I am looking for a way to stop clients from seeing each other. So what I am after is to not allow 10.9.0.1/24 to ping 10.9.0.2/24 or even see each other. Don't want anyone scanning there neighbors.
Server is still in testing but has 4 openvpn instances running on CentOS 7, latest openvpn. I need this for several 100 people so I do not want to input something for each, but will do what it takes. I know the tun is acting like a router on a stick, but I know other vpn services have this figured out. Thanks for any insight!
client Config:
dev tun
proto udp
remote x.x.x.x 80
remote x.x.x.x 443
remote x.x.x.x 8080
remote x.x.x.x 4433
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert client2.crt
key client2.key
cipher AES-256-CBC
ns-cert-type server
#tls-auth ta.key 1
Server Config:
port 443
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh dh2048.pem
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.9.0.1"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
;tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 250
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4
mute 20
Client to Client issue
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
