Re: OpenVPN installers with openvpn-gui pull request #13's code included
Samuli Seppänen <samuli <at> openvpn.net>
2016-02-12 08:51:43 GMT
Sending to the list also...
> PS> C:\> openvpnserv.exe -install
> PS> C:\> openvpnserv.exe -start automatic
> I suppose you mean openvpnserv.exe -start interactive
You're correct. My mistake.
> - Revert commit 2af86368964 in openvpn-gui
> We may want to do this only for 2.4 (or git master) based binary
> distributions. For 2.3 there is no interactive service and this
> "highestAvailable" may still be required (or at least expected by users).
> One way to handle this is to create a release branch on the GUI repo and
> revert the commit only in master. Then 2.3 installers can continue to
> use that release branch.
This sounds reasonable. That said, we should be able to know which GUI
version belong to the master branch, and which to the release branch.
Right now we just a single version number - 10 at the moment.
> - Make OpenVPN-GUI fail/warn if it can't reach interactive service
> In fact it may be ok to require the iservice to operate the GUI -- that
> is do not allow the GUI to directly start openvpn.exe -- running as
> admin will fail with a message then). But leave this for later?
I think we can leave this for later, as long as the Interactive Service
is enabled at install time. That way much fewer users will get this
> I think the installer should include the following commands
> (i) openvpnserv.exe -install <- this will install both auto and
> interactive services
> this is probably there in the current NSIS installer (the user can
> disable it by chosing not to install any service, but its not possible
> to install only one of those (not yet, at least).
Yes, this is done by default right now.
> (ii) openvpnserv.exe --start interactive
This is not done by default. I will add it to the installer code.
> Do not start the automatic service by default as that is meant for
> expert users. Else it will spawn-up openvpn.exe for all configs found
> and possibly mess-up with interactive use.
This is the default behavior right now, and we should keep it that way.
> - Relax OpenVPN's config file permissions, or...
> - ... make OpenVPN-GUI read configs from user's home dir by default
> With the pull #13, its now possible for the user to edit
> HKCU\Software\OpenVPN\config_dir to point the GUI to an alternate
> location for configs. Currently there are no access checks in the
> service, so any location with read access will work.
> Let's revisit this after the service is hardened to restrict configs and
> options. Then we can decide how to modify the installer to choose
> appropriate defaults for config_dir etc.
Having an easy method for configuring the OpenVPN configuration file
directory is needed in my opinion. Right now one has to launch
regedit.exe and change the path, or do some magic incantations in
Powershell - not exactly user-friendly.
> Given that OpenVPNService and OpenVPNServiceInteractive have been
> separated, replacing the non-interactive variant with openvpnserv2
> should not be too difficult.
> While the two services can be independently stopped and started the two
> are installed and removed together:
> openvpnserv.exe --install sets up two services OpenVPNService and
> OpenVPNServiceInteractive. So any replacement will have to use a name
> distinct from those. I think openvpnserv2 uses the same name
> "OpenVPNService" which will cause a conflict.
> In the long run it may be better to remove the automatic service
> completely from the openvpnsev.exe code.
Disabling the automatic service part in openvpnserv.exe should be fairly
straightforward. There's probably some simple routine which calls
Windows APIs to register the new services, which we could modify. Then
we also need to remove the old service in the installer/uninstaller.
OpenVPN Technologies, Inc
irc freenode net: mattock
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net