How can multiple clients of an openvpn server find each other?
Solution 1:
In the OpenVPN server configuration file, a prerequisite is the following directive:
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
To facilitate the clients finding each other easily I would suggest dynamic DNS as the (just about) always present enterprise solution. To present a list of active clients you could perhaps either:
- find a way of distributing or making available the openvpn-status.log to the clients?
- distribute ping scripts or similar to clients, perhaps doing a reverse dns lookup for every live host?
- have the clients register/deregister themselves in a custom db or file upon connection and have a scavenging mechanism of some sort. This alternative seems like totally reinventing the wheel, but no doubt it would be a fun way of spending an hour which adds nothing to the world of IT at large.
Solution 2:
Here is the original link supporting the OpenVPN 2.x client-to-client feature:
https://openvpn.net/index.php/open-source/documentation/howto.html#scope
Uncomment this directive to allow different clients to be able to "see" each other. By default, clients will only see the server. To force clients to only see the server, you will also need to appropriately firewall the server's TUN/TAP interface.
;client-to-client
Uncomment out the above client-to-client directive if you would like connecting clients to be able to reach each other over the VPN. By default, clients will only be able to reach the server.
Next, ask yourself if you would like to allow network traffic between client2's subnet (192.168.4.0/24) and other clients of the OpenVPN server. If so, add the following to the server config file.
client-to-client
push "route 192.168.4.0 255.255.255.0"
This will cause the OpenVPN server to advertise client2's subnet to the other connecting clients.