egc
9
Yes, I think so, the interface for tun seems necessary for the PBR package to know what routing tables to make.
About the firewall, if this is a simple VPN client adding it to the WAN zone like you did should be good.
If you have a working solution for your use case please mark that solution as solved: