Setup Linux VPN Killswitch [UFW]

Let’s go straight to the point, First things first you need to have Linux installed and make sure that it’s already updated. Configuration in ufw applies to ubuntu, kali, and fedora based on my own experience through exploration.

Note, The importance of vpn killswitchis to keep you secure when starting to connect either public or personal private access points by not exposing your public internet protocol address which is called IP while surfing the web or conducting penetration testings.

Let’s update your fresh install ubuntu.

sudo apt update

Now that its already updated lets move on installing uncomplicated firewall.

sudo apt install ufw

Okay lets not forget our vpn client installation of course.

sudo apt install openvpn

You can skip this part if you dont use ipv6same as me, The following commands are intended only for persons disabling ipv6.

sudo apt install vim
sudo vim /etc/default/ufw

/etc/default/ufw

changing [ipv6=yes]into [IPv6=no] then hit [esc] and press :wq to save and quit edit. Now ufw is already installed and configured in /etc/default/ufw Let’s download our vpn configuration file which can be used to connect on our desired vpn servers, just for the demo I will use https://openinternetaccess.com which give free anonimity and privacy protection.

https://openinternetaccess.com

Now let’s navigate to vpn integrations section then click openvpn after that it will redirect you to another page in the bottom part of it you will find different Download Config sections and remember to solve the captcha.

https://openinternetaccess.com/OpenVPN-Service

So we already downloaded the vpn configuration file then thats the time to fire up your console terminal and locate the directory where the vpn configuration file was installed. In order to connect to your desired vpn server here’s the command.

sudo openvpn --config file.ovpn

Here’s another trick to improve your security while using openvpn to limit some issues while using root since we are using openvpn as root.

sudo openvpn --user <username> --group <groupname> --config file.ovpn

Another option for security while using openvpn for person that are more paranoid than me.

sudo openvpn --user <username>--group <groupname> --auth-nocache --mssfix --config file.ovpn

Knowing that option — mssfixMTU(Maximum Transmission Units) sizing issues and --auth-nocache to avoid caching the username and password in virtual memory. Here’s the success established vpn connection log.

successfull vpn conection

We already verified that our vpn configuration file is working, Now is the time to configure the ports using ufw.

sudo ufw default deny incoming
sudo ufw default deny routed
sudo ufw default deny outgoing

You’re connected to the wifi but ain’t got any internet access, Good, now let us add another command.

sudo ufw allow out on tun0 #tunnel interface for vpn
sudo ufw allow out on tun0 to any port 443 proto <udp/tcp> #https
sudo ufw allow out on tun0 to any port 80 proto <udp/tcp> #http
sudo ufw allow out on tun0 to any port 22 proto <udp/tcp> #ssh

Lets get the ip and port of our vpn based in configuration file that we have using cat <vpn-file> | head .

configfile.ovpn

Take a look at the remote section , Our ip 51.79.68.112 and our port 1194 in TCP protocol, Let’s add the ip and port.

sudo ufw allow out to 51.79.68.112 port 1194 proto tcp

In DNS part you can use 8.8.8.8 , 9.9.9.9 , 1.1.1.1 .

sudo ufw allow out on tun0 to 1.1.1.1 port 53

or you can use this simple command .

sudo ufw allow 53/tcp # sudo ufw allow 53/udp
sudo ufw enable
sudo ufw reload

Done. Reverting and debugging the process if you still have no internet access you can try this command.

sudo ufw default allow outgoing , sudo ufw reset or sudo ufw disable

This story medium moved from my old account medium Coderlava
Reference Url : https://medium.com/@okeykayow101/setup-linux-vpn-killswitch-ufw-773803f9b6d2

Developer Security Operations / Security Researcher / Coder