Update README

- Remove description about run-as-admin that is out-dated.
  Simply state that the GUI is supposed to be run as a limited user.

- Document persistent connections support in the GUI.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/540/head
Selva Nair 2022-08-11 10:52:58 -04:00
parent d83ec473ef
commit f6d844b71d
1 changed files with 35 additions and 17 deletions

View File

@ -97,27 +97,40 @@ may be optionally included. Example::
To get help with OpenVPN GUI please use one of the official `OpenVPN support To get help with OpenVPN GUI please use one of the official `OpenVPN support
channels <https://community.openvpn.net/openvpn/wiki/GettingHelp>`_. channels <https://community.openvpn.net/openvpn/wiki/GettingHelp>`_.
Running OpenVPN GUI as a Non-Admin user Running OpenVPN GUI
*************************************** *******************
OpenVPN 2.3.x and earlier bundle an OpenVPN GUI version (< 11) which has to be Run OpenVPN-GUI as normal user by double clicking on the icon. No
run as admin for two reasons administrative privileges or `runas-administrator` options are required.
It just works as limited user with the help of Interactive Service which
is enabled by default.
* OpenVPN GUI registry keys are stored in system-wide location Persistent or Pre-started connections
under HKEY_LOCAL_MACHINE, and they are generated when OpenVPN GUI was *************************************
launched the first time
* OpenVPN itself requires admin-level privileges to modify network settings
OpenVPN GUI 11 and later can make full use of the Interactive Service Starting release 2.5.8 (GUI version 11.30), OpenVPN GUI can
functionality in recent versions of OpenVPN. This changes a number of control connections started by the "automatic service"
things: (OpenVPNService) --- also referred to as persistent connections.
OpenVPNService, if running, starts all connection profiles
listed in the `config-auto` directory in the installation path.
* OpenVPN GUI can store its settings in user-specific part of the registry under By default, such connections are scanned for, and attempt is
HKEY_CURRENT_USER made to attach to their management interfaces if available.
* OpenVPN is able to delegate certain privileged operations, such as adding User can then view the status of these connections, and disconnect,
routes, to the Interactive service, removing the need to run OpenVPN with reconnect, detach or re-attach them using the menu items.
admin privileges. Note that for this to work the *OpenVPNServiceInteractive*
system service has to be enabled and running. It requires that such connections be started with
`--management 127.0.0.1 port [pw-file]` option in their config file.
`pw-file` containing a password is optional, but highly recommended.
Further, if `--auth-user-pass` or any such options requiring
interactive user input are present, the config file must also
contain `--management-query-passwords`.
This feature may be controlled by changing the `Persistent Connections`
setting in the `General` tab of the `Settings` menu: choose `auto`
for the default behaviour described above, `manual` to enumerate
and list such connections but not auto-attach, or `disable` to not scan
auto-started connection profiles.
Run Connect/Disconnect/Preconnect Scripts Run Connect/Disconnect/Preconnect Scripts
***************************************** *****************************************
@ -218,6 +231,11 @@ disable_save_passwords
Set to a nonzero value to disable the password save feature. Set to a nonzero value to disable the password save feature.
Default: 0 Default: 0
auto_config_dir
If persistent connection support is enabled and the so-called automatic
service (OpenVPNService) is running, any config files in this folder are
scanned and listed in the list of connection profiles.
User Preferences User Preferences
**************** ****************