OpenVPN for internet only, restrict access to other computers
I have OpenVPN setup for my use, everything works as intended; I can access my servers and the internet.
What I want to do is provide a friend with access to my VPN, but I don't want him to have access to the server, just internet only. Unfortunately he is located in a country where almost all torrent sites are block. My idea is to provide him with VPN access through me to all the sites he needs. How can I go about achieving this?
There are two options.
A. Create a secondary OpenVPN server and keep the two separated.
B. Assign his user a static IP in the pool and create firewall rules to prevent access to your server. Under client specific overides you can add something like ifconfig-push 192.168.1.200 255.255.255.0 to assign his client that IP.