Unfortunately, I'm stuck in the same situation.
I have another server that I set up VPN access on, but this was on Ubuntu. I reviewed both the tutorial on that and compared it to the ones regarding FreeBSD to try and figure out what to do, since not only does the Youtube video linked mention using NAT, but so does DigitalOcean and likely other sources.
Unfortunately, I seem to have similar issues, but weirder: if I ping within a jail, the pings go to the server, which I assume means it's going down the bridge for some weird reason, even if it isn't related to the VPN. If I disable ipfw, the VPN still works, but now it isn't allowing access to devices (which defeats the point).
In my case, my router does seem to offer static route management, so I guess I'll ask the following:
1. Am I better off having the router route all VPN connections (192.168.100.0/24) to the primary router (192.168.2.1) as defined by the router rather than the server?
2. If I am somehow unable to router do it for some reason, is my issue with a IPFW rule perhaps denying the vnet devices on the host?