openVPN with ipfire and ipfire in KVM

Howto establish a openVPN tunnel for all your devices behind ipfire(KVM) and its addons.

First of all you need is a ipfire setup with orange network. There is no other sense for me, cause a tunnel bypass the firewall.
So take a PC in orange and create a VM with ipfire red and green network interfaces on it.
The PC in orange establish the ovpn when the PC starts with its network interface automatically.
Allow on it only the most necessary like on debian or ubuntu with gufw e.g. isolate it.
ipfVM starts when host is up and connected.
The RED iface of ipfVM takes the common name network ‘virbr0’ e.g.
The GREEN iface of ipfVM takes its own net iface like ‘ens’ or ‘eno’ with network switch.
Configure DHCP green of ipfVM WITH an extra validating DNS. Take one who is in the same contry as your vpn tunnel ends. This was the trick to bring DNS working.
Plug a wlanAP in to the switch of ipfVM_green ,so you can access the vpn via wlan too or setup ipfVM with blue. ( Unable to get internet on the Wifi Blue network - #14 by friseer )
Install all your addons you want in ipfVM like guardian and enjoy all of ipfire behind a ovpn tunnel.
All PCs connected to the switch or wlanAP of ipfVM_green are going automatically through the ovpn tunnel.
Have fun ;-))