Solved

Allow a User to add routes under Windows XP?

Posted on 2006-11-16
7
3,522 Views
Last Modified: 2012-08-13
As per the subject - we're trying to get OpenVPN + WiKID (2-factor auth) working, but at the end of connection as a User, the following occurs. It works great as Admin, but we're trying to get the whole secure remote user thing going here. Any help would be much appreciated.

Thu Nov 16 14:16:31 2006 NOTE: FlushIpNetTable failed on interface [65541] {EE5A936B-29FC-4843-8239-02546EAEC31A} (status=6) : The handle is invalid.  
Thu Nov 16 14:16:31 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:31 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:33 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:33 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:34 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:34 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:35 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:35 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:36 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:36 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:38 2006 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Nov 16 14:16:38 2006 route ADD 66.241.131.107 MASK 255.255.255.255 10.3.0.1
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=2]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 10.0.0.0 MASK 255.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 Initialization Sequence Completed
0
Comment
Question by:wysardry
  • 4
  • 2
7 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 17959265
Fro, the IP helper docs:

"Note  This function executes a privileged operation. For this function to execute successfully, the caller must be logged on as a member of the Administrators group or the NetworkConfigurationOperators group." (http://msdn2.microsoft.com/en-gb/library/aa365860.aspx)

So adding the user to "NetworkConfigurationOperators" is the minimum prerequisite for that to work.
0
 

Author Comment

by:wysardry
ID: 17960214
Awesome, that seems to work great, but, as an opinion, would this be a security risk? They're going to need this access, obviously, but I have to present all options to my boss-types.
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960263
Well, if you need them to be able to change/add routes, there's hardly any way around that. And I'd rather temporarily give users a membership in that group rather than in the administrators group.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 86

Expert Comment

by:jkr
ID: 17960390
BTW, there will be no way around this restriction anyway.
0
 

Author Comment

by:wysardry
ID: 17960475
Welp, that tears it then - I guess our policies will have to suck it up. :) Thanks much, jkr!
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960540
You're most welcome ;o)
0
 
LVL 3

Expert Comment

by:gorhon
ID: 23254638
Hello,

Run this OPENVPN in windows service. You already live.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question