Are there some kind of firewall rules neccessary after a vpn connection is set up?

IPFire, OpenVPN and IOS 15.6.1

OpenVPN Connect 3.3.2 (OpenVPN Technologies)

IPFire lets no data flow …

Question: Are there some kind of firewall rules neccessary after a vpn connection is set up?

Issue:
I have a OpenVPN connection (via WLAN) established. In the proxy setting the VPN ip range is allowed. The VPN shows connected in IPFire WebUI and at my iPhone . That looks good. But I get no app connected into the internet. (E.g. No browser shows a webpage; No App run; No Mail; Nextcloud shows ‘No Network’; etc.)
Unfortunately there are no helpful entries in the log (firewall and proxy log)

Any hints?

IPFire settings:
Masquerade GREEN disabled
Masquerade ORANGE disabled
Masquerade BLUE enabled

Firewall logging
Log dropped new not SYN packets off
Log dropped packets classified as INVALID by connection tracking off
Log dropped input packets on
Log dropped forward packets on
Log dropped outgoing packets on
Log dropped portscan packets on
Log dropped wireless input packets on
Log dropped wireless forward packets on
Log dropped spoofed packets and marsians on

Firewall options for RED interface
Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.) on

Firewall options for BLUE interface
Drop all packets not addressed to proxy off
Drop all Microsoft ports 135,137,138,139,445,1025 on

Firewall settings
Show colors in ruletable on
Show remarks in ruletable on
Show empty ruletables on
Show all networks on rulecreation site on

Firewall policy
Default behaviour of (forward) firewall in mode “Blocked” DROP
Default behaviour of (outgoing) firewall in mode “Blocked” DROP
Default behaviour of (input) firewall DROP

Default firewall behaviour
FORWARD Blocked
OUTGOING Blocked

How did you configure the proxy from the client side? If you used OpenVPN Connect proxy settings, you have two reasons why the connection is not working. If you did not put a push directive in the .ovpn file or server side, your client is not using any proxy and the firewall drops the packets because they are trying a direct access. See the last few lines of this tutorial.

OK, in my case the option lines in /var/ipfire/ovpn/scripts/server.conf.local did not help. But the lines in the .ovpn file did the trick …

Thank you for this hint!

PS:
Maybe this lines should be inserted automaticly by IPFire when creating the .ovpn file …
Or there should be better/more info in a log file.

Maybe you need to restart the server.

Oops, the whole host? Shudder …