added info on how to prevent clients to access internet.

FAQ.md

@@ -15,4 +15,12 @@ You will need a dynamic DNS service and a hostname. If your IP address changes,
 You can safely install pivpn on the same raspberry pi as your pi-hole install.  If you point your openvpn clients to the IP of your pi-hole for DNS (so they get ad blocking etc) then you will want to be sure to edit your /etc/dnsmasq.conf file too allow dns resolution from the vpn interface.
 look for this line: `listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1`
 Note your listen-address may just contain 127.0.0.1, the next IP should be the local IP of your pi-hole and the final IP, 10.8.0.1 is the PiVPN vpn interface.
-If you set this and have your vpn clients use 192.168.1.2 (in my example) as their DNS then you will get ad blocking over your VPN connections.
+If you set this and have your vpn clients use 192.168.1.2 (in my example) as their DNS then you will get ad blocking over your VPN connections.
+
+## Allow Clients to connect but block their access to the internet
+
+If you don't want your VPN clients to be able to access the internet simply comment the following line in `/etc/openvpn/server.con`
+
+````
+push "redirect-gateway def1"
+```