OpenVPN connected device to reach a server farm behind an ASA

  • Hello Everybody.

    The simplified network drawing represents a brief of my network. hopefully it is clear.

    I have been using pfsense for many years as an internet gateway so all the devices on the LAN ( have the pfsense machine ( as its default gateway.

    Now in order to access the server farm (, i add a static route to every device on the LAN that needs to reach the server farm as follows:

    route ADD MASK -p

    Where the is the ASA firewall with appropriate access lists that governs the traffic between WAN, LAN and DMZ.

    I have 2 scenarios/questions:

    1- Recently i followed a tutorial about OpenVPN setup. the tutorial was clear and straight forward. it worked great and now i can access the LAN from my laptop using a 3G/4G connection. as per the sketch, the OpenVPN server will have an IP of and my laptop will have as an IP once connected through OpenVPN.
    my question is, how can i reach the server farm? what routes/firwall rules should i add at the pfsense machine in order to let any OpenVPN connected device (,3,4 and so on) to reach one/all machines at the sever farm ( through the ASA firewall ( should i use the GW_DMZ gateway in the second attachment? (leading to question 2)

    2- Back to the LAN devices (not related to OpenVPN), in order to get rid of the static route that i have to add on each device, i added a gateway that points to the ASA firewall (attachement 2). Then i used this gateway in a static route (Attachment 3). the fact is that it is working and i can reach the server farm without a static route on the device that i am using, but i noticed that the system is very sluggish with lots of freezing. also if i am using a remote desktop session to a machine at the DMZ, the remote desktop keeps on disconnecting, even for less than a minute of connection, sometimes the remote desktop session freezes then later on resume, sometimes it disconnects then automatically reconnects.

    i hope that i well explained the situation and i hope to hear from you guys.

    Thank you

    ![pfsense network brief.png](/public/imported_attachments/1/pfsense network brief.png)
    ![pfsense network brief.png_thumb](/public/imported_attachments/1/pfsense network brief.png_thumb)
    ![Routing_ Gateways.png](/public/imported_attachments/1/Routing_ Gateways.png)
    ![Routing_ Gateways.png_thumb](/public/imported_attachments/1/Routing_ Gateways.png_thumb)
    ![Routing_ Static Routes.png](/public/imported_attachments/1/Routing_ Static Routes.png)
    ![Routing_ Static Routes.png_thumb](/public/imported_attachments/1/Routing_ Static Routes.png_thumb)

  • regarding point 2, i found the solution in one of the blogs. the following option needs to be selected (Checked)

    System -> Advanced -> Firewall and NAT -> Bypass firewall rules for traffic on the same interface.

    any hints for point 1?

    thank you

Log in to reply