Communicate between OpenVPN hosts
-
Hi, I'm having trouble configuring pfSense instance version 2.6.0. Namely, I created an openVPN server with addressing and forwarding all traffic through my default gateway. I want individual hosts in the subnet - client/user computers to be unable to communicate with each other and with the Internet, only to one public IP address and to a host in the VPN network, which is a backup server, and engineers/help desk computers to have access to all machines among themselves on a given network. I created an alias that contains a pool of IP addresses for clients/users, firewall rules that theoretically block traffic between client machines, disabled dhcp v4 and v6 server, set high static addresses for engineers hosts and backup server, added a filewall rule, which blocks traffic to the Internet. The results I got are:
- client computers correctly connect to the OpenVPN server, receive "in turn" IP addresses from the ovpn pool, do not have access to the Internet, are connected to the service hosted on a public IP address
- client computers SEE EACH OTHER NAME, namely when I run ICMP/ping between two hosts via OpenVPN addressing, I get a response, the same when I want to connect via remote desktop/RDP - for me it is a very important issue that client hosts do not have communication between each other
Is there anyone kind enough to help me or tell me what the configuration should look like so that hosts in the ovpn network can't see each other? I was thinking of enabling static ARP instead of using dynamic, but I'm afraid that only applies to LANs. I've read that firewall rules don't apply when host-to-host communications are on the same subnet via ARP.