Openvpn config client-to-client ?



  • Hi, i have a running open vpn server on my pfsense box. Problem is that the ping is very high between the client's since all traffic goes through the server. How do i add the –client-to-client argument ? Tried putting it in the advanced option but no result. Is it possible with pfsense version of openvpn ?

    In short i want open vpn configured as hamachi.


  • Rebel Alliance Developer Netgate

    client-to-client doesn't do what you're after.

    client-to-client only allows the clients to see each other, it doesn't cause them to send their packets directly.

    From the OpenVPN documentation:

    –client-to-client
                  Because the OpenVPN server mode handles multiple clients through
                  a  single tun or tap interface, it is effectively a router.  The
                  --client-to-client  flag  tells  OpenVPN  to  internally  route
                  client-to-client  traffic  rather than pushing all client-origi-
                  nating traffic to the TUN/TAP interface.

    When this option is used,  each  client  will  "see"  the  other
                  clients  which  are currently connected.  Otherwise, each client
                  will only see the server.  Don't use this option if you want  to
                  firewall tunnel traffic using custom, per-client rules.

    This option is available in pfSense on the remote access VPN server mode as "Inter-client communication"



  • @jimp:

    client-to-client doesn't do what you're after.

    client-to-client only allows the clients to see each other, it doesn't cause them to send their packets directly.

    From the OpenVPN documentation:

    –client-to-client
                  Because the OpenVPN server mode handles multiple clients through
                  a  single tun or tap interface, it is effectively a router.  The
                  --client-to-client  flag  tells  OpenVPN  to  internally  route
                  client-to-client  traffic  rather than pushing all client-origi-
                  nating traffic to the TUN/TAP interface.

    When this option is used,  each  client  will  "see"  the  other
                  clients  which  are currently connected.  Otherwise, each client
                  will only see the server.  Don't use this option if you want  to
                  firewall tunnel traffic using custom, per-client rules.

    This option is available in pfSense on the remote access VPN server mode as "Inter-client communication"

    So basically Openvpn can't do what i'm after ?


  • Rebel Alliance Developer Netgate

    Not that I'm aware of, no. Not unless you manually setup a mesh of tunnels.

    You might look into Tinc.



  • @jimp:

    Not that I'm aware of, no. Not unless you manually setup a mesh of tunnels.

    You might look into Tinc.

    I see, i will take a look =).