You could create an alias for the inbound IPs for SIP/RTC and limit the source on the NAT rule with that alias. Then your WebRTC users will be unaffected because their src/dst/port triplet will not match that NAT. https://www.twilio.com/docs/api/voice/sip-interface - see IP address whitelist.
It looks like you are obfuscating/hiding the IP addresses. The two networks need two different subnets, and the OpenVPN network between them needs a third subnet. Did you add firewall rules to and from the OpenVPN interface? Overall, we followed the steps in the pfSense/Netgate "book"
Hello fellow Pfsense Users, I have tried and failed many times to configure OpenVPN using Pfsense to work in this situation I will explain below. In my office we have a financial information system that should be accessed only using a network IP addresses of 192.168.200.0 which is only used by