From: Simon Rozman <simon@rozman.si>
To: Henning Ryll <henning.ryll@web.de>,
"wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Re: wireguard on multi user windows ?
Date: Mon, 30 Nov 2020 11:13:21 +0000 [thread overview]
Message-ID: <C32D3AC1-CDBA-4035-BDCE-2F566D939D63@rozman.si> (raw)
In-Reply-To: <trinity-8b39e676-4010-4d53-9bc2-9ca84bcf3a85-1606583048495@3c-app-webde-bap18>
Hi,
If your chief finds out, your company laptop is being used by your kid and wife, taken to kid's school and what not, *then*, your chief will get very very very unhappy. :)
Imagine your kid having a trojan horse running on his desktop, just locks the desktop, you borrow back the computer to do some company work. When you connect to your company, the trojan horse gets all the network access to your company resources your VPN connection allows.
The WireGuard tunnel profiles are bound to computer, not individual users with a reason: on Windows, VPN connects the entire computer to a network. Not just a particular user.
Sorry, WireGuard is and will remain "unusable" for such ill and unsafe practices like yours.
Regards, Simon
-----Original Message-----
From: WireGuard <wireguard-bounces@lists.zx2c4.com> on behalf of Henning Ryll <henning.ryll@web.de>
Date: Sunday, 29 November 2020 at 22.03
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: wireguard on multi user windows ?
Hello,
I'm looking for a (more or less) secure solution of installing and running wireguard.
In our family we have only one notebook running win10/64.
Since this is the only device with internet access it has to be reliable as possible. So we are running 4 accounts.
admin, father, mother, son. Of course only the admin has admin rights. But all users have operator rights because the notebook is taken to different locations i.e. at school, to friends, during holiday.
I'm running OpenVPN to do my homework with this notebook too. And because my openvpn.p12 file is protected by a password my family can not use it because the did not know my password. Even if they have physical access to it.
But with wireguard there is no such protection. And with the new wireguard for windows the key files have been moved.
And as far as i undertstud everybody in the operator group can start the wireguard tunnel.
But my chief will be very very unhappy if this will occur ....
How to install wireguard on a multiuser system. And only the owner of a keyfile can run his tunnel?
Other users may be able to run other tunnels.
Or is wireguard still unuseable for me and I have to stay at OpenVPN?
Henning
next prev parent reply other threads:[~2020-11-30 11:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-28 17:04 Henning Ryll
2020-11-30 11:13 ` Simon Rozman [this message]
2020-11-30 11:31 ` Jason A. Donenfeld
2020-11-30 11:59 Henning Ryll
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C32D3AC1-CDBA-4035-BDCE-2F566D939D63@rozman.si \
--to=simon@rozman.si \
--cc=henning.ryll@web.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).