Solved

Allow a User to add routes under Windows XP?

Posted on 2006-11-16
7
3,520 Views
Last Modified: 2012-08-13
As per the subject - we're trying to get OpenVPN + WiKID (2-factor auth) working, but at the end of connection as a User, the following occurs. It works great as Admin, but we're trying to get the whole secure remote user thing going here. Any help would be much appreciated.

Thu Nov 16 14:16:31 2006 NOTE: FlushIpNetTable failed on interface [65541] {EE5A936B-29FC-4843-8239-02546EAEC31A} (status=6) : The handle is invalid.  
Thu Nov 16 14:16:31 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:31 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:33 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:33 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:34 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:34 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:35 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:35 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:36 2006 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Nov 16 14:16:36 2006 Route: Waiting for TUN/TAP interface to come up...
Thu Nov 16 14:16:38 2006 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Nov 16 14:16:38 2006 route ADD 66.241.131.107 MASK 255.255.255.255 10.3.0.1
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=2]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 route ADD 10.0.0.0 MASK 255.0.0.0 10.7.0.178
Thu Nov 16 14:16:38 2006 ROUTE: route addition failed using CreateIpForwardEntry: Network access is denied.   [if_index=65541]
Thu Nov 16 14:16:38 2006 Route addition via IPAPI failed
Thu Nov 16 14:16:38 2006 Initialization Sequence Completed
0
Comment
Question by:wysardry
  • 4
  • 2
7 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 17959265
Fro, the IP helper docs:

"Note  This function executes a privileged operation. For this function to execute successfully, the caller must be logged on as a member of the Administrators group or the NetworkConfigurationOperators group." (http://msdn2.microsoft.com/en-gb/library/aa365860.aspx)

So adding the user to "NetworkConfigurationOperators" is the minimum prerequisite for that to work.
0
 

Author Comment

by:wysardry
ID: 17960214
Awesome, that seems to work great, but, as an opinion, would this be a security risk? They're going to need this access, obviously, but I have to present all options to my boss-types.
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960263
Well, if you need them to be able to change/add routes, there's hardly any way around that. And I'd rather temporarily give users a membership in that group rather than in the administrators group.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 86

Expert Comment

by:jkr
ID: 17960390
BTW, there will be no way around this restriction anyway.
0
 

Author Comment

by:wysardry
ID: 17960475
Welp, that tears it then - I guess our policies will have to suck it up. :) Thanks much, jkr!
0
 
LVL 86

Expert Comment

by:jkr
ID: 17960540
You're most welcome ;o)
0
 
LVL 3

Expert Comment

by:gorhon
ID: 23254638
Hello,

Run this OPENVPN in windows service. You already live.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now