OpenVPN between a double-NATed LAN and a routed DMZ subnet.

AkkerKid

Hi All!
On one side is a pfSense box (A) with a public static IP. Behind it, two routed DMZ subnets (a /26 block and a /28 block of public statics) and a NAT'ed LAN.
Example interfaces:
WAN: 12.00.0.102/30  GW:101
DMZ1: 12.11.0.145/28
DMZ2: 12.22.0.129/26
LAN: 10.33.0.1/24

On the other end is a pfSense box (B) behind NAT.  The third-world country ISP provides only 192.168.x.x via DHCP to my office.
WAN: 192.168.100.1/24
LAN: 192.168.0.1/24

I need a VPN between my 12.33.0.129/26 DMZ block and the 192.168.0.0/24 LAN behind the double-NAT.
With what I've done so far, I can:

• Ping the DMZ2's gateway IP (12.22.0.129 on pfSense A) and the server (12.22.0.130) from a PC at 192.168.0.35 behind pfSense B

• Ping the gateway (192.168.0.1) of pfSense B and arbitrary IPs in that subnet from the server 12.22.0.130

• load the pfSense login page on pfSense A from a PC at 192.168.0.35 behind pfSense B

All of this is only possible after I restart OpenVPN on both sides and reset states.
However, I can't load a webpage hosted by the server at 12.22.0.130 behind pfSense A on the PC at 192.168.0.35 behind pfSense B.
I see nothing relevant being blocked by the firewall.  I'm starting to think there's a NAT issue since the DMZ's needed "no NAT" routes to the local LAN.
Any additional ideas would be appreciated!

viragomann

If the VPN between the to sites is up, the NAT does not matter.
Maybe you've a kind of routing issue.

Post your OpenVPN setup from server and client and the IPv4 Routes of both sites.