Preventing connection dropouts with AirVPN - UFW

Discussion in 'all things UNIX' started by Overdone, Oct 13, 2014.

Thread Status:
Not open for further replies.
  1. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    There's no need for this thread anymore. I decided to do run UFW after connecting to the VPN.
     
    Last edited: Oct 14, 2014
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I just use pfSense VMs as VPN clients. Works fine :)
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    If you are not planning on using Pfsense then I would recommend using UFW after the client connection. Obviously you are using linux since ufw is part of the mix. By using the client you can select ANY server or protocol for each connection session, and then reinforce security via UFW. This model would allow you to use one tun0 rule and be covered for any connection loss, or non-tunnel leaks of any kind. The client does that too if properly configured.

    I never rely upon a client for connection loss regardless of how well I understand their code. UFW (ip-tables frontend) is a very solid form of protection.

    I never ran into the problem you describe when I was using the config-gen setup on my linux box(s). Perhaps the client is causing this issue. Are you using the network lock feature on the client?

    I have examined my own connection logs and I find that using the client and then UFW is rock solid. I don't use their network lock since ufw provides what is needed along those lines.

    Mirimir, I wish I had the ability to use pfsense on all my computers. Pfsense doesn't like a whole bunch of laptop nics. For some reason desktops seem to come with compatible hardware more often. Rather than swapping out cards I am trying to budget for a nice pfsense hardware setup from their supporters.
     
  4. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    Ya, seems like I'll need to enable UFW after connecting to the VPN. I don't like that one beat though, I'll try to contact AirVPN and see what they've to say.


    EDIT: Maybe I need to allow access to my router, for some reason? I really don't know anything about this lol.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    You allow just two connections to/through the router: 1) the VPN server; and 2) renewing the DHCP lease. If you set up a static IP, then you just need to access the VPN server.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Linux will find the router when you boot/mount. ARPs to it regardless of the firewall rules. Even with UFW enabled and block out and block in on, you will look in the upper right corner and see it is connected (assuming you have given the OS your network keys previously).

    Overdone, I am going out on a limb here and saying that YOUR linux is connected to the router (shows connected as mentioned above) even though you can go nowhere. This is not a problem its because it finds it before the rules even "kick in".
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    Thread Closed. Thanks All for Participating!
     
Thread Status:
Not open for further replies.