Just like any other interface on a system or server, the tun and tap adapter interfaces can be filtered using your operating system appropriate firewall software. In many cases, both for routing and filtering purposes, it's best to logically place the OpenVPN server in a network-central location, such as at or near the border router. For homes, this is likely a cable or DSL modem. On corporate networks, this will generally be an actual core router such as a Cisco or Juniper edge device.

Depending on the platform and your own or business preferences, the firewall can be a separate device between the OpenVPN server and the unprotected Internet, or it can be software running on the same system as your OpenVPN server. Larger installations ...