VPN-Only Traffic


Sometimes it makes sense to tunnel all traffic through VPN. With UFW it is simple to achieve on a Linux box with the following commands:

sudo ufw allow in to
sudo ufw allow out to
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any

Disable IPv6

As IPv6 doesn’t do very good with VPN disable it by the following steps:

  1. Edit /etc/sysctl.conf

     sudo nano /etc/sysctl.conf

    and add the following lines:

  2. Edit /etc/default/ufw

     sudo nano /etc/default/ufw

    and set IPV6 to “no”

Finally enable UFW:

sudo ufw enable


On Raspberry Pi UFW doesn’t start automatically after reboot. To fix that issue:

  1. Edit /lib/systemd/system/ufw.service

     sudo nano /lib/systemd/system/ufw.service
  2. Add the following line to the [Unit] section:


Reboot Raspberry Pi and type

sudo ufw status

It should show status as Active and the rules we defined earlier.