Allow XRDP access only via VPN access

I am running the software packages for the XRDP server and PiVPN among others in my DietPi installation. PiVPN runs with a DuckDNS DDNS entry, so that the RPI can be reached from the Internet.

I want to secure the RDP access so that it is not reachable from the free internet. Only if users are connected to the Raspberry via VPN, the access via RDP should be possible.

Do I have to modify the xrdp.ini file or others for this behavior?

Usually there is nothing to do as you system should not be reachable from outside world, as long as you don’t forward respective ports to the internet.