In fact my setup is targeted to endpoint connections, similar to what was described by @lgaetz .
I don’t have site to site working as there is no demand. For the clients my setup is straight forward:
- OpenVPN server is running on my pfSense appliance
- ‘remote access’ VPN is configured with certificate and username/password
- FreePBX seats on the private LAN behind pfSense
- the only trick is to tell Asterisk that VPN ‘address pool’ is local, I recently mentioned this here