OpenVPN between a double-NATed LAN and a routed DMZ subnet.
AkkerKid last edited by
On one side is a pfSense box (A) with a public static IP. Behind it, two routed DMZ subnets (a /26 block and a /28 block of public statics) and a NAT'ed LAN.
WAN: 12.00.0.102/30 GW:101
On the other end is a pfSense box (B) behind NAT. The third-world country ISP provides only 192.168.x.x via DHCP to my office.
I need a VPN between my 18.104.22.168/26 DMZ block and the 192.168.0.0/24 LAN behind the double-NAT.
With what I've done so far, I can:
Ping the DMZ2's gateway IP (22.214.171.124 on pfSense A) and the server (126.96.36.199) from a PC at 192.168.0.35 behind pfSense B
Ping the gateway (192.168.0.1) of pfSense B and arbitrary IPs in that subnet from the server 188.8.131.52
load the pfSense login page on pfSense A from a PC at 192.168.0.35 behind pfSense B
All of this is only possible after I restart OpenVPN on both sides and reset states.
However, I can't load a webpage hosted by the server at 184.108.40.206 behind pfSense A on the PC at 192.168.0.35 behind pfSense B.
I see nothing relevant being blocked by the firewall. I'm starting to think there's a NAT issue since the DMZ's needed "no NAT" routes to the local LAN.
Any additional ideas would be appreciated!
viragomann last edited by
If the VPN between the to sites is up, the NAT does not matter.
Maybe you've a kind of routing issue.
Post your OpenVPN setup from server and client and the IPv4 Routes of both sites.