OpenVPN in pfSense, is my ISP's private address causing a problem?



  • Hi, I have a small Hyper-V Server and pfSense running as a VM. I recently moved to a new flat and the router there is connected to the internet using a private IP address supplied from my ISP (coax).

    I don't want to set a pfSense box as my main router-firewall yet because I'm just getting started and trying to get comfortable managing it.

    So, the setup is as follows:

    • ISP Router (let's say the WAN IP is 10.3.42.100) and the LAN is 192.168.2.X
    • Hyper-V Server (NIC1 for administration 192.168.2.10) with 3 VMs running on it.
    • pfSense running in a VM (dedicated NIC for WAN 192.168.2.11 and on the LAN side another subnet of 192.168.0.X).

    The idea is that my virtualized VMs (file server, domain controller, a small SQL database server) will be connected to the internet via the LAN of pfSense, so far so good, they all have internet access. But also I'd like to access them outside of my network using OpenVPN.

    I've created the OpenVPN Server using the wizard in pfSense and it created the rules for WAN (port 1194).

    In my ISPs router I created a static IP rule for the pfSense VM (192.168.2.11) and added it to the DMZ. I exported the OpenVPN client and opened it in my laptop but I cannot connect, I get the Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    Does my ISP's address create an additional problem because is private? Or it has nothing to do and I must do port forwarding or another settings? Please let me know if more information is needed. Thanks in advance!



  • If you have only a "private" RFC 1918 address, then you're out of luck. To set up a VPN, you need an address that you can reach from elsewhere. Those private address won't work for that.