Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to prevent to discover and scan other connected openvpn clients?

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 624 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umm12
      last edited by

      hi guys.
      I using OpenVPN in pfSense and my clients can connecting to my openvpn and everythings is OK.
      but i have a question.
      when my clients will connecting to my openvpn server they can scan and discover other connected clients to openvpn. How i can prevent to discover and scan other connected openvpn clients?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @umm12
        last edited by

        @umm12 This isn't working?

        https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure.html#inter-client-communication

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        U 1 Reply Last reply Reply Quote 0
        • U
          umm12 @johnpoz
          last edited by umm12

          @johnpoz said in how to prevent to discover and scan other connected openvpn clients?:

          @umm12 This isn't working?

          https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure.html#inter-client-communication

          hi dear friend.
          when i unchecked inter-client-communication option on pfsense configuration , the connected clients can discover ip address of connected clients on this network but they can not doing communication with other connected clients and this is ok. but i want connected clients dont able to discover anything about connected clients to openvpn pfsense server like ip address and anything.
          in this picture our connected client can discover other connected clients ip adddress that i dont want this.
          pic.PNG

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @umm12
            last edited by

            If they can not talk to them.. What does it matter if they can arp for them?

            Who says your discovering anything - your listed there to do port scan even if arp fails.. With that setting doesn't mean you found anything.. Its going to port scan anyway.

            Are you in doing tun or tap? Pretty sure the interface for openvpn should come up with noarp set on the interface.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            U 1 Reply Last reply Reply Quote 0
            • U
              umm12 @johnpoz
              last edited by

              @johnpoz
              I using layer 3 tunnel mode.
              How i can disable arp on openvpn clients in pfSense?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.