Linux - Kill-switch using the Uncomplicated Firewall (UFW)
Step 1: Let’s update your fresh install ubuntu.
sudo apt update
Step 2: Now that its already updated let’s move on to installing an uncomplicated firewall
sudo apt install ufw
Step 3: Okay, let’s not forget our VPN client installation of course.
sudo apt install OpenVPN
Step 4: You can skip this part if you don’t use ipv6same as me, The following commands are intended only for persons disabling ipv6.
sudo apt install vim
sudo vim /etc/default/ufw
Step 5: changing [ipv6=yes]into [IPv6=no] then hit [esc] and press :wq to save and quit edit. Now ufw is already installed and configured in /etc/default/ufw Let’s download our VPN configuration file which can be used to connect on our desired VPN servers, Now let’s navigate to the VPN integrations section then click OpenVPN after that it will redirect you to another page in the bottom part of it you will find different Download Config.
Step 5: So we already downloaded the VPN configuration file then that’s the time to fire up your console terminal and locate the directory where the VPN configuration file was installed. In order to connect to your desired VPN server here’s the command.
sudo openvpn --config file.ovpn
Step 7: Here’s another trick to improve your security while using OpenVPN to limit some issues while using root since we are using OpenVPN as root.
sudo openvpn --user <username> --group <groupname> --config file.ovpn
Step 8: Another option for security while using OpenVPN for the person that is more paranoid than me.
sudo openvpn --user <username>--group <groupname> --auth-nocache --mssfix --config file.ovpn
Step 9: Knowing that option — mssfixMTU(Maximum Transmission Units) sizing issues and
--auth-nocache to avoid caching the username and password in virtual memory. Here’s the success established VPN connection log.
Step 10: We already verified that our VPN configuration file is working, Now is the time to configure the ports using ufw.
sudo ufw default deny incoming
sudo ufw default deny routed
sudo ufw default deny outgoing
Step 11: You’re connected to the wifi but ain’t got any internet access, Good, now let us add another command.
sudo ufw allow out on tun0 #tunnel interface for vpn
sudo ufw allow out on tun0 to any port 443 proto <udp/tcp> #https
sudo ufw allow out on tun0 to any port 80 proto <udp/tcp> #http
sudo ufw allow out on tun0 to any port 22 proto <udp/tcp> #ssh
Step 12: Let’s get the IP and port of our VPN based on the configuration file that we have using cat <vpn-file> | head.
Step 13: Take a look at the remote section, Our IP 188.8.131.52, and our port 1194 in TCP protocol, Let’s add the IP and port.
sudo ufw allow out to 184.108.40.206 port 1194 proto tcp
Step 14: In the DNS part you can use 220.127.116.11, 18.104.22.168, 22.214.171.124.
sudo ufw allow out on tun0 to 126.96.36.199 port 53
Step 15: or you can use this simple command.
sudo ufw allow 53/udp
sudo ufw enable
Step 16: Done. Reverting and debugging the process if you still have no internet access you can try this command.
sudo ufw default allow outgoing, sudo ufw reset or sudo ufw disable