To filter openvpn by user
You have to create a specific client config file. The file command will be execute at the login.
If you set a static ip you can control ip traffic by firewall.
EXAMPLE
Client Specific Overrides:
Common name: username (the same username used certificate name)
IPv4 Tunnel Network: 10.0.8.90/24 (static IP example )
Advanced :ifconfig-push 10.0.8.90 10.0.8.1 (Set a static ip for the client)
Add a rules to firewall 10.0.8.90 block or pass to your network. (filter the traffic for assigned IP)