Development discussion of WireGuard
 help / color / mirror / Atom feed
* Using WireGuard on Windows as non-admin - proper solution?
@ 2020-11-12 15:18 vh217
  2020-11-13  2:16 ` Jason A. Donenfeld
  2020-11-21 10:05 ` Jason A. Donenfeld
  0 siblings, 2 replies; 39+ messages in thread
From: vh217 @ 2020-11-12 15:18 UTC (permalink / raw)
  To: wireguard

Hello,

I've been wondering about using WireGuard on Windows as a non-admin user.

I have seen Jason's reply in this regard [1] and I understand the 
rationale. This however effectively means that WireGuard can't be 
directly used on company-issued machines where users who need to connect 
to company servers are usually not given administrator rights.

So I would like to open up two discussion points:
1) Is this use case something WireGuard was even meant for? I.e. should 
we even try to bend wg to be able to do this kind of stuff?
2) If the answer is yes, what would be the least hacky/workaround-ey way 
to do it?

I found a couple solutions on the Internet to this problem [2], [3] but 
both of them seem to be kind of complicated for setting up with dozens 
of clients.

In my mind there are two ways about the solution:
1) Somehow allow the user to be able to perform this one administrative 
task.
2) Since wg is essentially quiet when not being used, leave the wg 
tunnel on at all times. (aka "fire [up] and forget")

The 1) is more or less covered in the solutions in [2] and [3] so that 
doesn't seem like a way if we want something easy.
That leaves us with 2) which seems to work fine, although we've run into 
an issue with overlapping routes, i.e. if the remote company LAN is 
something like 192.168.1.0/24 and wg server 172.17.1.1 and the wg adds a 
route "192.168.1.0/24 via 172.17.1.1" then when the client is physically 
present in the company their LAN stops working. This could probably be 
easily fixed by setting up route metric as a PostUp, though my 
Windows-route-fu is weak in this one.

Any input on this would be greatly appreciated, since the info on the 
Internet seems to be rather scattered around.

Also, if anyone has an idea on how to modify the route metric in the 
PostUp, I think that might be an elegant solution to this.

Thanks!

Viktor

[1] https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg04292.html
[2] 
https://www.reddit.com/r/WireGuard/comments/frizel/solution_managing_wireguard_on_windows_as_a/
[3] https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/



^ permalink raw reply	[flat|nested] 39+ messages in thread

end of thread, other threads:[~2022-04-24 20:12 UTC | newest]

Thread overview: 39+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-12 15:18 Using WireGuard on Windows as non-admin - proper solution? vh217
2020-11-13  2:16 ` Jason A. Donenfeld
2020-11-13 12:03   ` Der PCFreak
2020-11-15 15:28   ` Patrik Holmqvist
2020-11-19 16:56     ` Jason A. Donenfeld
2020-11-20 11:49       ` Patrik Holmqvist
2020-11-20 12:52         ` Jason A. Donenfeld
2020-11-20 13:10           ` Patrick Fogarty
2020-11-20 13:14           ` Patrik Holmqvist
2020-11-17 10:18   ` Viktor H
2020-11-26  7:09   ` Chris Bennett
2020-11-21 10:05 ` Jason A. Donenfeld
2020-11-22 12:55   ` Jason A. Donenfeld
2020-11-23 14:57     ` Fatih USTA
2020-11-24 23:42   ` Riccardo Paolo Bestetti
2020-11-25  1:08     ` Jason A. Donenfeld
2020-11-25  7:49       ` Riccardo Paolo Bestetti
2020-11-25 10:30         ` Jason A. Donenfeld
2020-11-25 11:45           ` Jason A. Donenfeld
2020-11-25 14:08             ` Riccardo Paolo Bestetti
     [not found]               ` <8bf9e364f87bd0018dabca03dcc8c19b@mail.gmail.com>
2020-11-25 20:10                 ` Riccardo Paolo Bestetti
2020-11-25 21:42                 ` Jason A. Donenfeld
2020-11-26  8:53                   ` Adrian Larsen
2020-11-28 14:28                     ` Jason A. Donenfeld
2020-11-29  9:30                       ` Adrian Larsen
2020-11-29 10:52                         ` Jason A. Donenfeld
2020-11-29 12:09                           ` Phillip McMahon
2020-11-29 12:50                             ` Jason A. Donenfeld
2020-11-29 13:40                               ` Phillip McMahon
2020-11-29 17:52                                 ` Jason A. Donenfeld
2020-11-29 19:44                                   ` Phillip McMahon
2020-11-29 20:59                                     ` Jason A. Donenfeld
2020-11-30 18:34                                       ` Riccardo Paolo Bestetti
2022-04-22 20:21                                       ` zer0flash
2020-11-30 12:47                                   ` Probable Heresy ;-) Peter Whisker
2020-12-02 13:40                                     ` Jason A. Donenfeld
2021-01-03 11:08                                       ` Christopher Ng
2020-11-25 12:40     ` AW: Using WireGuard on Windows as non-admin - proper solution? Joachim Lindenberg
2020-11-25 13:08       ` Jason A. Donenfeld

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).