Cannot Connect to PFSense OpenVPN Server from within first NAT

I currently have double NAT setup on my home network. I have a DDWRT router connected to the ISP’s modem and a PFSense router connected to that. The PFSense router has an openVPN server running on it but I am unable to connect to it from within the DDWRT network.

The double NAT, although not optimal, is necessary.

I can access the server, and it works correctly, through the public IP from another network (port forwarded in the DDWRT router). However, I cannot connect from within the DDWRT network.

Other resources online state that it is an issue with DNS resolution or “hairpin networking”. However, I don’t think this is the case since I cannot connect by public IP or the private IP of the PFSense router.

I’m not sure if this is a configuration issue with PFSense or DDWRT but any help would be appreciated!

By default pfSense blocks bogons on the WAN port. I believe it’s a check box you can untick in the WAN interface configuration page, towards the bottom.

That does seem to have fixed it; thank you Levitance!

However, I’m curious if this poses any security threat. Would it be possible to specify only specific IP addresses or subsets not to block? I suppose it might not be an issue since PFSense is the second NAT.

You could setup firewall rules on the “WAN” side of pfSense to block all private networks except the one you’re actually using. I was trying to think of some interesting way where someone might be able to gain access to that middle-man network between your router and pfSense, but nothing solid is coming to me.