OpenVPN connected device to reach a server farm behind an ASA

camilnajm

Hello Everybody.

The simplified network drawing represents a brief of my network. hopefully it is clear.

I have been using pfsense for many years as an internet gateway so all the devices on the LAN (172.17.0.0/16) have the pfsense machine (172.17.11.254/16) as its default gateway.

Now in order to access the server farm (172.16.0.0/16), i add a static route to every device on the LAN that needs to reach the server farm as follows:

route ADD 172.16.0.0 MASK 255.255.0.0 172.17.1.253 -p

Where the 172.17.1.253/16 is the ASA firewall with appropriate access lists that governs the traffic between WAN, LAN and DMZ.

I have 2 scenarios/questions:

1- Recently i followed a tutorial about OpenVPN setup. the tutorial was clear and straight forward. it worked great and now i can access the LAN from my laptop using a 3G/4G connection. as per the sketch, the OpenVPN server will have an IP of 10.8.0.1/24 and my laptop will have 10.8.0.2/24 as an IP once connected through OpenVPN.
my question is, how can i reach the server farm? what routes/firwall rules should i add at the pfsense machine in order to let any OpenVPN connected device (10.8.0.2,3,4 and so on) to reach one/all machines at the sever farm (172.16.0.0/16) through the ASA firewall (172.17.1.253/16)? should i use the GW_DMZ gateway in the second attachment? (leading to question 2)

2- Back to the LAN devices (not related to OpenVPN), in order to get rid of the static route that i have to add on each device, i added a gateway that points to the ASA firewall (attachement 2). Then i used this gateway in a static route (Attachment 3). the fact is that it is working and i can reach the server farm without a static route on the device that i am using, but i noticed that the system is very sluggish with lots of freezing. also if i am using a remote desktop session to a machine at the DMZ, the remote desktop keeps on disconnecting, even for less than a minute of connection, sometimes the remote desktop session freezes then later on resume, sometimes it disconnects then automatically reconnects.

i hope that i well explained the situation and i hope to hear from you guys.

Thank you

Camil
![pfsense network brief.png](/public/imported_attachments/1/pfsense network brief.png)
![pfsense network brief.png_thumb](/public/imported_attachments/1/pfsense network brief.png_thumb)
![Routing_ Gateways.png](/public/imported_attachments/1/Routing_ Gateways.png)
![Routing_ Gateways.png_thumb](/public/imported_attachments/1/Routing_ Gateways.png_thumb)
![Routing_ Static Routes.png](/public/imported_attachments/1/Routing_ Static Routes.png)
![Routing_ Static Routes.png_thumb](/public/imported_attachments/1/Routing_ Static Routes.png_thumb)

camilnajm

regarding point 2, i found the solution in one of the blogs. the following option needs to be selected (Checked)

System -> Advanced -> Firewall and NAT -> Bypass firewall rules for traffic on the same interface.

any hints for point 1?

thank you

OpenVPN connected device to reach a server farm behind an ASA

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter