PPTP with restrictive access to local network for connecting clients

Question

How can I restrict access to my local network for VPN-clients connecting to a VPN-server (PPTPD) located on my network?

I would like clients to be able to connect to my linux node running a VPN server (PPTP) over the internet in order to access a SMB-drive located at the same node, but still limit access to the local network.

I don't want all connecting clients to have access to all my other network devices, how can I prevent this?

Answer 1

Add an iptables rule that will reference your PPTP-server internal interface (facing the LAN) that VPN clients will match. Probably with the VPN IP addresses pool you are using for your PPTP server. In order to reach your LAN SMB servers VPN client's packet will need to cross your VPN server's LAN interface, there you will filter them out.