But sure being able to leave the vpn on makes it simple.

Now the VPN connects from my phone, regardless of what network I'm connected to. Doesn't matter if it's LTE or WiFi, it seemlessly transitions between both. So now I don't have to constantly toggle the VPN on and off whenever I leave my house.

Any vulnerabilities in WPA2 are now mitigated via the VPN:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

My question is more to what is the point of doing this in the first place - is your own local wifi a hostile network? Who else is on this wifi network?

Is there any way to watch the packet hit pfsense, and see where it's trying to route it?

Are you saying its not connecting? What are you rules on the interface your wifi connection?

My traffic flow is:

WiFi VLAN -> WAN IP -> OpenVPN on PFSense

Near as I can tell all my firewall rules should allow this. I figure it's being blocked by NAT Hairpinning, as it's a common issue when you have a flow like this:

WiFi VLAN -> WAN IP -> LAN IP VPN Server

Seems that should "just work" but I have never tried it. If the same hostname is used to connect to as is the name of the firewall there are probably hosts file entries pointing that name to an inside address. That won't work.

I have my phone set to require to send all traffic over VPN. But on WiFi the connection fails to connect and thus no data is transferred. This also allows you to connect to an Open WiFi network, with VPN for encryption.

If you connect from the same network that is the Local network in OpenVPN that won't work.