Jump to content
Not connected, Your IP: 3.135.249.119
geofox

Disable communication with other user

Recommended Posts

Hi there,

 

New to AirVPN, I have a question about security. (Sorry if it was answered elsewhere, I couldn’t find it).

 

While testing (on iOS), it seems that everyone connected on the same server is able to see and communicate with each other.

 

In the picture joined to this topic, I’ve launched a scan and a lot of client appeared. Some even have web services open to everyone. The first one I tried should not have been open to the public as it seems that the owner of this computer was not aware that whilst connected to the VPN, its service was on the VPN subnet and not only in his LAN anymore. I’ve stopped there and not checked other client (and won’t do anymore).

 

I was a customer of another VPN provider and it seems that each client was unable to see/communicate with each other. (Their servers were probably configured to disallow that behavior).

 

Please note that I’ve used the config generator and uses OpenVPN Connect on iOS.

 

Is that behavior on AirVPN intended? If so, is there a configuration available in the OpenVPN config file/app to disallow communication with other clients ?

 

Thanks and sorry for my english.

 

Share this post


Link to post

Hello and thank you for the head up!

 

The communications between the nodes inside the VPN have always meant to be blocked. Nodes can communicate inside the VPN only with common services, such as DNS server for example, since Air birth. We have found a flaw in the recent updated configuration and we have fixed it, can you please test again now? Should you find any further issue, please specify also which server(s) you experience the problem on.

 

Kind regards

Share this post


Link to post

Hello,

 

Happy to have given you the heads-up Testing now on Mirach and it seems that this issue is fixed as I cannot reach other client anymore. I've setup an open test server and I cannot communicate with it anymore so that's good!

 

As that flaw is nasty in terms of security and privacy, is there a way to block such communications on the client side, maybe in the .ovpn config ? A lot of devices like NAS or iPhones don't have a configurable firewall so, sometimes, it's not an option.

 

Please note that I also encountered an issue with Eddie right now (that I didn't have before you pushed the config changes). It seems that Eddie cannot perform its DNS check (Tries 3 times then disconnect - but, during the tests, I was able to query the DNS). I'm not in a very friendly environment in terms of openness of network right now but I'll try later on my own network.

Thanks!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...