Configure your firewall to only allow the VPN the access they need. The device is likely tun0
. DD-WRT should be using an iptables based firewall. Depending on memory you could look at installing shorewall
or shorewall-lite
.
In your case you likely want a REJECT policy for the device and rules to accept
- related and established traffic.
- incoming connections to your NAS
- incoming connections to your remote desktop
- incoming connections to your DNS if you push DNS servers
- access to the Internet for everything, or limited access if you prefer
If you only push a route to your network from the VPN users Internet access should be via their existing connection and you won't need to allow them access. However, this may allow access to your services via a proxy on the connecting servers. It is up to you to assess the risk.
What are you shooting for here? What is on your home network that you want outside people to connect to? A computer? A file server? A media server? – JohnThePro – 2012-04-20T20:30:51.997
I want to expose a remote desktop and a NAS to a few select people. I could expose all of them directly to the internet but would prefer to go through a VPN tunnel first. But at the same time I dont want these people to be able to "hide" behind my internet through the VPN. – None – 2012-04-20T20:47:13.843