OpenVPN between a double-NATed LAN and a routed DMZ subnet.
On one side is a pfSense box (A) with a public static IP. Behind it, two routed DMZ subnets (a /26 block and a /28 block of public statics) and a NAT'ed LAN.
WAN: 12.00.0.102/30 GW:101
On the other end is a pfSense box (B) behind NAT. The third-world country ISP provides only 192.168.x.x via DHCP to my office.
I need a VPN between my 220.127.116.11/26 DMZ block and the 192.168.0.0/24 LAN behind the double-NAT.
With what I've done so far, I can:
Ping the DMZ2's gateway IP (18.104.22.168 on pfSense A) and the server (22.214.171.124) from a PC at 192.168.0.35 behind pfSense B
Ping the gateway (192.168.0.1) of pfSense B and arbitrary IPs in that subnet from the server 126.96.36.199
load the pfSense login page on pfSense A from a PC at 192.168.0.35 behind pfSense B
All of this is only possible after I restart OpenVPN on both sides and reset states.
However, I can't load a webpage hosted by the server at 188.8.131.52 behind pfSense A on the PC at 192.168.0.35 behind pfSense B.
I see nothing relevant being blocked by the firewall. I'm starting to think there's a NAT issue since the DMZ's needed "no NAT" routes to the local LAN.
Any additional ideas would be appreciated!
If the VPN between the to sites is up, the NAT does not matter.
Maybe you've a kind of routing issue.
Post your OpenVPN setup from server and client and the IPv4 Routes of both sites.