@Antibiotic that is for my server, so I can connect while out and about. I also have a vpn client setup on pfsense that talks to one of my vpses out on the internet. But I don't normally use it.. It is there for testing/helping users with client setups.
I have two instances running, one on 443 tcp (this is for when udp 1194 might be blocked outbound where I am at).. And then your common UDP 1194 instance.
And yes I allow all outbound.. I have no reason to limit what my machines can talk too.. They are my machines and under my control, they only ever run code that I trust.. Blocking outbound would be too little and too late if I infected myself..
And then again, if I did infect myself - highly unlikely they would be using some odd ball port to talk outbound, they would use 443 most likely, just like everything else on the planet uses now.
Now I do log all my devices dns queries (I use pihole - mostly because I like its eye candy more than pfblocker).. And I do check on this now and then to see if they are talking to anything that looks weird.. But I don't block them from talking outbound.