Reject inter-client communication

In certain scenarios, it may be desirable to prevent VPN clients communicating with one another. For example, when running a public VPN service through UH VPN.

This can be achieved by disabling the “Add Forwarding Rules” button on the UH VPN server settings page and instead inserting your own rules into iptables on your server as follows:

iptables --append FORWARD -s 172.31.255.0/24 -d 172.31.255.0/24 -j DROP
iptables --append FORWARD -s 172.31.255.0/24 -j ACCEPT

Modify the above example to suit your tunnel network (replace 172.31.255.0/24 as appropriate). These rules will drop inter-client communication, but allow all other communication.

Tip

Use the iptables-save package to persist iptables rules between reboots.