In short: computers behind a Watchguard Fireware XTM can open a connection to OpenVPN server (pfSense 2.0.2) but no traffic passes the tunnel - that is, can not reach servers via the tunnel.
Connection is shown established both in client computers openvpn-gui and on pfSense.

From all other locations it works fine, we have tried with laptops ouside office = everything works fine, same laptop behind Watchguard: tunnel ok, but cant' reach servers via the tunnel.

We're trying to connect with remote desktop to a Win2008R2 server, on Watchguard I have a rule that allows rdp/3389 ALL to ALL.
I don't really see how WG can block, the tunnel should connect client to remote LAN directly? But obviously it does block somehow, since everything works outside office (tested from several locations).
Logs shows nothing, checked both pfSense and Watchguard, nothing shows up.

(I know this isn't strictly a Linux question, but this is a good forum & Linux people tend to know stuff like this!)

Ok, found the problem - I'm stupid - that's the problem! :-D

You see, we changed the network 6 months ago.
Before that we reached our servers via second interface on Watchguard, now we've moved the servers to other location (keeping the ip's though, private network).
So in previous network-layout, I had added a static route to our server-network on WG.
Ans as we used pptp until now, pptp gives an ip directly on the server-network, so that worked.
Switching to OpenVPN behaves differently of course, and static routes is the one place I never checked...