Let me preface this with: "I am not a network guru, I'm a hobbyist"!
That being said, I run ClearOS's VPN daemon on a few different ports. It lets me log in just fine, everything works, that's great.
I have a server running on a virtual machine. I do not want to forward a port to this server and I do not want to let users of this server (who will be semi-trusted) have the ability to connect to any VPN daemon on my system nor do I want this semi-trusted VPN to bridge to any physical network.
So, I don't know what to do. A different user group for the semi-trusted users? What should I do if I want to have two groups of users and two groups of VPN daemons, where one group of users can only access one group of daemons?
I've done some footwork on this but since I'm getting lost, I'd rather start over at step 1!