geofox 1 Posted ... Hi there, New to AirVPN, I have a question about security. (Sorry if it was answered elsewhere, I couldn’t find it). While testing (on iOS), it seems that everyone connected on the same server is able to see and communicate with each other. In the picture joined to this topic, I’ve launched a scan and a lot of client appeared. Some even have web services open to everyone. The first one I tried should not have been open to the public as it seems that the owner of this computer was not aware that whilst connected to the VPN, its service was on the VPN subnet and not only in his LAN anymore. I’ve stopped there and not checked other client (and won’t do anymore). I was a customer of another VPN provider and it seems that each client was unable to see/communicate with each other. (Their servers were probably configured to disallow that behavior). Please note that I’ve used the config generator and uses OpenVPN Connect on iOS. Is that behavior on AirVPN intended? If so, is there a configuration available in the OpenVPN config file/app to disallow communication with other clients ? Thanks and sorry for my english. 1 go558a83nk reacted to this Quote Share this post Link to post
Staff 9973 Posted ... Hello and thank you for the head up! The communications between the nodes inside the VPN have always meant to be blocked. Nodes can communicate inside the VPN only with common services, such as DNS server for example, since Air birth. We have found a flaw in the recent updated configuration and we have fixed it, can you please test again now? Should you find any further issue, please specify also which server(s) you experience the problem on. Kind regards Quote Share this post Link to post
geofox 1 Posted ... Hello, Happy to have given you the heads-up Testing now on Mirach and it seems that this issue is fixed as I cannot reach other client anymore. I've setup an open test server and I cannot communicate with it anymore so that's good! As that flaw is nasty in terms of security and privacy, is there a way to block such communications on the client side, maybe in the .ovpn config ? A lot of devices like NAS or iPhones don't have a configurable firewall so, sometimes, it's not an option. Please note that I also encountered an issue with Eddie right now (that I didn't have before you pushed the config changes). It seems that Eddie cannot perform its DNS check (Tries 3 times then disconnect - but, during the tests, I was able to query the DNS). I'm not in a very friendly environment in terms of openness of network right now but I'll try later on my own network.Thanks! Quote Share this post Link to post