Azure Pfsense Access to OpenVPN clients from LAN
We can access a tunnel-connected client from another tunnel-connected client because we chose the option to do so in the Openvpn server setup, but could use some direction in safely allowing access from the local vlans to the Openvpn tunnel network clients (RDP/remote support, etc.).
Best practices here would recommend implementing as strict a rule as is necessary.
Perhaps a deny all to those vpn networks, and place rules above this for the protocols/services/destinations you need?