Create VPN Kill Switch in Ubuntu using UFW
Hello folks,
First thing first, hope you all are doing well in this pandemic situation. 2020 was hard for all of us.
Nowadays for an individual after CORONA, internet privacy and security plays an important role. Whether you have to surf censored website , or you have access the content from a restricted country and if you are in infosec it becomes as important to use VPN to hide your identity.
Many times, you forget to turn on the VPN and start exploring directly from your ISP. May God Help them !!!!!
Today we will be creating a VPN kill switch for Ubuntu so that you don’t make mistakes even by mistake “Galti sae bhi Galti na ho Jaye”
What is a VPN Kill Switch ?
VPN Kill Switch, Internet Kill Switch, or Network Lock is a special feature proivded by VPN provider in which user gets disconnected from internet whenever VPN turns off or crashes.
What is UFW ?
ufw — program for managing a netfilter firewall
This program is for managing a Linux firewall and aims to provide an
easy to use interface for the user.
Step 1 Update & Upgrade your System
sudo apt update
sudo apt upgrade -y Once the commands have finished executing, you’re ready to get started setting up a VPN killswitch with UFW.
Step 2 Disable IPv6
Many of VPN still are not able to stop the IPv6 data leaks which in turn reveals your real identity. Check Now -> https://ipleak.net/
To get started, open /etc/sysctl.conf for editing ( Know More )
sudo nano /etc/sysctl.conf
search for net.ipv6 config to edit
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1Save your changes and force your system to reload sysctl.conf
sudo sysctl -p
Confirm the changes by checking the parameters in /proc which contain information about your system.
cat /proc/sys/net/ipv6/conf/all/disable_ipv6It will display 1 as output
Step 3 Stop UFW from automatically creating IPv6 firewall rules
To turn off IPv6 in UFW, open the file /etc/default/ufw for editing
sudo nano /etc/default/ufw
Change yes to no, and save it. Disable the UFW
sudo ufw disableAbove steps will disable IPv6 system-wide
Step 4 Setting up UFW
Fetch subnet
ip addr | grep inet
The above command will list all the inet entry of all the adapters. 127.0.0.1/8 is a loopback adapter and another is a WIFI adapter.
Allow Traffic in network
We need to access the localhost, another system , hosts and services in the network. Below commands will allow LAN access to your computer
sudo ufw allow in to 192.168.43.245/24sudo ufw allow out to 192.168.43.245/24
Deny all the outgoing and incoming traffic
sudo ufw default deny outgoingsudo ufw default deny incoming
The above command is heart of kill switch. It will never allow you to access the internet services not it will allow others to connect your system from outside network.
Now connect to your VPN, check the adapter.
ip addr | grep inetGenerally vpn connect with tun0 adapter
Now force all outbound traffic to use the VPN tun0
sudo ufw allow out on tun0 from any to anyConnections back through the VPN
sudo ufw allow in on tun0 from any to anyStep 5 Enable UFW
sudo ufw enable
Voilaa …. Your Kill switch is ready to use … !!
I have created a bash script to automate the process.
Hope you have enjoyed it . !!! Share it ..!!
