ` Jason A. Donenfeld
2020-11-29 9:30 ` Adrian Larsen
2020-11-29 10:52 ` Jason A. Donenfeld
2020-11-29 12:09 ` Phillip McMahon
2020-11-29 12:50 ` Jason A. Donenfeld
2020-11-29 13:40 ` Phillip McMahon
2020-11-29 17:52 ` Jason A. Donenfeld
2020-11-29 19:44 ` Phillip McMahon
2020-11-29 20:59 ` Jason A. Donenfeld
2020-11-30 18:34 ` Riccardo Paolo Bestetti
2022-04-22 20:21 ` zer0flash
2020-11-30 12:47 ` Probable Heresy ;-) Peter Whisker
2020-12-02 13:40 ` Jason A. Donenfeld
2021-01-03 11:08 ` Christopher Ng
2020-11-25 12:40 ` AW: Using WireGuard on Windows as non-admin - proper solution? Joachim Lindenberg
2020-11-25 13:08 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3415567b-5441-f3b1-7a38-f0bae3a14cfc@werehub.org \
--to=vh217@werehub.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).