OpenVPN for internet only, restrict access to other computers

  • I have OpenVPN setup for my use, everything works as intended; I can access my servers and the internet.

    What I want to do is provide a friend with access to my VPN, but I don't want him to have access to the server, just internet only. Unfortunately he is located in a country where almost all torrent sites are block. My idea is to provide him with VPN access through me to all the sites he needs. How can I go about achieving this?

  • There are two options.

    A. Create a secondary OpenVPN server and keep the two separated.
    B. Assign his user a static IP in the pool and create firewall rules to prevent access to your server. Under client specific overides you can add something like ifconfig-push to assign his client that IP.