PCFreak Logo (c) Der PCFreak

OpenVPN without administrative privileges (nonpriviledged user) on Windows using the great Sophos SSL VPN Client

OpenVPN or also sometimes called SSL-VPN is a very cool VPN technology. Problem is, that a lot of client software that is compatible with OpenVPN only works if the user that initiates the connection has administrative privileges. I did a lot of investigation and my early solutions were

  • SecurePoint OpenVPN Client (in my opinion not very stable)
  • Scheduled Tasks at logon of a user that executes OpenVPN with highest privileges (could lead to privilege escalation)
  • … and a lot of other custom stuff I tried

All of the above solutions were not usable, instable or unsecure and could not be used in a corporate environment. Glad I found the

  • Sophos SSL VPN Client

This client is perfect! It has the following features:

  • compatible with OpenVPN
  • multilanguage support (Chinese, Danish, German, English, Spanish, Finnish, French, Italien, Japanese, Dutch, Norwegian, Polish, Portuguese, Russian, Swedish, Turkish)
  • when installed works without admin privileges (it uses a service)

So any of you that is searching for a working OpenVPN client for nonpriviledged users, this is your solution!

Now the question, where can you get the client? The client is bundled within the „Sophos UTM“ Firewall product and can usually only be used if you have an installation of the firewall running somewhere. Since there is also a free version of the firewall available for download, this is not a big problem:

  1. Download the latest ISO from ftp://ftp.astaro.com/UTM/v9/software_appliance/iso/
  2. Open the downloaded ISO with 7Zip
  3. Inside 7Zip navigate to …\latest_asg_XX_software.iso\install\rpm\client-openvpn-9.25-18.g09bbfdc.rb1.noarch.rpm\client-openvpn-9.25-18.g09bbfdc.rb1.noarch.cpio\.\var\confd\res\openvpn\ *Bild
  4. Extract „ssl-vpn-client-installer.exe“ and install it on your windows machine
  5. Copy your OpenVPN configuration file (*.ovpn) to „C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\<subfolder>\“ and establish a connection by right clicking the tray icon TrayIcon.

*The name of the *.cpio file may vary depending on your version of the ISO file

For me this is currently the best OpenVPN client. As far as I could see, there is no information within the „Sophos SSL VPN Client“ licenses, that prohibits the usage of the client.

1 Comment so far

  1. boris on Juni 12th, 2016

    Hello,
    I read ypur post about OpenVPN with nonadmin privilages at https://community.openvpn.net/openvpn/wiki/Nonprivileged#no1
    Must say great article. I run it and test it locally and it works. My question is did you try deploy this solution via GPO? Is it even possible or it a local solution?
    Thax in advanced