OpenVPN is a setup that needs to be done on the server, and has got nothing to do with Rails. AFAIK you cant restrict a part of the web-app to be accessible only over VPN, unless ofcourse, you have a different web-app for such admin area, bind it/run it on a different IP, which is accessible only through VPNs like these.
An ideal setup would be.
x.x.x.x:80 - Public Web-App used by Users.
y.y.y.y:MNOP - Private Secure Web-App used by Admins
VPN access to y.y.y.y network over secure SSL Tunnel using Open VPN.
Refer: https://openvpn.net/index.php/open-source/documentation/howto.html to know how to setup VPN. Or else, there are lots of tutorials out there to help you out.