Opened 13 years ago

Closed 12 years ago

Last modified 10 years ago

#154 closed Bug / Defect (invalid)

No client-to-client in server config, but also can ping other client which logined vpn

Reported by: amao Owned by:
Priority: major Milestone: release 2.2.2
Component: Networking Version: OpenVPN 2.2.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: client-to-client


Operating system :CentOS release 5.6 (Final)

Your ./configure command-line :./configure

[root@localhost openvpn]# openvpn --version
OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 12 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

$ ./configure


When I login openvpn server (don't have client-to-client directive ) ,get ip:

Other people login this openvpn server ,get ip:

On my computer ,

C:\Documents and Settings\USER>ipconfig
IP Address. . . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :

C:\Documents and Settings\USER>ping

Pinging with 32 bytes of data:

Reply from bytes=32 time=941ms TTL=127
Reply from bytes=32 time=912ms TTL=127
Reply from bytes=32 time=639ms TTL=127
Reply from bytes=32 time=1478ms TTL=127

Ping statistics for

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 639ms, Maximum = 1478ms, Average = 992ms

Change History (6)

comment:1 Changed 13 years ago by amao

the client system is: windows xp
openvpn server include: topology subnet

comment:2 Changed 13 years ago by Samuli Seppänen

Milestone: release 2.2.1release 2.2.2

Moving to milestone 2.2.2

comment:3 Changed 13 years ago by David Sommerseth

Component: Generic / unclassifiedNetworking

Can you please provide server and client configuration for this setup? We need to try to reproduce this issue to see if this is expected or not. As in some configurations, this is expected behaviour.

comment:4 Changed 12 years ago by Gert Döring

not having client-to-client means "packets travel to the tun adaptor of the openvpn server, and then back to openvpn". So to actually stop packets from client A to reach client B, there needs to be a firewall filter on the server side tun adaptor.

comment:5 Changed 12 years ago by Samuli Seppänen

Resolution: invalid
Status: newclosed

In IrcMeetings IRC meeting on 8th Dec 2011 agreed that this is not a bug, but a configuration mistake. Closing as "invalid".

comment:6 Changed 10 years ago by debbie10t

Using --dev tap and removing --client-to-client will stop all intra-client traffic.

Note: See TracTickets for help on using tickets.