You can password protect your key file so that ed an extra password is needed to connect with openvpn. It will also work with embedded certificates in .ovpn
These steeps will show you how to use OpenDNS instead of your ISPs DNS in pfSense, and how to setup a free home account at OpenDNS to start filtering DNS request, and by that blocking unwanted traffic.
Tried to make domain from one PFsense accessible to another PFsense using domain overrides in DNS resolver (unbound). Apparently unbound is miss configured as default so it does not find the route to the other pfsense box.