Jump to content
Not connected, Your IP: 52.14.219.203

Recommended Posts

I am setting up AirVPN through OpenVPN on a raspberry pi, with ufw as a killswitch. I am new to all of this, but here is what I have so far.
Here is the output of ufw status, showing rules. The ufw default is to deny all incoming and outgoing traffic.
To                           Action      From
--                             ------          ----
Anywhere              ALLOW    127.0.0.1                 
Anywhere              ALLOW       172.16.0.0/16             
172.16.0.0/16           ALLOW       Anywhere                  
Anywhere on tun0  ALLOW       Anywhere                  
443                         ALLOW       Anywhere                  
Anywhere on tun  ALLOW       Anywhere                  
Anywhere (v6) on tun0   ALLOW       Anywhere (v6)             
443 (v6)                  ALLOW       Anywhere (v6)             
Anywhere (v6) on tun  ALLOW       Anywhere (v6)             

Anywhere               ALLOW OUT   Anywhere on tun0          
Anywhere               ALLOW OUT   Anywhere on tun           
53                            ALLOW OUT   Anywhere                  
Anywhere (v6)        ALLOW OUT   Anywhere (v6) on tun0     
Anywhere (v6)        ALLOW OUT   Anywhere (v6) on tun      
53 (v6)                     ALLOW OUT   Anywhere (v6)

The local network and loopback are allowed. VPN traffic, on tun0 is allowed. Port 53 is allowed for DNS. 

Here is my ovpn config file. Comes from the config generator, but with the up and down script for systemd added.
client
dev tun
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
remote america.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
<ca>
then keys.

With UFW disabled, openvpn works. When ufw is turned on while vpn is running, I get the repeating message:
2022-02-08 23:44:57 write UDP: Operation not permitted (code=1)
and the connection does not work.

Thanks in advance for any help :)
 

Share this post


Link to post

Some additional information from /var/log/ufw.log, many entries of the following 2 lines:

Feb  3 23:47:13 raspberrypi-### kernel: [ 1196.775603] [UFW BLOCK] IN=eth0 OUT= MAC=33:33:00:01:00:03:cc:48:3a:48:84:e6:86:dd SRC=fe80:0000:0000:0000:904b:2a9a:273a:1515 DST=ff02:0000:0000:0000:0000:0000:0001:0003 LEN=70 TC=0 HOPLIMIT=1 FLOWLBL=301632 PROTO=UDP SPT=58606 DPT=5355 LEN=30

and its opposite (i think - out on eth0):
Feb  3 23:47:10 raspberrypi-### kernel: [ 1193.191846] [UFW BLOCK] IN= OUT=eth0 SRC=172.28.44.39 DST=172.28.47.255 LEN=49 TOS=0x00 PREC=0x00 TTL=64 ID=59073 DF PROTO=UDP SPT=42969 DPT=32412 LEN=29

can post full log if helpful.
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...