1

I have been using openvpn with UFW as a killswitch without issue, but now my internet stops working when I enable UFW after VPN conection is made. Ifconfig shows a tun0. I have been using the following rules:

sudo ufw reset
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow out on tun0 from any to any
sudo ufw enable

I always disable UFW, then establish VPN connection, confirm VPN is working, then enable UFW, Then use working VPN connection with the enabled UFW.

But now when I enable the UFW, I don't have access to the net. I'm not sure if this is a bug or something as I has been working previously without issue. The rules are basic and are as per GNU/LINUX UFW VPN KILLSWITCH TUTORIAL and several other tutorials.

David Foerster
  • 36,890
  • 56
  • 97
  • 151
mel-94
  • 11

2 Answers2

0

The rules you set deny all outgoing, but allow on tun0.

But the VPN traffic has to be allowed out on a real interface, either wlan or ethernet! Thus the tunnel will cease working the moment you enable the firewall, as the packets can not leave the local machine.

Remember that VPN works by creating a virtual interface on your computer. It takes traffic from this interface, encrypts it, and transmits it to a remote VPN server. This transmission has to be allowed.

Add a firewall rule that allows VPN out to the VPN server's IP address, and relevant port. Typically this is 1194 for OpenVPN. This is mentioned in step five of the tutorial you're linking to.

vidarlo
  • 23,497
-2

Usually, the easiest thing to do is to set

DEFAULT_FORWARD_POLICY="ACCEPT"

in /etc/default/ufw

Chibueze Opata
  • 97