{"id":119,"date":"2008-04-03T15:45:41","date_gmt":"2008-04-03T13:45:41","guid":{"rendered":"http:\/\/michauko.org\/blog\/2008\/04\/03\/openvpn-openvpn-gui-droits-admin-et-add-route\/"},"modified":"2009-10-08T15:23:22","modified_gmt":"2009-10-08T13:23:22","slug":"openvpn-openvpn-gui-droits-admin-et-add-route","status":"publish","type":"post","link":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/","title":{"rendered":"OpenVPN, OpenVPN GUI, droits admin et \u00ab\u00a0add route\u00a0\u00bb…"},"content":{"rendered":"

Si vous avez besoin de donner un acc\u00e8s OpenVPN sur des PC Windows \u00e0 des personnes n’\u00e9tant pas admin de leur poste (ce qui est largement raisonnable), il y a 2\/3 pi\u00e8ges. Je vous fais part de mes recherches sur le sujet. Au final, c’est possible. Ouf !
\nLes pi\u00e8ges sont :
\n– pouvoir acc\u00e9der \u00e0 l’interface virtuelle en tant que non-admin
\n– pouvoir ajouter des routes en tant que non-admin
\n– pouvoir utiliser proprement le OpenVPN GUI en tant que non-admin.<\/p>\n

Acc\u00e9der \u00e0 l’interface r\u00e9seau virtuelle<\/h1>\n

OpenVPN 2.0 ne permet pas d’exploiter la carte virtuelle si vous n’\u00eates pas admin, d’apr\u00e8s ce que j’en comprends vu la remarque sur la version 2.1 sur le site<\/a> : <\/p>\n

TAP-Win32 adapter can now be opened from non-administrator mode<\/pre>\n
En fait sur ce sujet, avec OpenVPN 2.0, je ne sais plus si j’avais simplement un probl\u00e8me pour acc\u00e9der \u00e0 l’interface virtuelle ou pour cr\u00e9er des \u00ab\u00a0routes\u00a0\u00bb ou les 2. J’ai opt\u00e9 pour la 2.1 RC7 (et tant pis si ce n’est pas la finale).<\/p>\n
Pour r\u00e9soudre \u00e0 coup s\u00fbr ce probl\u00e8me, utilisez la version 2.1.<\/p>\n
Ajouter des \u00ab\u00a0routes\u00a0\u00bb<\/h1>\n
Une fois que l’utilisateur sans droit est capable de lancer l’openvpn, vous vous chopez des erreurs sur vos routes ajout\u00e9es dans la conf de votre VPN histoire que tout ce petit monde communique avec le reste de votre infra. En effet, sous Windows, le \u00ab\u00a0add route\u00a0\u00bb est r\u00e9serv\u00e9 \u00e0 l’admin… ou plus simplement aux personnes du groupe \u00ab\u00a0Op\u00e9rateurs de configuration r\u00e9seau\u00a0\u00bb.
\nDonc ajoutez vos utilisateurs sans droits l\u00e0-dedans. Ils ne seront pas admin complet mais pourront d\u00e9j\u00e0 ab\u00eemer leur configuration r\u00e9seau…<\/p>\n
Impossible d’\u00e9crire des logs par le GUI<\/h1>\n
Si vous avez cette erreur, pensez \u00e0 donner les droits d’\u00e9criture sur tout le r\u00e9pertoire C:\\Program Files\\OpenVPN\\log<\/code>, pour tout le monde, ou, moins bourrin, pour votre utilisateur.
\nNotez : le GUI OpenVPN est int\u00e9gr\u00e9 \u00e0 OpenVPN 2.1 maintenant. Ce n’est pas le cas avec le package 2.0<\/p>\n
Cette fois, c’est bon, votre utilisateur presque-sans-droit peut faire du VPN et massacrer involontairement votre LAN depuis chez lui… :\/<\/p>\n","protected":false},"excerpt":{"rendered":"
Si vous avez besoin de donner un acc\u00e8s OpenVPN sur des PC Windows \u00e0 des personnes n’\u00e9tant pas admin de leur poste (ce qui est largement raisonnable), il y a 2\/3 pi\u00e8ges. Je vous fais …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[82,389,4],"tags":[186,188,187,185,168],"class_list":["post-119","post","type-post","status-publish","format-standard","hentry","category-pl","category-reseau-secu","category-windows","tag-add-route","tag-admin","tag-gui","tag-openvpn","tag-vpn"],"yoast_head":"\nOpenVPN, OpenVPN GUI, droits admin et "add route"... - Le blog de Michauko<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenVPN, OpenVPN GUI, droits admin et "add route"... - Le blog de Michauko\" \/>\n<meta property=\"og:description\" content=\"Si vous avez besoin de donner un acc\u00e8s OpenVPN sur des PC Windows \u00e0 des personnes n’\u00e9tant pas admin de leur poste (ce qui est largement raisonnable), il y a 2\/3 pi\u00e8ges. Je vous fais …\" \/>\n<meta property=\"og:url\" content=\"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/\" \/>\n<meta property=\"og:site_name\" content=\"Le blog de Michauko\" \/>\n<meta property=\"article:published_time\" content=\"2008-04-03T13:45:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2009-10-08T13:23:22+00:00\" \/>\n<meta name=\"author\" content=\"michauko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"michauko\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/\"},\"author\":{\"name\":\"michauko\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"headline\":\"OpenVPN, OpenVPN GUI, droits admin et \u00ab\u00a0add route\u00a0\u00bb…\",\"datePublished\":\"2008-04-03T13:45:41+00:00\",\"dateModified\":\"2009-10-08T13:23:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/\"},\"wordCount\":357,\"commentCount\":2,\"keywords\":[\"add route\",\"admin\",\"gui\",\"openvpn\",\"VPN\"],\"articleSection\":[\"planet-libre.org\",\"reseau et s\u00e9cu\",\"windows\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/\",\"name\":\"OpenVPN, OpenVPN GUI, droits admin et \\\"add route\\\"... - Le blog de Michauko\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\"},\"datePublished\":\"2008-04-03T13:45:41+00:00\",\"dateModified\":\"2009-10-08T13:23:22+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/openvpn-openvpn-gui-droits-admin-et-add-route-119\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenVPN, OpenVPN GUI, droits admin et \u00ab\u00a0add route\u00a0\u00bb…\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\",\"name\":\"Le blog de Michauko\",\"description\":\"Si tu ne comprends pas le titre de l'article, passe ton chemin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/michauko.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\",\"name\":\"michauko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"caption\":\"michauko\"},\"sameAs\":[\"http:\\\/\\\/michauko.org\\\/\"],\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/author\\\/randomized2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenVPN, OpenVPN GUI, droits admin et \"add route\"... - Le blog de Michauko","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/","og_locale":"fr_FR","og_type":"article","og_title":"OpenVPN, OpenVPN GUI, droits admin et \"add route\"... - Le blog de Michauko","og_description":"Si vous avez besoin de donner un acc\u00e8s OpenVPN sur des PC Windows \u00e0 des personnes n’\u00e9tant pas admin de leur poste (ce qui est largement raisonnable), il y a 2\/3 pi\u00e8ges. Je vous fais …","og_url":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/","og_site_name":"Le blog de Michauko","article_published_time":"2008-04-03T13:45:41+00:00","article_modified_time":"2009-10-08T13:23:22+00:00","author":"michauko","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"michauko","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/#article","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/"},"author":{"name":"michauko","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"headline":"OpenVPN, OpenVPN GUI, droits admin et \u00ab\u00a0add route\u00a0\u00bb…","datePublished":"2008-04-03T13:45:41+00:00","dateModified":"2009-10-08T13:23:22+00:00","mainEntityOfPage":{"@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/"},"wordCount":357,"commentCount":2,"keywords":["add route","admin","gui","openvpn","VPN"],"articleSection":["planet-libre.org","reseau et s\u00e9cu","windows"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/","url":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/","name":"OpenVPN, OpenVPN GUI, droits admin et \"add route\"... - Le blog de Michauko","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/#website"},"datePublished":"2008-04-03T13:45:41+00:00","dateModified":"2009-10-08T13:23:22+00:00","author":{"@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"breadcrumb":{"@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/michauko.org\/blog\/openvpn-openvpn-gui-droits-admin-et-add-route-119\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/michauko.org\/blog\/"},{"@type":"ListItem","position":2,"name":"OpenVPN, OpenVPN GUI, droits admin et \u00ab\u00a0add route\u00a0\u00bb…"}]},{"@type":"WebSite","@id":"https:\/\/michauko.org\/blog\/#website","url":"https:\/\/michauko.org\/blog\/","name":"Le blog de Michauko","description":"Si tu ne comprends pas le titre de l'article, passe ton chemin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/michauko.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9","name":"michauko","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","caption":"michauko"},"sameAs":["http:\/\/michauko.org\/"],"url":"https:\/\/michauko.org\/blog\/author\/randomized2\/"}]}},"_links":{"self":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/comments?post=119"}],"version-history":[{"count":3,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/119\/revisions"}],"predecessor-version":[{"id":781,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/119\/revisions\/781"}],"wp:attachment":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media?parent=119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/categories?post=119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/tags?post=119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}