Trying to set up pfSense with OpenVPN and only Tor works

pffffSensing-N00b-3485901

edited to add details, clarity, and formatting
pfSense version & info:

Version 	2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5

The system is on the latest version.
Platform 	nanobsd (2g)
NanoBSD Boot Slice 	pfsense0 / da0s1(rw)
CPU Type 	AMD Athlon(tm) II X2 250 Processor
2 CPUs: 1 package(s) x 2 core(s)
Uptime 	00 Hour 38 Minutes 01 Seconds
Current date/time 	
Sun Sep 25 9:19:57 GMT-5 2016
DNS server(s) 	

    209.222.18.218
    209.222.18.222
    208.67.222.222
    208.67.220.220

Topology:
I have a Windows 7 64 bit SP1 laptop connected to a pfSense box with a wired connection.  The pfSese box has 2x Intel NICs (one WAN, one LAN). The pfSense box is connected to a SOHO wifi router.  It was working fine as a firewall with default settings, and then I started messing with OpenVPN.

I'm following the guides from here and on PIA's site, trying to get strong encryption working (tried other flavors too like TCP strong, and UDP 1194 with now unsupported crypto).
Guides:
Configuring pfSense as VPN Client to Private Internet Access
https://forum.pfsense.org/index.php?topic=76015.0

OpenVPN Step-by-Step Setup for pfSense aes256/Strong [firewall/router]
https://www.privateinternetaccess.com/forum/discussion/21875

I'm not getting errors in the OpenVPN log, so I guess that part's right?  I get the following in the log:

Initialization Sequence Completed 

Current OpenVPN client parameters:

peer to peer
TCP
tun
us-east.privateinternetaccess.com
port 501
infinitely resolve server
do not enable auth of TLS packets
client cert web configurator
AEC-256-CBC
SHA256
compression enabled with adaptive

auth-user-pass /etc/openvpn-password.txt;
verb 5;
remote-cert-tls server

/etc/openvpn-password.txt was made in the web UI, and I can read from it after a pfSense reboot, and the password is good.
I currently have the 4096 certificate in as a CA, but I also tried the 2048 one and it's settings.  I think the OpenVPN client is working with most of these settings, and my problem is outside of OpenVPN.  but I am a n00b at this…

This morning, the OpenVPN client (or daemon?) was down.  I restarted it and it connected.  However, I never seem to get more than a few KiB to transfer.

Almost all traffic is not working.  However, pfSense can determine if its up to date, the Tor Browser Bundle can surf the net, and I can resolve DNS names with ping.  Nothing else works (but I only tried web browsing by name and IP).

What works:
DNS resolves on my PC (via ping)
DNS resolves in the pfSense GUI
Tor traffic will start to work after things settle, with some settings
Windows thinks there's Internet Access on the adapter (It reaches out to some Microsoft servers to check this)

What does not work:
Firefox on my PC (regular Firefox, not TBB/Tor)
Ping resolves the name, but all the pings fail.  Tried google.com and duckduckgo.com
Using the OpenVPN client on my PC with proflies set to use TCP and connect by IP address (not name)

I think I am overlooking some detail(s), but I don't know what to look for.  It seems like DNS is having a problem, so I fiddled with that.  I think I put it back to default.  It kind of seems like the firewall isn't set up right, but I didn't play with it too much (put it back to default too; except for the new NAT rules for the OpenVPN).

I had a bunch of difficulties the last time I tried this, and I overlooked a checkbox.  I knew that going in this time, so I made sure to pay attention to that section ("TLS Authentication" = [uncheck] "Enable authentication of TLS packets.")

What should I look for or do to troubleshoot this?