double NAT (TAP) network visibility

[alamat7]

I am a newbie to this openvpn.
I have a home network (main router at 192.168.1.1, 2nd router at 192.168.1.67).
2nd router has its WAN port connected to the main router network, so it's a double NAT setup. It's also an ASUS router, and I am using its openvpn server, configured as TAP server. 2nd router network is 192.168.15.x. To make the 2nd router server accessible, I have enabled port forwarding in 1st router to 2nd router. (So all external clients connect to 1st router via an assigned port and gets forwarded to 2nd router).
Actually everything works as I wanted, except for one thing.
Why is it that devices in 2nd router network (192.168.15.x) can see devices in the 1st router network (192.168.1.x), but not vice versa? I would rather they not able to see 192.168.1.x as this is my home network, and 192.168.15.x is used for testing. Is it question of incorrect mask?

[TinCanTech]

Not that this has anything to do with openvpn but that is exactly what you get when you plug one NAT router WAN port into another NAT router LAN port.

[alamat7]

Yes you are right. It has nothing to do with openvpn, sorry I realized that some time after I posted. The 2nd router sees the LAN of the 1st router as part of the WAN, and unless you block off a range of IP addresses at the 2nd router, this will happen.

[TinCanTech]

You know what is ironic ?

There is nothing to stop your ISP routing RFC1918 where-ever they see fit