Can other vpn users connect to my machine?

[txtseam 0]

Is it dangerous to allow all traffic in and out of the tun interface?

 

I noticed that via the tun device it has an IP address. Say my ip on tun0 is 10.4.29.50 and that I'm running a web server or Plex and it listens on all interfaces. Does this mean that other VPN users can connect to my 10.4.29.50 and use my services?

 

Should I be worried about this at all and start configuring my firewall to only let specific traffic out of the tun0 device?

[Staff 9972]

Is it dangerous to allow all traffic in and out of the tun interface?

 

I noticed that via the tun device it has an IP address. Say my ip on tun0 is 10.4.29.50 and that I'm running a web server or Plex and it listens on all interfaces. Does this mean that other VPN users can connect to my 10.4.29.50 and use my services?

 

Should I be worried about this at all and start configuring my firewall to only let specific traffic out of the tun0 device?

 

Hello,

 

in a VPN in which all nodes are trusted, direct connections between nodes inside the VPN can be desirable (to share resources, for example, and more). In a public service like ours nodes of course can not be trusted. Therefore we do not allow direct connections between nodes inside the VPN.

 

Kind regards

[zhang888 1066]

As a precaution, although 99.999% everything is perfectly configured on Air's side and it was verified

by many users over the years, it's a good idea to have your own firewall rules set on tun0 interface.

Not only it makes you more secure in case of failure on the provider side, but it also allows you to

have the ability to switch between providers and never worry that something is poorly configured on

their end. In other words, this shouldn't be a question, you should trust only your own setup always.

[iwih2gk 93]

As a precaution, although 99.999% everything is perfectly configured on Air's side and it was verified

by many users over the years, it's a good idea to have your own firewall rules set on tun0 interface.

Not only it makes you more secure in case of failure on the provider side, but it also allows you to

have the ability to switch between providers and never worry that something is poorly configured on

their end. In other words, this shouldn't be a question, you should trust only your own setup always.

 

 

Exactly.  I have always appreciated the way Air "tells" us to setup partitions of trust and/or our own firewall rules if desired.  Eddie tests solidly, but nothing is as sure fire as when a hobbyist user fortifies the system on their end, in tandem with Air's fine client and their behind the scenes support team.  Air teamed with a hobbyist user makes for a pretty formidable communication model.

[amair 6]

Anyone using ZoneAlarm free edition with AirVPN to block VPN users from connecting your machine/network?

Thanks in advance.

[Khariz 109]

No, because they can't do it anyway.

[eyes878 43]

Assuming no fault on AirVPN's side, which is very unlikely and has never happened before, they will not be able to connect to you unless you set the port to be forwarded via https://airvpn.org/ports