Opened 3 years ago

Closed 2 years ago

Last modified 5 weeks ago

#154 closed Bug / Defect (invalid)

No client-to-client in server config, but also can ping other client which logined vpn

Reported by: amao Owned by:
Priority: major Milestone: release 2.2.2
Component: Networking Version: 2.2.0
Severity: Not set (if unsure, select this one) Keywords: client-to-client
Cc:

Description

Operating system :CentOS release 5.6 (Final)

Your ./configure command-line :./configure

[root@localhost openvpn]# openvpn --version
OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 12 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

$ ./configure

Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL


When I login openvpn server (don't have client-to-client directive ) ,get ip: 10.9.0.156

Other people login this openvpn server ,get ip:10.9.0.102

On my computer ,

C:\Documents and Settings\USER>ipconfig
IP Address. . . . . . . . . . . . : 10.9.0.156
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.9.0.1

C:\Documents and Settings\USER>ping 10.9.0.102

Pinging 10.9.0.102 with 32 bytes of data:

Reply from 10.9.0.102: bytes=32 time=941ms TTL=127
Reply from 10.9.0.102: bytes=32 time=912ms TTL=127
Reply from 10.9.0.102: bytes=32 time=639ms TTL=127
Reply from 10.9.0.102: bytes=32 time=1478ms TTL=127

Ping statistics for 10.9.0.102:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 639ms, Maximum = 1478ms, Average = 992ms

Change History (6)

comment:1 Changed 3 years ago by amao

the client system is: windows xp
openvpn server include: topology subnet

comment:2 Changed 3 years ago by samuli

  • Milestone changed from release 2.2.1 to release 2.2.2

Moving to milestone 2.2.2

comment:3 Changed 2 years ago by dazo

  • Component changed from Generic / unclassified to Networking

Can you please provide server and client configuration for this setup? We need to try to reproduce this issue to see if this is expected or not. As in some configurations, this is expected behaviour.

comment:4 Changed 2 years ago by cron2

not having client-to-client means "packets travel to the tun adaptor of the openvpn server, and then back to openvpn". So to actually stop packets from client A to reach client B, there needs to be a firewall filter on the server side tun adaptor.

comment:5 Changed 2 years ago by samuli

  • Resolution set to invalid
  • Status changed from new to closed

In IrcMeetings IRC meeting on 8th Dec 2011 agreed that this is not a bug, but a configuration mistake. Closing as "invalid".

comment:6 Changed 5 weeks ago by debbie10t

Using --dev tap and removing --client-to-client will stop all intra-client traffic.

Note: See TracTickets for help on using tickets.