No need to go to http//whatever.on.the.internet.tld
Like Mercedes knows all about Mercedes cars, Netgate/pfSense knows all about pfSense : https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html
I would open my tool box, that is : clicking on " Diagnostics > Packet Capture" and set up for a capture on port 1194 and UDP (?) and start it.
Then, try to connect using your remote App.
Stop the capture.
Look at the result : something came actually into on your WAN (?) NIC on this 1194 port ?
If not : the problem is up stream : traffic didn't make it to pfSense.
Read the entire check list on the trouble shooting page : execute every step, and if you do not understand : ask.
"before using Pfsense I open NAT-DMZ on the router from WAN to local IP. " pfSEnse is not any different from any other router on planet Earth.
You have to create a NAT rule, using incoming port, outgoing (destination) port, a 'LAN' (DMZ) IP address and that's it.
But if 1) applies, and nothing comes in ... well yeah .... 1 explains 2.
"I have a program that does not work in the domain environmen" : I don't understand.
That's a typical user that describes an error.
Your are the network admin ? Start detailing what actually happens. We, from here, know nothing about your network / needs / setup.
Give details and we figure it out.
Thankyou Grimson, after Reading The Fine Manual.
I concluded that
since the WAN IF of pfSense router actually does not have a public IP and has a IP Address 192.168.1.253
RFC1-918, I think it is secure from outside attack over internet even after turning off the block Private IP Address and loop back address and this is the proper way to configure and it's not a work around. Please correct me if i'm wrong.
The first link I glanced over before but I can now access the web server both on the WAN and LAN. I'm even able to ssh to it from LAN to OPT1. I don't remember if it was one of the videos you linked or some random third video but I didn't understand that request get sent out on a random port. So those source ports would have never worked. Sorry for not understanding that sooner.