OpenVPN between a double-NATed LAN and a routed DMZ subnet.

  • Hi All!
    On one side is a pfSense box (A) with a public static IP. Behind it, two routed DMZ subnets (a /26 block and a /28 block of public statics) and a NAT'ed LAN.
    Example interfaces:
    WAN:  GW:101

    On the other end is a pfSense box (B) behind NAT.  The third-world country ISP provides only 192.168.x.x via DHCP to my office.

    I need a VPN between my DMZ block and the LAN behind the double-NAT.
    With what I've done so far, I can:

    • Ping the DMZ2's gateway IP ( on pfSense A) and the server ( from a PC at behind pfSense B

    • Ping the gateway ( of pfSense B and arbitrary IPs in that subnet from the server

    • load the pfSense login page on pfSense A from a PC at behind pfSense B

    All of this is only possible after I restart OpenVPN on both sides and reset states.
    However, I can't load a webpage hosted by the server at behind pfSense A on the PC at behind pfSense B.
    I see nothing relevant being blocked by the firewall.  I'm starting to think there's a NAT issue since the DMZ's needed "no NAT" routes to the local LAN.
    Any additional ideas would be appreciated!

  • If the VPN between the to sites is up, the NAT does not matter.
    Maybe you've a kind of routing issue.

    Post your OpenVPN setup from server and client and the IPv4 Routes of both sites.