I wish to run two VPN servers, which this software allows (via ports). I have generated a separate set of ca's and server keys for each, with respective client keys for clients in the two sets of users who will connect to the relevant VPN server. Everything is working so far.
What I want is:
For VPN1 to redirect the client's internet BUT DISALLOW access to the LAN local to the VPN server.
For VPN2 to redirect the client's internet AND allow access to the LAN local to the VPN server.
Is this possible with OpenVPN, or do I have to configure something elsewhere on the router? Sample server config follows for VPN1, VPN2 has push "route 10.10.0.0 255.255.0.0" extra.
Server Config
# Automatically generated configuration
daemon
server 10.8.0.0 255.255.255.0
proto udp
port 52918
dev tun21
cipher BF-CBC
comp-lzo yes
keepalive 15 60
verb 3
push "dhcp-option DOMAIN sample.com"
push "dhcp-option DNS 10.10.0.1"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
keepalive 50 120
user nobody
group nobodyroot