Pls help me out with SSL VPN Remote Access through Carrier-grade NAT (CGNAT) !?

103.129.?.? is your current external IP at the dynamic WAN interface?

Do you have multiple WAN connected to the firewall or to the router before the firewall?

Do you use the FQND within your VPN-Configuration? (check ovpn-file) 

FreeDNS is responsible for the DNS-Settings of Domain chickenkiller.com?

Why are you asking me so many questions ? I’m stuck right here and have already been very confused.

I’m no CCNA/ CCIE technician, so if you can help me out with any advices, it will be highly appreciated.

Thanks in advance buddy. 

Regarding your questions:

1. 103.129 something. I don't know.
2. My Sophos XG is operating in mixed mode, both as a router and a gateway.
3. I don't have an FQND. My device's common name is its Sophos serial number.
4. Chickenkiller is one of the sub-domains listed on FreeDNS. I don't know who is in charge of whom.

The Sophos XG system, albeit a very functional and professional one, is very challenging for non-IT-technical people like me. It brings me down to a very steep learning curve. Every time I put up a question up here, I have already been bogged down and been doing my best to get up and working on it again. Please don't bombard me with too many questions like this.

I look forward to your advice on my situation. Thanks in advance.

sorry, i only try to understand your problem ...

seems 103.129.x.x is not your IP .... so your question may be "why my dyndns-name don't reflect my IP" ...

there must be an ISP Router  before your Firewall, because 192.168.5.193 is not a public internet-IP.

Possible the internet-side of this router has the 103.129.x.x address?

What do you see, if you disconnect the fixed-IP-connection and open wieistmeineip.de ?

Hello buddy, thanks for your reply.

I have checked on both the Sophos XG and the FreeDNS page and can confirm that the ddns WAN IP is the same. However:

dirkkotte said:

192.168.5.193 is not a public internet-IP.

This is the problem, my WAN #2 connects to a mobile SIM router, which is mostly certain to run through a Carrier-grade NAT (CGNAT), which makes VPN remote access all but impossible without configuration ( https://superuser.com/questions/1714495/unable-to-setup-port-forwarding-through-dynamic-dns-ddns ). I have managed to search through the Internet and come up with 2 possible solutions:

_Solution #1: https://www.purevpn.com/blog/cgnat-port-forwarding/ 
_Solution #2: https://community.ui.com/questions/Site-to-Site-VPN-with-one-side-behind-carrier-grade-NAT/8db4b74f-e92d-465a-b6a8-3c3b68dea737#answer/73473dce-ad7c-4a56-b450-49694db5da38 

Which one is more plausible and can be implemented on the Sophos XG system?

Thanks again buddy.