I tried adding the OpenVPN subnet to a P2 for the IPSec policy. It did not seem to matter.
Then I noticed the first P2 was for “Lan” and not a network. OpenVPN is not in the list, so I tried adding it under Interfaces to see if it would then appear as an option for IPsec. This broke OpenVPN so I backed out the Interface and P2 for OpenVPN.
I’d like to set up NAT but do not know how to do that on the PfSense. Presumably, the NAT would convert the IP range of the OpenVPN tunnel to a few addresses in the Lan range that are not in use. Do you know where I could see an example?