I am running openvpn as a client on a CentOS 7.4 PC connected to my DSL router/modem which is running in transparent bridged mode. That is, the PC gets the Internet IP address from my ISP. A second NIC on the PC is "Shared to other computers" and passes the connection to the rest of my LAN. Works fine.
I connect to the commercial VPN provider thusly from the command line
This allows any computer on my LAN to access the Internet via the vendor's exit server. So far, so good.sudo openvpn --config ~/bin/us-ca-108.protonvpn.com.udp1194.ovpn --auth-user-pass ~/bin/propw
The PC is running firewalld - the standard Red Hat/CentOS firewall. I have tested the firewall with the VPN disconnected by using ShieldsUP at www.grc.com to scan ports on the PC from the Internet side. The results seem to be giving me a true picture of my firewall. With the VPN connected a similar scan shows results from the firewall on the exit server. This means I cannot test for the answer to my question. Which is...
Does the VPN tunnel dump its traffic outside or inside the firewall? In other words does the encrypted traffic pass through the firewall unmolested or is it decoded before the firewall and thus subject to the rules of the firewall?