how to prevent to discover and scan other connected openvpn clients?
-
hi guys.
I using OpenVPN in pfSense and my clients can connecting to my openvpn and everythings is OK.
but i have a question.
when my clients will connecting to my openvpn server they can scan and discover other connected clients to openvpn. How i can prevent to discover and scan other connected openvpn clients? -
-
@johnpoz said in how to prevent to discover and scan other connected openvpn clients?:
@umm12 This isn't working?
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure.html#inter-client-communication
hi dear friend.
when i unchecked inter-client-communication option on pfsense configuration , the connected clients can discover ip address of connected clients on this network but they can not doing communication with other connected clients and this is ok. but i want connected clients dont able to discover anything about connected clients to openvpn pfsense server like ip address and anything.
in this picture our connected client can discover other connected clients ip adddress that i dont want this.
-
If they can not talk to them.. What does it matter if they can arp for them?
Who says your discovering anything - your listed there to do port scan even if arp fails.. With that setting doesn't mean you found anything.. Its going to port scan anyway.
Are you in doing tun or tap? Pretty sure the interface for openvpn should come up with noarp set on the interface.
-
@johnpoz
I using layer 3 tunnel mode.
How i can disable arp on openvpn clients in pfSense?