Opened 13 years ago

Closed 12 years ago

Last modified 10 years ago

#154 closed Bug / Defect (invalid)

No client-to-client in server config, but also can ping other client which logined vpn

Reported by: amao Owned by:
Priority: major Milestone: release 2.2.2
Component: Networking Version: OpenVPN 2.2.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: client-to-client
Cc:

Description

Operating system :CentOS release 5.6 (Final)

Your ./configure command-line :./configure

[root@localhost openvpn]# openvpn --version
OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 12 2011
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

$ ./configure

Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL


When I login openvpn server (don't have client-to-client directive ) ,get ip: 10.9.0.156

Other people login this openvpn server ,get ip:10.9.0.102

On my computer ,

C:\Documents and Settings\USER>ipconfig
IP Address. . . . . . . . . . . . : 10.9.0.156
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.9.0.1

C:\Documents and Settings\USER>ping 10.9.0.102

Pinging 10.9.0.102 with 32 bytes of data:

Reply from 10.9.0.102: bytes=32 time=941ms TTL=127
Reply from 10.9.0.102: bytes=32 time=912ms TTL=127
Reply from 10.9.0.102: bytes=32 time=639ms TTL=127
Reply from 10.9.0.102: bytes=32 time=1478ms TTL=127

Ping statistics for 10.9.0.102:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 639ms, Maximum = 1478ms, Average = 992ms

Change History (6)

comment:1 Changed 13 years ago by amao

the client system is: windows xp
openvpn server include: topology subnet

comment:2 Changed 13 years ago by Samuli Seppänen

Milestone: release 2.2.1release 2.2.2

Moving to milestone 2.2.2

comment:3 Changed 12 years ago by David Sommerseth

Component: Generic / unclassifiedNetworking

Can you please provide server and client configuration for this setup? We need to try to reproduce this issue to see if this is expected or not. As in some configurations, this is expected behaviour.

comment:4 Changed 12 years ago by Gert Döring

not having client-to-client means "packets travel to the tun adaptor of the openvpn server, and then back to openvpn". So to actually stop packets from client A to reach client B, there needs to be a firewall filter on the server side tun adaptor.

comment:5 Changed 12 years ago by Samuli Seppänen

Resolution: invalid
Status: newclosed

In IrcMeetings IRC meeting on 8th Dec 2011 agreed that this is not a bug, but a configuration mistake. Closing as "invalid".

comment:6 Changed 10 years ago by debbie10t

Using --dev tap and removing --client-to-client will stop all intra-client traffic.

Note: See TracTickets for help on using tickets.