How can one ensure that PPTP / OpenVPN will not allow clients connected to the tunnels to be able to interact with each others?
I never enabled bridging and enabled the following in iptables
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
As I know on OpenVPN it turned off by default. If you want to enable it you must add client-to-client to openvpn server config. Is applicable when running in routed mode (tun). If you're using bridged mode (tap), there doesn't seem to be an easy method to control client-to-client connections.
With PPTP you could block clients with iptables
# iptables -I FORWARD -s 10.8.0.0/24 -d 10.8.0.0/24 -j DROP
