I have followed Tom’s guide (https://www.youtube.com/watch?v=I61t7aoGC2Q) and have OpenVPN working on my Netgate SG-1100. However, I want to limit the VPN clients access to specific server(s) and NOT the entire network even though I am pushing a VLAN to the clients). How can I do this in pfsense/openvpn configuration?
I assume you created a firewall rule on the OpenVPN interface (or the setup wizard created it for you) that allows access from “any” or “OpenVPN net” to the network in question. Modify that rule so that the destination is not the entire network, but only the IP address of the server you want to allow access to. Use an alias if you need multiple destinations.
As above, you restrict / allow access on the OpenVPN network
Another option, enter the server ip’s in the allowed networks as /32 for example
192.168.10.2/32;192.168.10.5/32
To go further, if you want to get more specific with which users have what permissions this video covers that:
Thanks for the solution. I did not know the OpenVPN network could me managed like any other network through Pfsense firewall rules!