I'm trying to setup an OpenVPN connection to a company server so that anyone working from home or is out of the office can access our internal resources.
I have the VPN setup correctly, using a guide on Digital Ocean's blog (written for 16.04).
I can connect from an outside line, ping the internal servers and devices and access their resources. This works great.
However, we want to limit the connection to only internal resources. We don't want to pass through an internet connection via the OpenVPN, which isn't the typical use for a VPN (masking connection, by-passing Geoblocking or just encrypting your connection).
Is this possible? I know obviously the VPN connection needs to be able to talk to the client, but outside this I want to block all connections to the web otherwise.
The server in question is also a VM running on another machine.
Best Answer
It is possible to just access the internal resources without internet connection, i think this is actually the usual scenario for using OpenVPN. So if you followed some guide to setup OpenVPN server, there were also some steps that allowed forwarding clients traffic to the internet, you'll need to undo those steps. I think you should start with commenting this line in server.conf
Then pushing a DNS server for clients should be disabled by commenting out lines that look like
Ofcourse you'll need to reload OpenVpn conf after making the changes.
And then disabling packet forwarding out to the internet
And to make disabling forwarding permanent you'll also have to edit
commenting line
By now i think clients shouldn't anymore be able to access the internet through VPN.