What's the question?
I assume you can connect to the OpenVPN-Server fine but you cannot connect to things on LAN right?
If that's the case, turn the OpenVPN-Interface into a TAP interface (L2), then turn LAN into a bridge, adding the OpenVPN-TAP-Interface and the LAN-NIC to the bridge.
Restart the OpenVPN-Server, export the OpenVPN-config to the phone again, refresh and reconnect.
Now the phone should get an ip-address and be bridged into the LAN, problem solved. (This can take a few seconds if STP is enabled on the bridge).
The other option is to use a TUN interface. The downside here is that stuff like broadcasting is not working. Nevertheless you can go down two routes:
Easy route:
Give the VPN-Clients a different subnet, e.g. 10.1.1.0/24 and route them to the LAN-subnet. As the LAN uses pfSense as default gateway, LAN is able to find the way back.
Hard route:
You use brouting to make this happen. You have to understand that routing and subnetting are NOT the same.
So on the LAN-Interface you have 192.168.0.0/24 as subnet and 192.168.0.1/24 as ip-address. On OpenVPN's TUN interface you have 192.168.0.241/24 (YES, 24) as IP-address. Also you hand out IP-addresses in the range of 192.168.0.240/28 to the clients. You add a static route of 192.168.0.240/28 to the tun interface (YES, THE INTERFACE) and enable proxy ARP for the interface.
Now a client dials in via tun interface, gets an IP-address in the range of 192.168.0.240/28 and the firewall proxies the arp requests from one site to the other. As it knows what's going on, it magically copies the packets back and forth and you're a happy camper.
You need to understand what this does, how proxy arp works and that you can get yourself into a lot of trouble if other networks exist and you haven't configured this correctly.
KR,
G.
