OpenVPN between a double-NATed LAN and a routed DMZ subnet.
-
Hi All!
On one side is a pfSense box (A) with a public static IP. Behind it, two routed DMZ subnets (a /26 block and a /28 block of public statics) and a NAT'ed LAN.
Example interfaces:
WAN: 12.00.0.102/30 GW:101
DMZ1: 12.11.0.145/28
DMZ2: 12.22.0.129/26
LAN: 10.33.0.1/24On the other end is a pfSense box (B) behind NAT. The third-world country ISP provides only 192.168.x.x via DHCP to my office.
WAN: 192.168.100.1/24
LAN: 192.168.0.1/24I need a VPN between my 12.33.0.129/26 DMZ block and the 192.168.0.0/24 LAN behind the double-NAT.
With what I've done so far, I can:-
Ping the DMZ2's gateway IP (12.22.0.129 on pfSense A) and the server (12.22.0.130) from a PC at 192.168.0.35 behind pfSense B
-
Ping the gateway (192.168.0.1) of pfSense B and arbitrary IPs in that subnet from the server 12.22.0.130
-
load the pfSense login page on pfSense A from a PC at 192.168.0.35 behind pfSense B
All of this is only possible after I restart OpenVPN on both sides and reset states.
However, I can't load a webpage hosted by the server at 12.22.0.130 behind pfSense A on the PC at 192.168.0.35 behind pfSense B.
I see nothing relevant being blocked by the firewall. I'm starting to think there's a NAT issue since the DMZ's needed "no NAT" routes to the local LAN.
Any additional ideas would be appreciated! -
-
If the VPN between the to sites is up, the NAT does not matter.
Maybe you've a kind of routing issue.Post your OpenVPN setup from server and client and the IPv4 Routes of both sites.