VPN Only UFW Setup

• Information Required
• Disbale IPv6
• Disable IPv6 in UFW
• Allow LAN Traffic (Optional)
• Make UFW Deny by Default
• Allow Connection to VPN Server
• Force Outbound traffic through VPN Interface
• Allow Inbount traffic through VPN (Optional)
• Enable UFW
• Troubleshooting
• Related

Information Required

• VPN Server IP Address (Pre Resolved if it is a URL)
• VPN Port Number
• VPN Layer 4 Protocol UDP or TCP

Disbale IPv6

sudo nano /etc/sysctl.conf

Ensure the following 3 lines are present

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

apply changes

sudo sysctl -p

Disable IPv6 in UFW

sudo nano /etc/default/ufw

Change
From:
IPV6=yes
To:
IPV6=no

Disable the firewall as it is being configured

sudo ufw disable

Allow LAN Traffic (Optional)

sudo ufw allow in to 10.0.2.0/24
sudo ufw allow out to 10.0.2.0/24

Make UFW Deny by Default

sudo ufw default deny outgoing
sudo ufw default deny incoming

Allow Connection to VPN Server

sudo ufw allow out to 999.999.999.999 port 9999 proto udp

Force Outbound traffic through VPN Interface

sudo ufw allow out on tun0 from any to any

Allow Inbount traffic through VPN (Optional)

This step is optional because established/reply connection are accounted for above. This step is only required if you want the internet to be able to establish connections to you.

sudo ufw allow in on tun0 from any to any

Enable UFW

sudo ufw enable

Troubleshooting

Unable to connect

Pre Resolve url to ip address and add it into /etc/hosts.
You computer is configured to ONLY communicate via the VPN.
Resolving DNS of the server to IP address before establishing the VPN is not going to happen.

Related

• HMA VPN Setup Using Network Manager
• How to make a Virtual Box Virtual Disk Read Only