how to improve openvpn performance/ Am I doing this right way

shetu

Hello
I want to access my local lan from outside. But I have no real ip at WAN. So i buy cheap oepnvz vps and install openvpn server there. I configure pfsense as vpn client. Now I try to reach home lan via vps ip.
I can ping 192.168.1.100. When I try log on server (a) I was hangup at middle point or console did not fully load.
I can access ss server (b) but webpage show FIN_WAIT_2:FIN_WAIT_2 and getting very low speed when try to browse windows share (c).
There are a unknown interface (tap2). I do not understand where does it come from.

Lan Subnet : 192.168.1.0/24
Wan :  192.168.25.40
cent os vpn server subnet : 10.8.0.0/24
Pfsense vpn client : 10.8.0.2
Target ssh/asterisk server (a) : 192.168.1.100 
ssh server (b) : 192.168.1.101
Windows share folder (c) : 192.168.1.22

------
Centos 6.9 (vps server)
-----------
Iptables rules for port forward
iptables -t nat -A PREROUTING -j LOG --log-prefix "PREROUTING:" --log-level 6
iptables -t nat -I PREROUTING -d "VPS Real IP" -p tcp --dport 1196:65535 -j DNAT --to-destination 10.8.0.2:1196-65535
iptables -t nat -A PREROUTING -d "VPS Real IP" -p udp -m udp --dport 1196:65535 -j DNAT --to-destination 10.8.0.2:1196-65535 
iptables -t nat -A POSTROUTING -j LOG --log-prefix "MASQUERADE:" --log-level 6
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p tcp --dport 1196:65535 -j SNAT --to-source 10.8.0.1
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p udp --dport 1196:65535 -j SNAT --to-source 10.8.0.1
iptables -A FORWARD -j LOG --log-prefix "FORWARD:" --log-level 6
iptables -I FORWARD 1 -d 10.8.0.2 -p tcp --dport 1196:65535 -j ACCEPT

-------------
Openvpn Server Conf (From centos VPS)

port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
client-to-client
push "route 192.168.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp" 
crl-verify crl.pem
ca ca.crt
cert server_g9hq31FXVL3AsXq0.crt
key server_g9hq31FXVL3AsXq0.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3

Pfsense Openvpn server 
dev ovpns2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 10.8.0.2
tls-server
server 192.168.92.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server2 1198" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfsense_openvpn_server_Certificate_1198' 1"
lport 1198
management /var/etc/openvpn/server2.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
ca /var/etc/openvpn/server2.ca
cert /var/etc/openvpn/server2.cert
key /var/etc/openvpn/server2.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
comp-lzo adaptive
passtos
persist-remote-ip
float
topology subnet