At server configuration tab there is a section called "Client Settings".

:) No problem!

Use a gateway group configured for failover as the interface. That or enable default gateway switching.

I've just bought this for the ML110: http://www.ebay.co.uk/itm/272073960382 (HP NC360T 412646-001 412651-001 PCI Express Dual Port Gigabit Server Adapter) …which I'm hoping is going to make the whole exercise easier now. would still appreciate comments though please, thanks.

It depends on the particular client if routes can be pushed. Mostly this works. If so, check "redirect gateway" in server configuration and put a firewall rule to OpenVPN interface that allow access to any if it isn't already done by OpenVPN wizard. Ensure that there is an automotic NAT rule in Firewall > NAT > Outbound with your vpn tunnel network as source and WAN address as NAT address, otherwise add it yourself after checking "hyprid outbound nat rule generation".

OpenVPN will do what your asking easily. I have multiple sites connected to my primary in this very way.  If your a Gold Subscriber then go in to the portal and look at the recent "hangout" about OpenVPN doing this. OpenVPN tunnels can be set up in a hub and spoke configuration or a mesh configuration.  Hub and spoke requires that your hub be live in order for branch offices to contact each other though the VPN. Mesh config does not.

@Trel: Is there any way I can have it that mobile clients by default do not tunnel all, but the client can enable it if necessary? (PFSense is the server, various machines (Windows, Linux, Android) are the clients) Are you talking of split tunneling? I tested with openvpn in pfsense  with Android and it was working. In openvpn android client you can check uncheck this options.. Not sure if Linux Mac or Windows. I will test it those gadgets and let you know. I did a temporary setup where I put pfsense behind cisco 1841 router and applied qos to restrict bandwidth. When I was connected via vpn to it I was getting that pathetic speed in browsing and site to site data transfer. And what is my ip would show that all my traffic is routed via my open vpn server. However when I enabled split tunneling in client on Android browsing speed became normal.  But site to site was still slow. And what is my ip would show me Wan address of the local network.

I'm not certain about road warrior mode, other than being able to access my PfSense while one the road…so yes that is configured as a seperate OpenVPN server.

Just for completeness, I'd like to report that it seems that setting tun-mtu 1387 is the highest I can go before failure. Cheers, Mark.

Oh It might be relevent that I run pfsense as a VM on ESXi on both sites.

If you have a web interface at the DVR which uses TLS, I see no need to access it over VPN. If you want to set up OpenVPN on pfSense, a guidance can be found in the pfSense docs: https://doc.pfsense.org/index.php/OpenVPN

DDWRT is ok, it can just be a pain in routing traffic correctly across site to site VPNs. It seems to always want to NAT things in that context. I didn't notice the DDWRT routing table. That looks correct as well. The iptables rule should allow pings through. Run a constant ping from the pfSense LAN to the DDWRT LAN. Go to Diag>Packet Capture, pick the OpenVPN interface, and start the capture. Let it run for a handful of seconds and stop it. If you see the pings leaving there, that'll confirm the issue's on the DDWRT side. The only thing that'd prevent traffic from LAN getting routed across in that config is if you have a gateway specified on your LAN firewall rule(s), that'll force traffic to that gateway.

Thanks Mike for your info as well.

My god, you're right! I assigned the same subnet to the guest network and the VPN! I will check that again, thank you very much.