Discussion in 'all things UNIX' started by Overdone, Oct 13, 2014.
There's no need for this thread anymore. I decided to do run UFW after connecting to the VPN.
I just use pfSense VMs as VPN clients. Works fine
If you are not planning on using Pfsense then I would recommend using UFW after the client connection. Obviously you are using linux since ufw is part of the mix. By using the client you can select ANY server or protocol for each connection session, and then reinforce security via UFW. This model would allow you to use one tun0 rule and be covered for any connection loss, or non-tunnel leaks of any kind. The client does that too if properly configured.
I never rely upon a client for connection loss regardless of how well I understand their code. UFW (ip-tables frontend) is a very solid form of protection.
I never ran into the problem you describe when I was using the config-gen setup on my linux box(s). Perhaps the client is causing this issue. Are you using the network lock feature on the client?
I have examined my own connection logs and I find that using the client and then UFW is rock solid. I don't use their network lock since ufw provides what is needed along those lines.
Mirimir, I wish I had the ability to use pfsense on all my computers. Pfsense doesn't like a whole bunch of laptop nics. For some reason desktops seem to come with compatible hardware more often. Rather than swapping out cards I am trying to budget for a nice pfsense hardware setup from their supporters.
Ya, seems like I'll need to enable UFW after connecting to the VPN. I don't like that one beat though, I'll try to contact AirVPN and see what they've to say.
EDIT: Maybe I need to allow access to my router, for some reason? I really don't know anything about this lol.
You allow just two connections to/through the router: 1) the VPN server; and 2) renewing the DHCP lease. If you set up a static IP, then you just need to access the VPN server.
Linux will find the router when you boot/mount. ARPs to it regardless of the firewall rules. Even with UFW enabled and block out and block in on, you will look in the upper right corner and see it is connected (assuming you have given the OS your network keys previously).
Overdone, I am going out on a limb here and saying that YOUR linux is connected to the router (shows connected as mentioned above) even though you can go nowhere. This is not a problem its because it finds it before the rules even "kick in".
Thread Closed. Thanks All for Participating!
Separate names with a comma.