[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote: > > Wrong list, probably, but anyone here any experience of setting up the > OpenVPN client on a Win box? Almost likely to be Win7, but possibly the > odd XP or Vista... Just want to know how easy (or hard) it might be... > (For your typical sales dude who won't have a clue) Hard, but for all the wrong reasons (sigh). The software itself is easy but Microsoft Windows permissions that are the pain. In particular Microsoft Windows is very picky over who can add routes (probably a fix to some evil hacking that took place before). Thus you want the installer run as Administrator and the GUI itself set to run as Administrator and for some reason the installer doesn't or can't ensure these permissions happen when it runs (sigh). Note this is "As Administrator" not as a user who is an "admin" user - that isn't quite the same thing, at least not on all versions of Microsoft Windows with different types of domain configuration. Also some boxes we noted that the config files (typically you have to save 4 for each VPN connection unless you have a trusted certificate - CA, client.key client.crt client.ovpn) became read-only as soon as they were written - I found the logic of this eventually something to do with file permissions not OpenVPN. I've seen differences between Windows 7 Professional and Windows 7 Home. Documentation suggests Vista is different in little ways as well. Also hit some issue where it needs a delay before the virtual interface is ready (documented but a bit fiddly). > They'll need to do it to browse network shares on a seclection of > file-servers (running samba) and possibly in the future email access if we > move their email from hosted to in-house.. Once OpenVPN runs with the right permissions you can push pretty much everything via the server configuration files. When it works it is exceptionally good the weakness is the Windows installer and permissions. The "proprietary" version of the Windows installer client installer might be "better". Hard to know if it is deliberately like that, or they are struggling vainly against the complexity of Windows permissions. Also it gets messy if you want more than one concurrent VPN tunnel to do with having multiple TAP interfaces or some such. But I guess you know if you want that or not. I like the software, and I want more people to use it to iron out these sort of issues. But I'd say fine if you install the client, or even if you know the configurations and can write detailed instructions for each case, or an IT person installs it, but for end users it will just result in painful phone calls while you explain "right click, Run as Administrator, urm sorry which versions of Windows is this, does it have a Start Button".... Maybe if you used one of those desktop sharing apps to do the install remotely..... -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq