I am trying to use UFW as a VPN killswitch as outlined in this guide:
https://adamtheautomator.com/linux-killswitch/
So far, I have been successful up to the step where I need to restrict outbound traffic only to the VPN.
According to the instructions I should run the following command sudo ufw allow out to <vpn-address> port <vpn-port> proto <vpn-proto>
To get this information, I head the OpenVPN configuration file that was given to me by my VPN service provider which results in
client
remote 97-1-ch.cg-dialup.net 443
dev tun
proto tcp
So the final command I end up running is: sudo ufw allow out to 97-1-ch.cg-dialup.net port 443 proto tcp
This however yields the following error:
ERROR: Bad destination address
I am able to successfully connect to the VPN using this configuration file which begs the question 'why is the provided VPN address a bad destination for UFW?'.
Any help to get past this blocker would be very much appreciated. Thanks!
Best Answer
I was able to find the IP address(es) associated with a address by using a DNS checker tool: https://dnschecker.org/
I then picked one of the listed IP addresses and updated my OpenVPN conf and added this to be allowed by UFW. Unlike the hostname provided to dnschecker, the IP address was accepted by UFW.
With these changes made, I was able to test that without the VPN enabled, there is no external network traffic allowed, but with the VPN I am able to reach the internet.