From c65ce53c35e065ae27f4a786cbc00572dd4fc353 Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Fri, 6 Jul 2018 23:55:53 +0200
Subject: [PATCH] Fix UFW default forwarding policy on Ubuntu

Fixes to #233
---
 openvpn-install.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index e74d854..929c753 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -582,6 +582,22 @@ verb 3" >> /etc/openvpn/server.conf
 	fi
 	# Avoid an unneeded reboot
 	echo 1 > /proc/sys/net/ipv4/ip_forward
+
+	# Allo forward on Ubuntu with UFW
+	if [[ $(lsb_release -si) == "Ubuntu" ]];then
+		# If the DEFAULT_FORWARD_POLICY is not accept
+		if ! grep -qe '^DEFAULT_FORWARD_POLICY=\"ACCEPT\"' /etc/default/ufw;then
+			# If the there is an uncommented DEFAULT_FORWARD_POLICY line
+			if ! grep -qe '^DEFAULT_FORWARD_POLICY' /etc/default/ufw;then
+				# Set it to ACCEPT
+				sed -i 's|^DEFAULT_FORWARD_POLICY=\".*\"|DEFAULT_FORWARD_POLICY=\"ACCEPT\"|' /etc/default/ufw
+			else
+				# Just add the correct line
+				echo 'DEFAULT_FORWARD_POLICY="ACCEPT"' >> /etc/default/ufw
+			fi
+		fi
+	fi
+	
 	# Set NAT for the VPN subnet
 	iptables -t nat -A POSTROUTING -o $NIC -s 10.8.0.0/24 -j MASQUERADE
 	# Save persitent iptables rules