Openvpn – How to multiple clients of an openvpn server find each other

openvpn

I am bringing up an openvpn server that will support multiple clients into a private subnet. So on the private subnet the clients connecting will get IP addresses such as 10.8.0.10, 10.8.0.11, etc.

One of the facilities I need is for the clients to be able to find each other. Is there any easy and generally accepted way for a client to see the list of IP addresses has assigned to all clients?

I don't need DNS names or anything like that.

Best Answer

In the OpenVPN server configuration file, a prerequisite is the following directive:

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client

To facilitate the clients finding each other easily I would suggest dynamic DNS as the (just about) always present enterprise solution. To present a list of active clients you could perhaps either:

  • find a way of distributing or making available the openvpn-status.log to the clients?
  • distribute ping scripts or similar to clients, perhaps doing a reverse dns lookup for every live host?
  • have the clients register/deregister themselves in a custom db or file upon connection and have a scavenging mechanism of some sort. This alternative seems like totally reinventing the wheel, but no doubt it would be a fun way of spending an hour which adds nothing to the world of IT at large.
Related Topic