Restarting ClearOS is a bit dramatic. You can disable GM and re-enable from the webconfig, or with the beta version (not released version) you can do:

anctl stop

anctl start

The firewall rule you would have wanted is in the app documentationIt is a bit more basic than yours and should have similar functionality. Yours may be a bit over-restrictive. in reality the rule already exists but is too low down in the FORWARD chain which is why it needs re-adding. (That is not really fair. GM injects its rules too high up in the FORWARD chain and that is the true bug. Inserting the rule again sidesteps the GM bug).

Hi, I've always had a rule in the firewall : $IPTABLES -I FORWARD -i tun0 -o enp2s0 -s 10.8.0.0/24 -d 192.165.1.0/24 -m conntrack --ctstate NEW -j ACCEPT . But it's not stable and sometimes it doesn't work anymore! So I tried the way to update GM beta and actually without any rules now everything works regularly! One thing I didn't understand ...... but to restart GM just restart clearos? right?

Your VPN issue could have been got round with a simple firewall rule. It is documented in the OpenVPN docs, I believe.

The "error" you are seeing is not serious and is, I believe, because you are already running the web server. It is more of a warning. It was explained to me once by the devs (this is a third party app), but I can't remember the explanation.

The beta app has been around for a while now but the devs have noticed issues with it so don't want to release it yet. I am not sure what the issues are apart from deleting an entry from the hosts file has no effect until GM is restarted. When I last communicated with them, they said they would not get round to looking at the beta again until at least mid to late September.