I have just set up L2PT VPN server using RRaS on a Windows 2012 R2 server. I can connect to this machine from the internet and access the local network. This works perfectly.
I would however like to block internet access for the connected users so that they cannot browse (or download) anything from the internet over the VPN connection. They should only be able to access the local network, nothing else.
I can't find any guides for how to do this, any suggestions?
You could either block the http/https traffic via ports 80 and 443 to addresses outside your local network with the Windows firewall or you could disable common web browsers via software restriction policies.
You might limit your group policies to certain users or use WMI filters to tailor everything to your needs.
Solved this by setting which IPs the VPN users get and blocking those IP's in the router (DD-WRT) using the build in filtering for HTTP and HTTPS.