Tutorial: Block Traffic Between VPN Clients – Free/paying customers info injection test

Abstract

Control access between VPN clients connected to your server with Access Server's access controls.

Overview

Access Server includes a setting that allows you to block traffic between connected VPN clients globally. When this option is enabled, VPN clients can still access network resources you've granted, such as internal servers or services, but they can't directly communicate with each other.

This is useful for isolating users and reducing the risk of lateral movement within your VPN.

Tip

Administrators and designated users can be granted exceptions to this restriction. This tutorial explains how to configure those overrides.

Prerequisites

An installed Access Server.
Configured user accounts.

Option 1: Turn off inter-client communication

Sign in to the Admin Web UI.
Click Access Controls.
Click the InterClient Communication tab.
Set Global InterClient Communication to Isolate all users.
Click Save and Restart.

Option 2: Allow administrator accounts to access VPN users

Sign in to the Admin Web UI.
Click Access Controls.
Click the InterClient Communication tab.
Set Global InterClient Communication to Admins can access all users.
Click Save and Restart.

Option 3: Allow a specific user to receive traffic from other VPN clients

Sign in to the Admin Web UI.
Click Users.
On the User Settings page, scroll down to the Networking section.
Check the box for Allow access from all other VPN clients.

Tip

When enabled, this user can receive traffic from other connected VPN clients, overriding the global client isolation setting if it's in place.
Click Save and Restart.
- The user is now configured to receive traffic from other VPN clients, even if global client isolation is enabled.