Hi all, I’m trying to have my rpi5 running raspberry OS communicate with the Internet only through the tun0 interface (vpn). For this I wanted to create a ufw ruleset. Unfortunately, I’ve hit a roadblock and I can’t figure out where I’m going wrong.

Can you help me discover why this ruleset doesn’t allow Internet communication over tun0? When I disable ufw I can access the Internet.

The VPN connection is already established, so it should keep working, right?

I hope you can help me out!

This is the script with the ruleset: sudo ufw reset

Set default policies

sudo ufw default deny incoming

sudo ufw default deny outgoing

Allow SSH access

sudo ufw allow ssh

Allow local network traffic

sudo ufw allow from 192.168.0.0/16

sudo ufw allow out to 192.168.0.0/16

Allow traffic through VPN tunnel

sudo ufw allow in on tun0

sudo ufw allow out on tun0

Add routing between interfaces (I read its necessary, not sure why?)

sudo ufw route allow in on tun0 out on wlan0

sudo ufw route allow in on wlan0 out on tun0

sudo ufw enable

  • sykaster@feddit.nlOPEnglish
    1·
    19 hours ago

    Except that that set of rules doesn’t work, or do you mean defining a default gateway?

    • just_another_person@lemmy.world
      11·
      19 hours ago

      The default gateway. If it’s not passing traffic, your machine doesn’t go looking elsewhere for routes that work. Read through both the links, and they’ll give you extra background.