I wondered why my firewall wouldn't use static routes to the openvpn link. Seems you don't do it that way (use remote IPs in openvpn setup). The documentation even says so.

Next will be to have another go a PBR so certain ports go out that way.

Was playing around with on No matter what I do I cannot get it to ignore I do checksum errors so the logs are full of it.

I'll see if has the same problem

Been playing around with ELK ( and ) stack this weekend. Still needs more tuning to remove the noise but it's a very capable setup. The setup for it was fiddly but gives some good results. Also, not sure if logstash should be between filebeat and elasticsearch or not.