From f06af1b5ed5aea8acab359ca5ad84e6d5d854a54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Cola=C3=A7o?= <cfcolaco@gmail.com>
Date: Wed, 17 Jan 2018 19:20:04 +0000
Subject: [PATCH] added info on how to prevent clients to access internet.

---
 FAQ.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/FAQ.md b/FAQ.md
index 9dc8761..ff7cfe1 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -15,4 +15,12 @@ You will need a dynamic DNS service and a hostname. If your IP address changes,
 You can safely install pivpn on the same raspberry pi as your pi-hole install.  If you point your openvpn clients to the IP of your pi-hole for DNS (so they get ad blocking etc) then you will want to be sure to edit your /etc/dnsmasq.conf file too allow dns resolution from the vpn interface.
 look for this line: `listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1`
 Note your listen-address may just contain 127.0.0.1, the next IP should be the local IP of your pi-hole and the final IP, 10.8.0.1 is the PiVPN vpn interface.
-If you set this and have your vpn clients use 192.168.1.2 (in my example) as their DNS then you will get ad blocking over your VPN connections.
\ No newline at end of file
+If you set this and have your vpn clients use 192.168.1.2 (in my example) as their DNS then you will get ad blocking over your VPN connections.
+
+## Allow Clients to connect but block their access to the internet
+
+If you don't want your VPN clients to be able to access the internet simply comment the following line in `/etc/openvpn/server.con`
+
+````
+push "redirect-gateway def1"
+```
\ No newline at end of file