Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Stefan Puch <s.puch@web.de>
To: wireguard@lists.zx2c4.com
Subject: Actual plans for Windows client: PostUp/PreDown possible?
Date: Thu, 5 Nov 2020 00:14:47 +0100
Message-ID: <b2a38e9f-9e79-b821-b80c-4cff284f8f6b@web.de> (raw)

Hello!

I’d like to raise the question regarding an option for PostUp/PreDown with the
Windows client again, which was (to my research) first discussed here on the
mailing list at the beginning of December 2019 by Rémi and Jason A.

I thought about switching our OpenVPN setup to the modern Wireguard and started
reading if all my requirements could be fulfilled. So far I have some users with
no administrative privileges on their Windows computer when they want to connect
to a remote server in order to access some shared space (Samba filesystem).
Currently the users are using OpenVPN, which has a background service running
with admin rights (Windows service). Thus the users can simply use a shortcut on
the desktop to the OpenVPN-GUI including an appropriate config-file to connect
to the remote server. After the tunnel is established OpenVPN uses the
(optional) solution to place a batch file within the userspace
(%USERPROFILE%\OpenVPN\config) as CONFIG-NAME_up.bat / CONFIG-NAME_down.bat
where some stuff can be placed to mount a Samba filesystem after the connecting
and tunnel are established (net use z: \\10.0.0.1\data) and to unmount before
the tunnel is disconnected.

I’ve seen the concerns from Jason A. about spreading malware and the hint that
“Linux command line users can generally be trusted to check the config files
they're writing into /etc/wireguard”. From my point of view the same holds with
the solution provided from OpenVPN to use the batch files, which are optional,
can be checked by the user and have to be explicitly defined for each VPN profile.

Looking into the Windows specific todo list on the Wireguard homepage I didn’t
find any comments if this will be considered for later versions of the windows
client, if there will or won’t be a solution like this.

Maybe I have missed something, so my question would be, if someone can tell me
something about the current status or a possible implementation?

Kind regards
Stefan

             reply	other threads:[~2020-11-10 13:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-04 23:14 Stefan Puch [this message]
2020-11-11  5:45 ` Simon Rozman
2020-11-11  9:50   ` Stefan Puch
2020-11-11 13:23     ` Simon Rozman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b2a38e9f-9e79-b821-b80c-4cff284f8f6b@web.de \
    --to=s.puch@web.de \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git