Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Allow a User to add routes under Windows XP?

Posted on 2006-11-16
7
Medium Priority
?
3,586 Views
Last Modified: 2012-08-13
As per the subject - we're trying to get OpenVPN + WiKID (2-factor auth) working, but at the end of connection as a User, the following occurs. It works great as Admin, but we're trying to get the whole secure remote user thing going here. Any help would be much appreciated.

Thu Nov 16 14:16:31 2006 NOTE: FlushIpNetTable failed on interface [65541] {EE5A936B-29FC-4843-8239-02546EAEC31A} (status=6) : The handle is invalid.  
Thu Nov 16 14:16:31 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:31 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:33 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:33 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:34 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:34 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:35 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:35 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:36 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:36 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:38 2006 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Nov 16 14:16:38 2006 route ADD 66.241.131.107 MASK 255.255.255.255 10.3.0.1
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=2]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 10.0.0.0 MASK 255.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 Initialization Sequence Completed
0
Comment
Question by:wysardry
  • 4
  • 2
7 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 2000 total points
ID: 17959265
Fro, the IP helper docs:

"Note  This function executes a privileged operation. For this function to execute successfully, the caller must be logged on as a member of the Administrators group or the NetworkConfigurationOperators group." (http://msdn2.microsoft.com/en-gb/library/aa365860.aspx)

So adding the user to "NetworkConfigurationOperators" is the minimum prerequisite for that to work.
0
 

Author Comment

by:wysardry
ID: 17960214
Awesome, that seems to work great, but, as an opinion, would this be a security risk? They're going to need this access, obviously, but I have to present all options to my boss-types.
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960263
Well, if you need them to be able to change/add routes, there's hardly any way around that. And I'd rather temporarily give users a membership in that group rather than in the administrators group.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Expert Comment

by:jkr
ID: 17960390
BTW, there will be no way around this restriction anyway.
0
 

Author Comment

by:wysardry
ID: 17960475
Welp, that tears it then - I guess our policies will have to suck it up. :) Thanks much, jkr!
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960540
You're most welcome ;o)
0
 
LVL 3

Expert Comment

by:gorhon
ID: 23254638
Hello,

Run this OPENVPN in windows service. You already live.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question