On 04/21/2016 03:28 PM, Marcin Trendota wrote: >> Also, you probably should specify tun+ instead of tun0, even if you >> >think there will only be one tunnel up at any given time. > Specify where? firewall-cmd --zone=home --add-interface=tun+ Beyond that, I can't really tell what firewalld is doing with forwarded traffic from the output you've given, just the incoming traffic. It might be more clear to just post the output of "iptables -L -vn" somewhere. https://paste.fedoraproject.org/ maybe