pfSense and OpenVPN-in-the-Cloud, can this solve my 'double NAT'?

Hi there!

In this initial post I first want to take the opportunity to express my appreciation for the wealth of networking knowledge on the youtube channel! :+1: I have been able to solve some of my usecases with the help of these videos, thank you very much!!

Recently I switched ISP and only to find out that I’m now behind a Carrier Grade Network (Double NAT). :face_with_raised_eyebrow: I was hosting some private websites and also a Syncthing setup to backup some of my phone data which all stopped working.

To get around this, I rented a VPS in the cloud with a fixed IPv4 and set this up as an OpenVPN Access Server together with an NGINX reverse proxy. I also configured an OpenVPN client with the option to ‘Allow client to act as VPN gateway’. With this setup, I’m able to open a browser to my cloud-IP which directs me based on the rules of my NGINX reverse proxy to serve my website. So this option seems a viable proof-of-concept.

With this config in mind, I’m now searching how I could configure a setup which basically creates a whole home-network but instead of my current internet-router (let’s say distributing a network of, I would prefer to configure a dedicated router/firewall directly behind that which would provide a whole home-network with IP-range I have some questions but could not find the answer to those so far:

  1. Should I install pfSense on my cloud machine, next to the OpenVPN AS, with some sort of NAT rules to direct traffic to the OpenVPN client ‘on the inside’? Or,
  2. Should I install pfSense on a dedicated server at home, directly connected to my internet-router and from there have NAT rules to the OpenVPN client ‘on the inside’? Or,
  3. Or should I install pfSense on a dedicated server at home, TOGETHER with the OpenVPN client and have NAT rules for my home network?

I setup and manage servers quite ok to some degree, but managing networks is a whole different/difficult separate expertise, so I hope to find some help here? Maybe somebody knows a video on the youtube channel that I may have missed, or maybe some link to a document explaining how I best proceed?

Thanks, cheers, Igor

It is possible use your VPS server as your public IP and doing with a pfsense on both ends would probably be the easiest way to get it up and running.