2

This, rather than a question, is a request to confirm how an OpenVPN server works.

I have an OpenVPN server to which I will connect desktop computers and mobile devices of different users. For security reasons, all the machines must be able to connect to the Internet through this VPN, but without any of them being able to find out what other devices are connected to the same OpenVPN server and without being able to access those devices.

A trivial example: if a user has a shared folder or any other working service on their computer, it should not be visible to other users connected to the same OpenVPN server.

All this is a given in a commercial VPN, but since this is a private VPN, I'm not sure if this security setting is already so by default.

To do a verification, I used server-side and client-side nmap to discover connected devices in a simple test with only two devices connected. These are the results:

server side:

# nmap -sn 10.8.0.0/24

Starting Nmap 7.60 ( https://nmap.org ) at 2021-08-13 12:07 CEST
Nmap scan report for 10.8.0.2
Host is up (0.089s latency).
Nmap scan report for 10.8.0.3
Host is up (0.44s latency).
Nmap scan report for myVPN (10.8.0.1)
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 49.81 seconds

client side:

nmap -sn 10.8.0.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2021-08-13 12:24 CEST
Nmap scan report for 10.8.0.3
Host is up (0.00022s latency).
Nmap done: 256 IP addresses (1 host up) scanned in 3.40 seconds

So, is everything already working the way I want it to?

Francesco Galgani
  • 471

1 Answers1

2

In the OpenVPN server configuration file, you will find the following directive:

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

By default this directive is commented out, so this works the way you want. You may check the configuration file if you wish to be sure.

harrymc
  • 480,290
  • Thank you, clear and complete answer. I only add, for those who want to see in its entirety the sample configuration file, to look here: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/server.conf In a typical installation of Ubuntu Server, the configuration file is located in /etc/openvpn/server/server.conf – Francesco Galgani Aug 13 '21 at 13:06