OpenVPN: external firewall zone? What should go there?

This is REALLY opaque:

“However, a pre-condition for this to work is that you need to have at least one Internet connected network interface which is part of the ‘External’ firewall zone. Use the networks configuration page to edit the firewall zone for the device’s network interfaces.”

What network interface is supposed to go there? How should it be configured? No examples are given, no further clarification beyond the mysterious line above.

I have to come up with an extra random network interface so this will work?

I tried creating a random simple external firewall interface, just to put something there that will satisfy this demand, but but it either won’t activate or some other barrier is thrown up.

Also, why is “tun0” set in firewall to “none”? I’d love to get OpenVPN up and running but there are too many mysteries here.

So far all I’ve been able to do is – using the sudo openvpn --verb 9 --config xxx.ovpn command – arrive at “Initialization Sequence Completed” but nothing happens after that. I’m using a Pioneer box, v 19.2.

I encountered the same problem as described here by rjfbx1.

I have only an eth0 configured as Ethernet (Intern). Changing it to external does not help. Do I need an additional interface / cable ?

There might be a different way to solve the problem. That is to enable the “masquerade” flag on the “internal” firewall zone by running something like this:

firewall-cmd --zone=internal --add-masquerade
firewall-cmd --zone=internal --add-masquerade --permanent

However, I have not evaluated the (security) consequences of doing this. In your particular case, this may not be bad as you have a single network interface. I have also not tested it.