Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-13-2017, 08:29 PM   #1
LQ Newbie
Registered: May 2017
Posts: 8

Rep: Reputation: Disabled
Using ufw and openvpn to restrict access to applications running on a VPS

Hi LinuxQuestions

I have a few Atlassian apps running on a VPS and I want to place them behind a VPN. I have successfully set up OpenVPN and my clients can connect as well as browse the Internet over it. But when accessing web applications running on the VPN box, the requests are blocked by ufw because they come directly from my ISP assigned IP instead of routing through the VPN.

A traceroute on the client shows what is happening. When hitting (or any other remote URL) my connection goes via the VPN:

> traceroute
traceroute to (, 64 hops max, 52 byte packets
1 (  213.252 ms  214.909 ms  222.016 ms
But when trying to hit an app on my VPS it goes straight out via my ISP instead:

> traceroute -p8080
traceroute to (172.XXX.XXX.XXX), 64 hops max, 52 byte packets
1  182.55.XXX.X (182.55.XXX.X)  5.096 ms  15.385 ms  3.156 ms
I can do the following to validate that the web app is accessible on port 8080, but of course this opens it up to anyone, not just VPN users.

ufw allow in 8080/tcp
Here is my current ufw setup:

    Status: active
    Logging: on (full)
    Default: deny (incoming), deny (outgoing), allow (routed)
    New profiles: skip
    To                         Action      From
    --                         ------      ----
    22/tcp (OpenSSH)           ALLOW IN    Anywhere
    Anywhere on tun0           ALLOW IN    Anywhere
    1194/udp                   ALLOW IN    Anywhere
    Anywhere                   ALLOW OUT   Anywhere on tun0
    1194/udp                   ALLOW OUT   Anywhere
    53                         ALLOW OUT   Anywhere                 ALLOW OUT   Anywhere
And here is the ufw log showing the request being blocked:

    [1978012.574217] [UFW BLOCK] IN=venet0 OUT= MAC= SRC=XXX.XXX.XXX.XXX DST=YYY.YYY.YYY.YYY LEN=64 TOS=0x00 PREC=0x00 TTL=55 ID=16546 DF PROTO=TCP SPT=57929 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0
XXX.XXX.XXX.XXX = my client's ISP assigned public IP

YYY.YYY.YYY.YYY = the IP of the VPS running OpenVPN and the webapp running on port 8090

Is there any way to force all traffic through the VPN connection, including traffic to the VPN box itself?

Any pointers would be greatly appreciated!

I found the same question asked almost a year ago on askubuntu but it has never been answered. Linking it here to help other lost souls:

UPDATE: So I realised I could access the application with no extra uwf rules via (d'oh) so my setup works. I would still like my users to be able to access via the friendlier URL if possible.

Last edited by jim_s; 05-13-2017 at 11:09 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu VPS > restrict openerp for some user iftikhar.tutul Linux - Server 1 12-16-2013 03:10 AM
Ubuntu VPS > restrict openerp for some user iftikhar.tutul Ubuntu 2 12-16-2013 01:57 AM
cannot access windows machine while openvpn server is running psycroptic Linux - Networking 1 02-05-2013 07:35 PM
Asking about OpenVPN and Squid 3.1 on OpenVZ VPS clear_water Linux - Networking 0 10-31-2012 12:12 PM
Can't access network printer through UFW cornleader Ubuntu 3 09-25-2008 10:46 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration