I currently use Pfsense as a firewall and as an OpenVPN server. Works great. I recently picked up a Unifi Express to learn how the Unifi firewalls work. The Unifi Express is setup behind the Pfsense firewall so it’s double natted. I have everything configured and working well but I wanted to try their OpenVPN server. It’s easy to setup and I made sure to choose a different port than the one on my Pfsense OpenVPN server. I did a port forward on Pfsense to the IP address of the Unifi Express using the new port. After exporting the Unifi Express client ovpn file, making sure to use the WAN IP address from Pfsense, my OpenVPN client does not connect but gives an auth failed message in the OpenVPN client.
Other than the port forward in Pfsense is there anything else I would have to set on Pfsense to allow for the OpenVPN to work on the double natted Unifi Express? This is just an educational exercise so I don’t intend to keep using the OpenVPN server in the Unifi Express.