DragonFly BSD Firewall Configuration
These config files are examples. At least rc.conf needs some changes for your system. Compare with the originals carefully.
The rc.conf file has two openvpn configs, disabled. See CHANGEME in the file, and see your original rc.conf for values. DO NOT USE THE VALUE WITH CHANGEME IN THEM. They are there just to remind you that my rc.conf has those values set, for completeness.
The pf.conf file has rules enabling openvpn. Comment those out if you aren't using openvpn. I currently do not have rules that filter the openvpn traffic to certain hosts. You will probably want to do that for security. I also have allowed ssh and http access. Comment those out if you desire.
The dhcpd.conf file needs to be copied to /usr/local/etc/dhcpd/, after you do pkg install dhcpd or otherwise install it from ports. This file, combined with the config in rc.conf and pf.conf sets up a DHCP network on 192.168.2.1 on your second network device. You may need to change the network to avoid conflicting with work or other VPN'd networks. It also has the nameserver pushed to clients set to 8.8.8.8 which are google's servers. Change this as you see fit.
If you are using openvpn, you need to create the openvpn config files somehow, and change the rc.conf openvpn*_configfile variables to the path of each config file.
If you are using tunnelblick on a Mac, then it will have the OpenVPN files that you can copy in place. Your system administrator might have them generated for you already. You need to pkg install openvpn or otherwise install it from ports.
On boot, and periodically, after openvpn connection fails, I often need to do rcrestart pf and/or rcrestart openvpn in a certain combination or order, to get the VPN back online. Try playing with OpenVPN config settings for keep alive, and/or having a tmux window open on the other side which updates the clock in the terminal window, to keep the connections going. The AWS VPN seems to not need that very often, but my work VPN seems to need it often.