VPN-Only Traffic

network

Sometimes it makes sense to tunnel all traffic through VPN. With UFW it is simple to achieve on a Linux box with the following commands:

sudo ufw allow in to 192.168.1.0/24
sudo ufw allow out to 192.168.1.0/24
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any

Disable IPv6

As IPv6 doesn’t do very good with VPN disable it by the following steps:

  1. Edit /etc/sysctl.conf

     sudo nano /etc/sysctl.conf
    

    and add the following lines:

     net.ipv6.conf.all.disable_ipv6=1
     net.ipv6.conf.default.disable_ipv6=1
     net.ipv6.conf.lo.disable_ipv6=1
    
  2. Edit /etc/default/ufw

     sudo nano /etc/default/ufw
    

    and set IPV6 to “no”

Finally enable UFW:

sudo ufw enable

Troubleshooting

On Raspberry Pi UFW doesn’t start automatically after reboot. To fix that issue:

  1. Edit /lib/systemd/system/ufw.service

     sudo nano /lib/systemd/system/ufw.service
    
  2. Add the following line to the [Unit] section:

     After=netfilter-persistent.service
    

Reboot Raspberry Pi and type

sudo ufw status

It should show status as Active and the rules we defined earlier.

Resources