Solved

Allow a User to add routes under Windows XP?

Posted on 2006-11-16
7
3,539 Views
Last Modified: 2012-08-13
As per the subject - we're trying to get OpenVPN + WiKID (2-factor auth) working, but at the end of connection as a User, the following occurs. It works great as Admin, but we're trying to get the whole secure remote user thing going here. Any help would be much appreciated.

Thu Nov 16 14:16:31 2006 NOTE: FlushIpNetTable failed on interface [65541] {EE5A936B-29FC-4843-8239-02546EAEC31A} (status=6) : The handle is invalid.  
Thu Nov 16 14:16:31 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:31 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:33 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:33 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:34 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:34 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:35 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:35 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:36 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:36 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:38 2006 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Nov 16 14:16:38 2006 route ADD 66.241.131.107 MASK 255.255.255.255 10.3.0.1
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=2]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 10.0.0.0 MASK 255.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 Initialization Sequence Completed
0
Comment
Question by:wysardry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 17959265
Fro, the IP helper docs:

"Note  This function executes a privileged operation. For this function to execute successfully, the caller must be logged on as a member of the Administrators group or the NetworkConfigurationOperators group." (http://msdn2.microsoft.com/en-gb/library/aa365860.aspx)

So adding the user to "NetworkConfigurationOperators" is the minimum prerequisite for that to work.
0
 

Author Comment

by:wysardry
ID: 17960214
Awesome, that seems to work great, but, as an opinion, would this be a security risk? They're going to need this access, obviously, but I have to present all options to my boss-types.
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960263
Well, if you need them to be able to change/add routes, there's hardly any way around that. And I'd rather temporarily give users a membership in that group rather than in the administrators group.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 86

Expert Comment

by:jkr
ID: 17960390
BTW, there will be no way around this restriction anyway.
0
 

Author Comment

by:wysardry
ID: 17960475
Welp, that tears it then - I guess our policies will have to suck it up. :) Thanks much, jkr!
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960540
You're most welcome ;o)
0
 
LVL 3

Expert Comment

by:gorhon
ID: 23254638
Hello,

Run this OPENVPN in windows service. You already live.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question