I have an Asus RT-AC88U running on stock firmware (Version 220.127.116.11.386.41700). I have created an OpenVPN server so that my brother can access my NAS from his home remotely. I have DDNS set up on the router. I can connect from his home to the VPN without issue. However, I noticed that when he is connected to my VPN, he then has access to all IP addresses on my home network not just the NAS. Is it possible to restrict his access to only my NAS local IP for example: 192.168.1.201. I don't know if this has to be done on the OpenVPN side or with iptables / firewall. Either way I don't know if this is even possible.