Solved

Allow a User to add routes under Windows XP?

Posted on 2006-11-16
7
3,557 Views
Last Modified: 2012-08-13
As per the subject - we're trying to get OpenVPN + WiKID (2-factor auth) working, but at the end of connection as a User, the following occurs. It works great as Admin, but we're trying to get the whole secure remote user thing going here. Any help would be much appreciated.

Thu Nov 16 14:16:31 2006 NOTE: FlushIpNetTable failed on interface [65541] {EE5A936B-29FC-4843-8239-02546EAEC31A} (status=6) : The handle is invalid.  
Thu Nov 16 14:16:31 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:31 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:33 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:33 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:34 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:34 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:35 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:35 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:36 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:36 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:38 2006 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Nov 16 14:16:38 2006 route ADD 66.241.131.107 MASK 255.255.255.255 10.3.0.1
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=2]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 10.0.0.0 MASK 255.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 Initialization Sequence Completed
0
Comment
Question by:wysardry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 17959265
Fro, the IP helper docs:

"Note  This function executes a privileged operation. For this function to execute successfully, the caller must be logged on as a member of the Administrators group or the NetworkConfigurationOperators group." (http://msdn2.microsoft.com/en-gb/library/aa365860.aspx)

So adding the user to "NetworkConfigurationOperators" is the minimum prerequisite for that to work.
0
 

Author Comment

by:wysardry
ID: 17960214
Awesome, that seems to work great, but, as an opinion, would this be a security risk? They're going to need this access, obviously, but I have to present all options to my boss-types.
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960263
Well, if you need them to be able to change/add routes, there's hardly any way around that. And I'd rather temporarily give users a membership in that group rather than in the administrators group.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Expert Comment

by:jkr
ID: 17960390
BTW, there will be no way around this restriction anyway.
0
 

Author Comment

by:wysardry
ID: 17960475
Welp, that tears it then - I guess our policies will have to suck it up. :) Thanks much, jkr!
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960540
You're most welcome ;o)
0
 
LVL 3

Expert Comment

by:gorhon
ID: 23254638
Hello,

Run this OPENVPN in windows service. You already live.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question