Traffic crossing a site-to-site OpenVPN tunnel fails to fragment.
In some circumstances traffic crossing an OpenVPN site-to-site tunnel with packets larger that the local network MTU can fail to fragment correctly leaving the local interface.
Traffic is fragmented correctly crossing the tunnel in either direction so if you hit this issue you will be able to, for example, ping with large packets a remote pfSense LAN interface IP but not anything else on that LAN subnet.
A work-around for this issue is to assign and enable the OpenVPN interface at the failing end. After that pf will add rules to that traffic and fragment packets correctly.