• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

how to prevent to discover and scan other connected openvpn clients?

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 648 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U
    umm12
    last edited by Sep 4, 2021, 3:26 AM

    hi guys.
    I using OpenVPN in pfSense and my clients can connecting to my openvpn and everythings is OK.
    but i have a question.
    when my clients will connecting to my openvpn server they can scan and discover other connected clients to openvpn. How i can prevent to discover and scan other connected openvpn clients?

    J 1 Reply Last reply Sep 4, 2021, 5:01 AM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @umm12
      last edited by Sep 4, 2021, 5:01 AM

      @umm12 This isn't working?

      https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure.html#inter-client-communication

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      U 1 Reply Last reply Sep 4, 2021, 6:32 AM Reply Quote 0
      • U
        umm12 @johnpoz
        last edited by umm12 Sep 4, 2021, 6:37 AM Sep 4, 2021, 6:32 AM

        @johnpoz said in how to prevent to discover and scan other connected openvpn clients?:

        @umm12 This isn't working?

        https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure.html#inter-client-communication

        hi dear friend.
        when i unchecked inter-client-communication option on pfsense configuration , the connected clients can discover ip address of connected clients on this network but they can not doing communication with other connected clients and this is ok. but i want connected clients dont able to discover anything about connected clients to openvpn pfsense server like ip address and anything.
        in this picture our connected client can discover other connected clients ip adddress that i dont want this.
        pic.PNG

        J 1 Reply Last reply Sep 4, 2021, 11:32 AM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @umm12
          last edited by Sep 4, 2021, 11:32 AM

          If they can not talk to them.. What does it matter if they can arp for them?

          Who says your discovering anything - your listed there to do port scan even if arp fails.. With that setting doesn't mean you found anything.. Its going to port scan anyway.

          Are you in doing tun or tap? Pretty sure the interface for openvpn should come up with noarp set on the interface.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          U 1 Reply Last reply Sep 4, 2021, 2:01 PM Reply Quote 0
          • U
            umm12 @johnpoz
            last edited by Sep 4, 2021, 2:01 PM

            @johnpoz
            I using layer 3 tunnel mode.
            How i can disable arp on openvpn clients in pfSense?

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received