Yes, piece of cake!
Your WindowsXP box would need to become the default route for all your other computers. I do this often using a similar technique to tunnel traffic through an HTTP proxy firewall.
Couple things you need to do:
On your ubuntu server, locate the sshd.conf file and enable, if not already
GatewayPorts yes
Install Putty on your WinXP computer and configure a connection from WinXP to your Ubuntu server and under the Tunnels section, create some tunnel entries making sure to check the box "Local ports accept connections from other hosts", then use some random unprivledged ports. You should have a list like so:
L5000 1.2.3.4:443 where 5000 is the local port you listen on and 1.2.3.4 is your ubuntu server.
Now you need to enable Routing and Remote Access service under the services (right click My Computer, manage & navigate to services section). Once enabled, need to edit the following RegKey:
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Parameters and look for something like “IPEnableRouter”. Double click on it and turn the value from 0 to 1 and reboot your computer.
After the reboot, pop open a command prompt and type some commands:
netsh routing ip nat install
netsh routing ip nat add interface "if-public" full (where if-public is the interface used to connect to ubuntu server)
netsh routing ip nat add interface "if-private" private
It should be obvious that your WinXP machine cannot be using DHCP; you'll need static IP assignments here.
Allow access by service application. I don't have an OpenVPN box available at the moment, but I think you should be able to allow access based with a command such as:
ufw allow OpenVPN
You can see if you can use open VPN like this by running:
ufw app list
Which will show those service applications which ufw is aware of.
In the case of no OpenVPN profile, you could try using ufw to only allow outbound connections on that interface to port 1194 (or whatever port the OpenVPN server is accepting connections on.) Something like:
sudo ufw deny out to any
sudo ufw allow out 1194/udp
(assuming a stock OpenVPN setup.)
This wouldn't limit it to just OpenVPN...but the only leak possibility would be something else using that port and UDP....and the chances of that are pretty low.
To get more secure that port filtering, you would have to use something more substantial than ufw. AppArmor or SELinux, I believe, would be your next step, without having to step up to true Layer 7 firewall appliances.
Best Answer
You can control it using the ListenAddress directive available in your ssh daemon config file
Something Like
Reach the line:
Uncomment if necessary, and edit it accordingly to your vpn configuration, something like:
Restart the daemon
Check if it works
Keep in mind you can also tune your firewall rules to further restrict access to certain subnet / ports, in this case your vpn network
Hope it helps