Need some help with firewall (ufw)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
bxadmin
Posts: 2
Joined: Fri Jan 04, 2019 10:58 pm

Need some help with firewall (ufw)

Post by bxadmin » Mon Jan 14, 2019 10:51 am

Hi All
I've spent days on this without success and will appreciate some help.

SoftEther is installed on ubuntu (full LAMP) 18.04 server with kms virtualization. Everything works great, except when the ufw firewall is enabled, I am unable to connect with client.
So, specifications are as follows.

- Virtual Nat and Dynamic DNS - disabled
- Local Bridge created


Added value
To
/etc/resolv.conf added
nameserver 8.8.8.8

To
/etc/dnsmasq.conf
interface=tap_ZZZZ
dhcp-range=tap_ZZZZ,192.168.7.5,192.168.7.99,12h
dhcp-option=tap_ZZZZ,3,192.168.7.1

To
/etc/sysctl.d/ipv4_forwarding.conf
net.ipv4.ip_forward = 1

Executed commands
sysctl --system
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source XXX.XXX.XX.XX (replaced with srv address)
apt-get install iptables-persistent -y
---------------------------------------

netstat -atulpn | grep vpnserver
results with ufw enabled and client "connected"

Code: Select all

XXX.XXX.XX.XX - SRV ADDRESS
YY.YYY.YYY.YY - CLIENT ADDRESS

tcp        0      0 0.0.0.0:5555            0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:992             0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:1194            0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 XXX.XXX.XX.XX:443       YY.YYY.YYY.YY:55432     ESTABLISHED 349/vpnserver
tcp        0      0 XXX.XXX.XX.XX:443       YY.YYY.YYY.YY:55429     ESTABLISHED 349/vpnserver
tcp6       0      0 :::5555                 :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::443                  :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::992                  :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::1194                 :::*                    LISTEN      349/vpnserver
udp        0      0 0.0.0.0:55306           0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:40000     0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:59471           0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:1194      0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:1194        0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:1194          0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:4500      0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:4500        0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:4500          0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:500       0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:500         0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:500           0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:34294           0.0.0.0:*                           348/vpnserver
udp        0      0 0.0.0.0:43573           0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:49863           0.0.0.0:*                           349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe:1194 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76:1194 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::2:1194 :::*                                349/vpnserver
udp6       0      0 ::1:1194                :::*                                349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe:4500 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76:4500 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::2:4500 :::*                                349/vpnserver
udp6       0      0 ::1:4500                :::*                                349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe5:500 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76::500 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::29:500 :::*                                349/vpnserver
udp6       0      0 ::1:500                 :::*                                349/vpnserver
ufw status verbose status

Code: Select all

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
xxxx (ssh)                 ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
5555                       ALLOW IN    Anywhere
992                        ALLOW IN    Anywhere
1194                       ALLOW IN    Anywhere
53                         ALLOW IN    Anywhere
500                        ALLOW IN    Anywhere
4500                       ALLOW IN    Anywhere
2002 (v6)                  ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
5555 (v6)                  ALLOW IN    Anywhere (v6)
992 (v6)                   ALLOW IN    Anywhere (v6)
1194 (v6)                  ALLOW IN    Anywhere (v6)
53 (v6)                    ALLOW IN    Anywhere (v6)
500 (v6)                   ALLOW IN    Anywhere (v6)
4500 (v6)                  ALLOW IN    Anywhere (v6)
Will send more info if needed.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Need some help with firewall (ufw)

Post by thisjun » Thu Feb 21, 2019 5:09 am

Could you share the client information?

bxadmin
Posts: 2
Joined: Fri Jan 04, 2019 10:58 pm

Re: Need some help with firewall (ufw)

Post by bxadmin » Wed Mar 06, 2019 12:45 pm

The client is set as default.
No changes made.

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Need some help with firewall (ufw)

Post by cedar » Tue May 21, 2019 8:04 am

In default setting, VPN client don't have any connection setting.
You should create a connection setting.

Post Reply