Need some help with firewall (ufw)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
bxadmin
Posts: 1
Joined: Fri Jan 04, 2019 10:58 pm

Need some help with firewall (ufw)

Post by bxadmin » Mon Jan 14, 2019 10:51 am

Hi All
I've spent days on this without success and will appreciate some help.

SoftEther is installed on ubuntu (full LAMP) 18.04 server with kms virtualization. Everything works great, except when the ufw firewall is enabled, I am unable to connect with client.
So, specifications are as follows.

- Virtual Nat and Dynamic DNS - disabled
- Local Bridge created


Added value
To
/etc/resolv.conf added
nameserver 8.8.8.8

To
/etc/dnsmasq.conf
interface=tap_ZZZZ
dhcp-range=tap_ZZZZ,192.168.7.5,192.168.7.99,12h
dhcp-option=tap_ZZZZ,3,192.168.7.1

To
/etc/sysctl.d/ipv4_forwarding.conf
net.ipv4.ip_forward = 1

Executed commands
sysctl --system
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source XXX.XXX.XX.XX (replaced with srv address)
apt-get install iptables-persistent -y
---------------------------------------

netstat -atulpn | grep vpnserver
results with ufw enabled and client "connected"

Code: Select all

XXX.XXX.XX.XX - SRV ADDRESS
YY.YYY.YYY.YY - CLIENT ADDRESS

tcp        0      0 0.0.0.0:5555            0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:992             0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 0.0.0.0:1194            0.0.0.0:*               LISTEN      349/vpnserver
tcp        0      0 XXX.XXX.XX.XX:443       YY.YYY.YYY.YY:55432     ESTABLISHED 349/vpnserver
tcp        0      0 XXX.XXX.XX.XX:443       YY.YYY.YYY.YY:55429     ESTABLISHED 349/vpnserver
tcp6       0      0 :::5555                 :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::443                  :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::992                  :::*                    LISTEN      349/vpnserver
tcp6       0      0 :::1194                 :::*                    LISTEN      349/vpnserver
udp        0      0 0.0.0.0:55306           0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:40000     0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:59471           0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:1194      0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:1194        0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:1194          0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:4500      0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:4500        0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:4500          0.0.0.0:*                           349/vpnserver
udp        0      0 XXX.XXX.XX.XX:500       0.0.0.0:*                           349/vpnserver
udp        0      0 192.168.7.1:500         0.0.0.0:*                           349/vpnserver
udp        0      0 127.0.0.1:500           0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:34294           0.0.0.0:*                           348/vpnserver
udp        0      0 0.0.0.0:43573           0.0.0.0:*                           349/vpnserver
udp        0      0 0.0.0.0:49863           0.0.0.0:*                           349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe:1194 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76:1194 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::2:1194 :::*                                349/vpnserver
udp6       0      0 ::1:1194                :::*                                349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe:4500 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76:4500 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::2:4500 :::*                                349/vpnserver
udp6       0      0 ::1:4500                :::*                                349/vpnserver
udp6       0      0 fe80::5c27:35ff:fe5:500 :::*                                349/vpnserver
udp6       0      0 fe80::5054:ff:fe76::500 :::*                                349/vpnserver
udp6       0      0 2a06:f901:1:100::29:500 :::*                                349/vpnserver
udp6       0      0 ::1:500                 :::*                                349/vpnserver
ufw status verbose status

Code: Select all

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
xxxx (ssh)                 ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
5555                       ALLOW IN    Anywhere
992                        ALLOW IN    Anywhere
1194                       ALLOW IN    Anywhere
53                         ALLOW IN    Anywhere
500                        ALLOW IN    Anywhere
4500                       ALLOW IN    Anywhere
2002 (v6)                  ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)
5555 (v6)                  ALLOW IN    Anywhere (v6)
992 (v6)                   ALLOW IN    Anywhere (v6)
1194 (v6)                  ALLOW IN    Anywhere (v6)
53 (v6)                    ALLOW IN    Anywhere (v6)
500 (v6)                   ALLOW IN    Anywhere (v6)
4500 (v6)                  ALLOW IN    Anywhere (v6)
Will send more info if needed.

Post Reply