OpenVPN + UFW Firewall Integration

Ubuntu: OpenVPN + UFW Firewall Integration

After setting up OpenVPN on Ubuntu, it’s critical to configure UFW (Uncomplicated Firewall) to ensure only authorized VPN traffic passes through. This guide explains how to integrate OpenVPN with UFW for maximum security.

Step 1: Allow OpenVPN Port

By default, OpenVPN uses UDP port 1194. Allow it through UFW:

sudo ufw allow 1194/udp

Step 2: Allow SSH Access

Always allow SSH before enabling UFW to avoid locking yourself out:

sudo ufw allow ssh

Step 3: Enable IP Forwarding

Edit sysctl configuration:

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward=1

Apply changes:

sudo sysctl -p

Step 4: Configure UFW Rules for NAT

Edit UFW before.rules:

sudo nano /etc/ufw/before.rules

Add the following lines at the top (before *filter):

*nat

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE

COMMIT

This ensures VPN traffic is routed correctly.

Step 5: Adjust UFW Configuration

Edit UFW defaults:

sudo nano /etc/default/ufw

Set:

DEFAULT_FORWARD_POLICY="ACCEPT"

Step 6: Reload and Enable UFW

sudo ufw disable

sudo ufw enable

sudo ufw reload

Step 7: Verify Firewall Status

sudo ufw status verbose

Best Practices

• Restrict OpenVPN access to specific IPs if possible
• Use ufw logging on to monitor VPN traffic
• Always keep SSH open to avoid lockouts
• Rotate VPN keys regularly for enhanced security

Note: HostPalace offers managed VPN hosting solutions with OpenVPN and UFW pre-configured for secure client access.