Решение:
На пф NAT переключили в режим Hybrid и добавили правило src - локальная сеть, dst - сеть зюхеля, nat - interface address.
Некропост, но все же. Site-to-site Keentic<->pfSense.
На стороне pfSense (сервер) все стандартно.
В Outbound NAT ничего не добавляется.
На стороне Keentic (клиент) на интерфейсе Open VPN добавляется разрешающее правило с SRC=сеть\сети за pfSense.
Ну и не забываем про firewall на машинах за Кинетиком.
Then its something with the switches.. Do they have gateways set? Do they allow access from other than their own network.. Are their masks set correctly.. What is your tunnel network, if they are set for say 10/8 and think your coming from a local IP, they won't send answer back to gateway, etc.
@Derelict I think i got it to work. After i set the default gateway manually to the VPN and not automatic and saw that it worked,
i transfered the Flowing Rule i made for the outbound traffic to the Lan interface.
With the new knowledge of your help and the help of viragomann i changed some tiny things in the firewall rule.
After that i changed the default gateway back to automatic and know the outbound traffic takes the vpn and everything works.
I even rebootet the firewall to get lost of the states but everything still functions as it seems.
Thank you so very much for your dedication and your help.
