OpenVPN and restricted access to LAN

Hello all
I am sorry if that questions was asked already (my search didn’t reveal much) and I am not quite sure it belongs to here or to “firewall rules”.

Questions are:

  1. Is it possible to assign a specific OpenVPN (internal) address to a specific user?
  2. if that is possible, can I use firewall rules to restrict access for that specific user to ressources/ips in the LAN?

I have two friends who should get openvpn access to my network, however, they aren’t supposed to see anything expect the one server/ip that I allow them to connect to (game servers).

Is that possible?

Hi and welcome to IPFire,
yes this is possible, take a look into the wiki --> .




Just to add to Erik’s post.
You can add a different subnet to the vpn setup.
This will keep your own vpn access separate and you can allocate them different rules.
In firewall allocate rules to the subnet for your friends and then follow those rules by a fall through block rule blocking all other access.
Be careful with the block rule, that you only select the specific subnet on your vpn otherwise you could block yourself or other access.