You are on page 1of 17

Zentyal

Zentyal for Network
Administrators
for Network Administrators
VERSION 3.2 SP2
VERSION 3.2 SP1

Preparation for the certification exam
Zentyal Certified Associate (ZeCA)
Zentyal Certified Associate (ZeCA)

o ok
b t
h is por
o f t sup ct
fi ts to roje
d
e ne use ge P
l b e an
Al ill b ch
w pen
O

Zentyal for Network Administrators VERSION 3.2 SP2 .

The copyright of this manual is owned by Zentyal S. electronic. or translated to any language without the written permission of Zentyal S. Other trademarks and registered trademarks referred to in this manual are the property of their respective owners. Although every precaution has been taken in the preparation of this training guide. Zentyal S.L.. assumes no responsability for errors or omissions. All rights reserved. The information provided is on an "as is" basis and no warranty or fitness is implied. BSSC Building C/ Eduardo Ibarra Nº 6 50009 Zaragoza.PRODUCED BY Zentyal S.zentyal. recording or otherwise.L. . No patent liability es assumed with respect to the use of the informtion contained herein. No part of this manual shall be reproduced.com COPYRIGHT NOTICE Copyright © 2014 Zentyal S.L. mechanical.L. stored in a retrieval system. Spain www. Zentyal ® and the Zentyal logo are registered trademarks of Zetyal S. photocopy.L. transmitted by any means.L. and are used for identification purposes only. Nor is any liability assumed for damages resulting from the use of the information contained herein.

. . .3.2. . . D N S DNS . 41 1. . . . . . 66 . . . . . . . . . . . . .2. . . . . . . . Zentyal installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration of an authoritative DNS server with Zentyal. . . . . . . . . .4. . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . 64 2. . . . . . . . . . . . .6. . . . . . . . . . . . . .1. . . . . . . . . . .3. . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . .4. . . . . . 12 . . . . . . . . . . . . . . . . . . . . . . System Updates . . . 59 2. . . . . . .3. . . . . . 9 1. . . .. . . . . . . . .1. . . . 40 1. . . . . . . . . 42 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 1. . . . . . . . . . . . . . . . . . . . SMBs and ITC . . . . . . . . . . . . DHCP server configuration with Zentyal. . . . . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . 67 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . 45 . . . . . . . . . 53 . 53 2. .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 48 2. . . . . . . . . . . . .1. . . . . . . . Hardware requirements . Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . N   DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network services . . . . . . . . About this manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . .3. . 70 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . .. . . . . . . . . . .. . . . . . . . 35 1. . . . . . . . . . . . . . .3. . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS cache server configuration with Zentyal . . . . Practical examples . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . 43 1. . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . Introduction to DNS. . . . . 50 2. . . . . . . . . . . . .2. . . .. . . .7. . . . . . . . . . . . . . . . . 13 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . Introduction to DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . Network configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . . . . F   Z . . . . . . . . . . . . . . . . . .. . . . .1. . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . 48 2. . . . . . . . . . . . . . . . 67 2. . . .5. . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . Zentyal webadmin interface . . . . . . . . . . . . . . . . Initial configuration . . . . . . .1. . . . H- Z  . . . Network objects . . . . . . 40 . . . . . . . . . . . . . . . . . . . . . . . . . . . I  Z . . . .2. .1. . . . .5. . . . . . . . . . . . . . . . . .3. .2. . . . Automatic updates . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S  . . . . . . . . . . . . . . .4. . . . . T   NTP . . . . . . . . . . . 69 2. . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . S-  . . . . . . . . . . . . . . . . . . . . . . . . Introduction to NTP . . . . . . . . . . . 9 1. . . . . . . . Z I .2. . . . 69 2. . . . . . . . . . . . . . . . .4. . . . . . . . 9 1. . . . . . . 28 1. . . . . . . . . . . . . .4.1. . . . . . . . Transparent DNS Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Management of Zentyal components . . . . Zentyal: Linux server for SMBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . Practical examples . . . . .1. . . . . . . . . . . Z I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1. . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . 67 2. . . . . . . . . 58 2. . . . . . . . . . . . . . . . . . . . . 47 . . . . . . .2. . . . .4. . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . I . . 60 2. . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . DNS Forwarders . . . . . . . . Proposed exercises . . . . . . . . . . 53 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 . . . . . . . . . . . . . . 27 . . . . . . . . . . . . . .2. . . . . . . . . . . . 52 2. . .. . . . . . . . Configuring an NTP server with Zentyal . . . . . . . . . Proposed exercises . 60 2. . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . .1. . . . . . . . . . . . . P . . . . . . . . . . . . .

. . . . . . . . . . . . 74 2. . . . . . . .5. .101 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 2. . . . . .3. . . . . . . . . . . . . . . . . . . . . . . .135 3. . . . . . . . . Introduction to the virtual private networks (VPN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2. . Introduction to Quality of Service . . . . . . . . . . . . . . . . . . Q  S QS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 3. . . . . . . . . . . . . . . . . . . . . . .4. . .2. . . . .6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136 3. . . . . . . . . . . . Z G . . . . . . . . . . . . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . .2. . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . Introduction to IPsec and L2TP . . . . . . . . . . . . . . . . . . . .101 . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . .117 . . .3.2. . . . . . . . 77 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . Configuration of an OpenVPN client . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . .109 3.6. . . . . . . . Introduction to the Firewall System . . . . . . VPN S  IP  LTPIPSEC . . . . . . . . . .5. . . Source rewriting rules (SNAT) with Zentyal . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . .3. .. . . . . . . . . .139 3. . . . . . . .3. . .126 3. . . . . Introduction to HTTP Proxy Service. . . . . . . . . . . . .5. . . . .4. . . . . . . . .4.4. . . . . . . . . . . . . Configuring an access point with RADIUS . . . . . . . . . . .109 . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . Configuring the web browser to use the HTTP Proxy . . . . . . . . . . . . . . .8. . . . . . . . . . . . . . . . . . .. . . . . . . .7. . . . . . . . . . . . .5.. . . . . . . . . . . . . . . . . . . Firewall configuration with Zentyal . .8. . . . . . . . . . . . V   VPN   OVPN . . . . . . . . . . . Configuration of the RADIUS client . . . . . . . . . . . . . HTTP P S . 75 2.. . . . . . . . . . . . . . . . . . . .2. . . . .114 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . .127 3. . . Configuring an IPsec tunnel in Zentyal . Configuring wan-failover in Zentyal . . . . . . . .106 . . . . . . . . . . . . . . . . . . F . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . .8. . . . . . . . . . .4. . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . 98 2. . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . . 90 2. . . . . . . . . . . . . . . . . . . . . S-  . . . . . . . . . . . . . . .103 . . . . . . .123 3. . . . . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . .7.3. . . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . .. . . . Certification Authority configuration with Zentyal . . . . . . . . . .2. . 89 .4. . . . . . . . . . . . . . .135 . . . 74 . . . . . . . . . . . . . . . . .6. . .132 3. . . . . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 2. . . . . . . . . . . . . . . . . .129 3. . . . . . . . . . . Proposed Exercises . . . . . . . .4. . . . .4. . .5. . . . . . . . . . . . . . . . . . . .3.101 . . . . . . . . . . Importing certificates in clients . . . . . . . . . . . . . . . . . .3. . . . . . . . .140 4 . . . . .2. . 92 2. . . . . .3. . . . . .126 . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . . . . . . . 3. . . . . .6. . . . . . . . . . . . . . .3. .6. . . . . . . .4. . . . . Practical examples . . . . . . . . . . . Practical examples . . . . . Z G . . . . .5. . . . . . .1. . .. . Quality of service configuration in Zentyal . .. . . . . . . . . . . . . . . . . . . . . . . .130 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 . . . .6. . . . . . . . . Configuring routing with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. Proposed exercises . . . . . . . . . . . .114 3. . . . . . . . . Port forwarding with Zentyal . . .115 3. . . . . .1. . . . . . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . C  CA . . . . .6. .2. . . . . 3. Practical examples . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 3. . . . . . . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . Introduction to network routing. . . . . . . . . . . . . . . . . . . . . . . . . Configuring a RADIUS server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 3. . . . . . . N   RADIUS . . . .3. . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . .1.7. . . . . . . . . . . . 97 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Rules . . . . . . . Public Key Infrastructure (PKI) . . . . . . . . . . . 89 2. . . . . . . . . . . . . . . Configuration of a OpenVPN server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . . . .2.4. . . . .. . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . .3. . . 3. .126 . . . . . . . . . . . . Configuration of a VPN server for interconnecting networks . . . Configuring an L2TP/IPsec tunnel in Zentyal . . . . . . . . . . . . . . . .130 3. . . . . . . . . . . .130 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . Configuring traffic balancing with Zentyal . . . . . . . . . . . . . . . . . . . .134 3. . . . . . .1. . .2. . . . . . . . . . . . . . . . . . . . . 85 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 . . . . . . . . . . .6. . . . . . . . . . . . . . . . . .2. . . . . .2. . . . . . . .4. . . . . . . . . . . . . . . .121 3. Introduction to RADIUS . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 3. . . . . . . . . . . . . . . . . . . . . . . . . .129 .2. . . . . 2. . . . . . . . Practical examples . . Proposed exercises . . . . . . . . . . . . . HTTP Proxy configuration in Zentyal . . . . .2. . . . . . Practical examples . . . . . . . . . . . . .

. . . . .3. Configuring a file server with Zentyal . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . . . . . .2. . . . . . .175 4. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . Practical examples . . . .. . . . . . . . . . . . C P . . . . . . . . . . . .155 . . . . .2. . . . . . . .6.6. . . . . . . . . . . . . . Proposed exercises . . . . . . .7. . . .2. .. . . . .168 4. . . . . . . . . . . . . . .148 . . . . . . Exceptions . . . FTP server configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 3. . . . Practical examples . . .6. . . . . . . .4. . . . . . . . . . . . . . . . . .183 4. . . . . . . . . . . . . . . . . . . . . . . . .8. . . . . . . . . . . . . . . . . . . .155 4. . . . . . . . . . . . . . .1. . . . . . . . . . . . . U  C . . . . . . .4. . . . . . . Practical examples . . . . . . . . .2. . . . . . . .3. . . . . . . . . . . .. . . . . . . . .2. . . . . . .2. .7. . Practical examples . . . . . . F   D S . . . . . . . . . . . . . . . . . . . . . . . . . Introduction to Intrusion Detection/Prevention System . .7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . .155 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . .2. . . . . . . Using the captive portal . . . . . . . . . . . . . . . . .167 4. . . . . . . . . . . . . . . . . . . . .192 . .170 4. . . . . . . . .3. . . . . . . . . . . . . . . . . . .2. . .3. . . . . . .11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . .146 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filter profiles . . . . . . . . . Bandwidth Throttling . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7. . . . . .1.3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Know Limitations .3. . . . . . . . . . .7. . . . . . . . . . . . . . . . . . .. . . . . . . . . Introduction to Directory Services . . . . . . . . .8. . . . . .149 3. 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F T P FTP . . . . Configuring external Microsoft Active Directory. . . . . . . . . . . . . . .4. . . . . . . . . . .189 . . 4. . . . . . . . . . .149 . . . . . . . . .8. Group Policy Objects . . . . . . . . . .3. . . . . . . .182 . . . . . . . . . . . . . . . . .163 4. . . . . . . . . . . . . . . . . . . . . . . 4. . . W   HTTP . . . .3. . . . . . . . . . Kerberos Authentication System . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . .7. . . HTTP server configuration with Zentyal . . . Joining Zentyal server to an existing domain . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . .155 . . . . .3. . . . . . . . . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . .173 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. IDS/IPS Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring an IDS/IPS with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . .Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deploying master/slave Zentyal configurations . . . . . . . . . . . . . . . . . . . . . . . .147 3. .177 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . .6. . . . . . . . . .192 4. .. . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . .3. . .151 3. . . . . . . . . .3. . User’s corner . . . . . . . . . . .179 4. . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167 . . . . . . . . . . . . . .9. . . . . . . . . . . . . . .156 4. . Z O . . . . . . . . . . . .8. . . . . . . . .4. . . .190 4. . . . . . . . . . . . . . . . . . . . . .10. . . . . . . . . . . . . . . . . . . . . . Configuring Zentyal as a Standalone Domain server. . .2.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 . . . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . .148 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . . . .183 . . . . . . . . . . . .7. . . . . . . . . .188 .3. . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . P   . . . . . . . . . . . .8. . . . .189 4.184 4. . . .5. . . .6. . . . . . . Introduction . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 . S-  . . . . . Introduction to HTTP. . .8. . Introduction to FTP. . . . . . .2. .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145 3. . . . . . . . . . . . . Practical examples . . . . . List of Users . . . . .182 4. . . . . . . . . . . . . . . . . . . .162 4. .3. . . . . . . . . . . . Introduction to file sharing and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 3. . . . . . . . . . . . . . . . . . . . . 4. . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration of an OpenLDAP server with Zentyal . . . . . . . . . . . . . . .166 . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . .146 3. . . . . . . . .142 3. . . . . . . . . . . . . . . . . . . .6. . . . . . . . .5. . 3. . . . . . . .154 . . . . . . . . . . . . .4. . . . . . . . .5. . . . . . . .8. . . . . . . .181 4. . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Joining a Windows client to the domain. . . . . . 3. .. . . . . . Configuring a captive portal with Zentyal . . . . . . . . . . . . . . . . .. .144 3. . . .3. . . . . . . . . . . . . . . .187 4. . . . . . . . . . . . . . . . . . . . . . . . .166 4.165 4. . . Samba 4: the implementation of Active Directory and SMB/CIFS in Linux . . . . . . . . . . . . . . . . . . . . . . Total Migration . . . .4. . . . . . . . . . . . .1. . . . Configuration of a FTP client . . . . . . . . . . . . . . . . . . . . . . . . I P S IDSIPS . . . . . .4. . . . . . . . . . . . . . . . .167 4. . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .

. . . . . . . . . . . . . . . . . . . . . . S-  . . . 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Printer server configuration with Zentyal . . . . . . . . .263 . . . . . . . . . . . . . . . . . . .228 5. . . . . . . . . . . Proposed exercises .196 4. . . . . .8. . . . . . . . . . . . . . . .229 . . . . . . . . . . . . . . . . . Configuring a webmail in Zentyal . . . . . . . . . . . .240 . . . Z U C . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. .203 . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .1. . . . . . . . . . . . . . . . . .1. . . . .7. . . . . .228 5. . . . . . . .220 . . . . .3. . . . . . .. . . . . . . . . . . . . . . . . . . . . . M  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-mail client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zentyal log queries . . . . . . . . . . . . . . . 5. . . . . . . . . . .2. . .1. . . . . . . . . . .242 5. . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . L . . . . . . . . . . . . . . . . . G  . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 . . .4. . . . . . . . . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction to OpenChange Technology . . . .2. . . . .235 5. . . . . . . . . . . . . . . . . . . . . . . . .2. . .3. . . . . . . . . . . .. . . . . . Known Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . .6. Configuring the OpenChange Server as an additional exchange server231 5. . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . Z U C . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. .2. . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . Configuring the Microsoft® Outlook Client. . . . . . . . . . . . . .219 5. . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenChange Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242 . . . . . . . . . . . . . . . . . . . .7. . . . . Configuration of a groupware server (Zarafa) with Zentyal . . . . . . . . . . . . . . . . . . . . . . . .221 5. . . . . . . . . . .1. Introduction to the e-mail service . . . . . . . . . . . .7. . . . . . . . 6. . . 5. . . . . . . . . . Z M . . . . . . . 5. . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . Introduction to Webmail service . . . . . . .205 . . . .6.248 5. . . . . . . . . .6. . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. . . . . . . . .230 5. . . .3. . . . . . . . . . . . . . . .4. . . . . . .237 5. . . . . . . . . . .. . . . . .256 5. .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . .7.. . . . . . . . . . . . . . . . . Zentyal configuration Backup . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .260 5. . . . . . . . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . .3. .239 . . . . . . . . . . . . . . . . .6. . . . . . . . . . . External connection control lists . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . .5. . . . . . . . . Setting up a Jabber client . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 . . . . . . .193 4. . . . . . . . . . .263 . . . . . . . . . . . . . . . . . . . . . Configuring a Jabber/XMPP server with Zentyal . . . . . . . . . . . . .. . . . OC M® E   . . . . . . . . . .205 . . . . . . . . . . . . .229 . . . . . . . . . . . . . . .2. . . . . . . . . . .6. . . . . .3. . . . . . . . . . . . . . . . . . . .248 . . . . . .1. . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .251 5. . . . . . . . . . . . . . . . . . . . Design of a backup system . . .240 5. . . . . . .2. . . . . . . . . . . . 4. . . . . . . . . . . . . Setting up Jabber MUC (Multi User Chat) rooms .232 5. . . . . . . . . . . . . . . . . . . . .205 . . . . .7. . . . . . . SMTP/POP3-IMAP4 server configuration with Zentyal . . . . . . . . . .7. . . . . . . . . . . .2. . . . . . . . . . . I M S JXMPP . . . . . . . . . . . . . . . . . . . ActiveSync® support . .263 . . . . . . . . . . . . . . . .. . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . .242 5. . . . S-  .5. . . . . Introduction to the groupware service. . . . . Mail filter schema in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221 . .4. Practical examples . . . . . . . 5. . . . . . . . . . . . . . . . . . . . . Z M . . . . Introduction to the mail filter . . . . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . B . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . .249 5. . . . . . . . . . . . . . . . . . . . About the printers sharing service.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction to instant messaging service . . . . . . . . . . . . .196 . .229 5. . . . . . . . . . . .262 . . . . . . . .6. . . . . . . . . . . . . . . . . . . . .214 5. . . . . . .240 . . . . . . 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205 5.3.5. Configuring a stand-alone OpenChange server . . . . . . .4.5. . . . . . . . . .7. . . . .2. E M S SMTPPOP-IMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zarafa basic use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . .236 5. . . .1.7. . . . . . . .263 6 . Configuring ‘Out Of Office’ notifications from the Microsoft Out- look® client . . . . . . . . . . . . . . . . .1. . . . . . .208 5. . . . . W  .197 . . . . . . . . . . .3. . . . . . . . . . . . . . . . . . . . . . . . .221 5. . . . .261 . . . . . . . . . . Practical examples . . .

. . . . . . . . .4. . . . . . . . .3. . . . . .5. . . . . . . . . . . . . . Community Edition Release Cycle . . . . . .278 . . 7. . . Temperature . . . . . . . . . . . . . . . . . . . ..3. . . . . . . . .271 . . . . . . . . . . . . . 6. . . . . . . . . . . . . . . . . . Monitoring in Zentyal . . . . . . . . . . . . A B: A   . . . . . . 7. . . . . . . . . .5. . . . .270 6. . . .6. . . . . . . . . . . . . . . . . . . .302 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E   .6. . . . . . . . . . . . . . . . . .6. . . . . . . . . . Development environment of new modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A D: A  -  . . . . . . . . . .276 6. . internal networks and host network . . . .6. . . . . . . . . .1. . . . . . . . . . . . . .4. . . . . . . . .266 6. . . . . . . . . . . Internet access. File system usage . . .2. . . . . . . . . . . . . . . . . . . . . .303 7. . . . . . . . . . . . . . . . . . . . . . . . . . . .306 7. . . . .271 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . .267 6. . . . . . . . . . . . .5. . .3. Alerts . . . . . . . . . VirtualBox. . . . . . . A A: T   VB . . . . . . . . . . . . . . . . . . . . . . . . . . . .7.268 6. . . . . . . . . .1. . . . . . . . . . . . . .3. . . . . . Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . 6. . . . . . . . . . . A C: D    . . . . . . . . . . . . . . .284 6. . . . . M . . . . .296 7. . . . . . . . . . . .6. . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . UPS Configuration with Zentyal . . . . . . . .5. . . . . . . . . . . . . . . . . . . . . . . . . . .5. .283 6. . . .3. . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302 . . . . . . . . . . . .3. . . . . . . 7. . . . . . . . . . . . . . . Events and alerts configuration in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summarized reports and group task management . . . . . . . . .299 7. . . . . . . . . . Commercial Editions Release Policy. . . . .280 6. . . . . . . .3. . . . . . Registering your Zentyal Server to Zentyal Remote. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .270 . . . . . . . . . . . . . . . . . . . . . . . .. . . .275 6. . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . .302 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . .1. . . . . . .2. . . . . . . . . . . . . . A . . . . . . . . . . . . . . . .1. . . . . . . .268 . . . . . . . . . . U   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . . . . .2. . . . . . . .3. . . . . Scenario 1: Base scenario. . . . . . . . . Remote management and inventory . .2. . .7. . . . . . . . . . . . . . . Scenario 5: Multi tenancy . . . . . . . . . . . . . . . . . . . . . . . . . . .306 7. . . . . Advanced Service Customization . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.308 . .4. . . . . . . . . . . Community support . . . . . . . . . . . . . .1. . .279 . . . . . . . . . . . . . . . . .280 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285 . . . . . . . .276 6. . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . . . . . . . .274 . .281 6. . . . . . . . . . . . . . . . . . . .284 . .306 7. . . . . . . . . . . . . . . . . . .307 . . . . . . . . . . . . . . . . . .3. . . . . . .1. . . . . . . . . . . . .3. . . . . . . . . . Importing configuration data . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . Practical examples . . . . . . . .6. . . . . . . .2. . . . . .3. . . . . . . Bandwidth Monitoring . .277 6. . . . . . . . . . . . . . . . . . . . . . . .285 7.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . Introduction to Uninterruptible power supply systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.2. . . . . . .282 6. . . . . . . . .3.274 6. . . . . . . . . . . . . . . . . . Log Audit for Zentyal administrators . . Scenario 3: Multiple gateways . . . . .3. . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . Memory usage . . . . . . . . . . . .6. . . . . . . . . . . .5. . . . .5. . . . .266 6. . .4. 6. . . . Answer to self-assessment questions .5. . . . . . . . . . . . . . . . . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .5. . . . . . . .3. . . . . . . . . . . . . . . . . . . . . .285 . . .1. . . . . . . . . . . . . . . . . . . . . . . . .286 . . Bug management policy . . . . . . . . . . . . . . . . . . . . . . . . A M  Z R . . . . . . . . . . . . . . . .5. . . . . . . . . . . . . . . Proposed exercises . . . . . . . . . . . . . . . .1. . . . . . .299 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . Configuration of Zentyal logs . . . . . . . . . . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. . . .268 . . . . . . . . . . . . . . .4. . . Alerts . .2. . . . . . . Free trials . . . . . . . . . . . . . . . 6. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7. . . . . . . . . . . . . . . . . . . . .308 7 . . . . . . . . . . . . . . . .277 6. . . . . . . . . . .1. . . . . . . . . . . . . . . . . .5. . . . . . . . . . . . .271 . . . .5. . .2. . . . . . . . . . . . . . . . . . . . Practical examples . . . . . . . . . . . . . . .301 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6. . . . . . . . . . . . . . . . .306 7. . . . . . . . . . . Zentyal Remote . .296 . . . . . . . . . Scenario 4: Base scenario + external client . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . Metrics. . . . . . . 6. . . . . . . . . . . . . . . 7. . . . . . . . . . . . . Scenario 2: Multiple internal networks . . . . . . . . . . . . . . . . . . .6. . . . . . . . .

you can create a secure communications tunnel over the Internet that will only accept connections from authorized users. although this might mean risking the confidentiality. availability and integrity of the communication.. Clients available for Windows. Apart from the security advantages. the default VPN protocol in Zentyal. In the following section you will find out how to configure IPsec/L2TP. such as offices in dif- ferent cities.net/ 90 . C   OVPN  In order to configure a VPN client on Windows.57: The system administrator gives you the bundle for your client  http://en. Allows to use network applications transparently. Mac OS and Linux.org/wiki/Virtual_private_network  http://openvpn. The solution is to al- low these users to connect to your system via the Internet. but through virtual private net- works. as a server for remote users and also as a VPN Client of a VPN hub server.CHAPTER 2 ZENTYAL INFRASTRUCTURE .as well as securely connect different subnets via the Internet. Using VPN. To avoid these problems. first your system administrator must give you the bundle for your client. an organization may wish to interconnect networks located in different places. Similarly. In this section you will see how to configure OpenVPN. the connection is not made directly. . The usefulness of the VPN is not limited to remote access by users. VPN connections are seen like another local network connection by the Firewall. thus having access to local resources and simplifying the infrastructure needed to offer remote services.. Zentyal integrates OpenVPN  and IPsec/L2TP to configure and manage virtual pri- vate networks. I      VPN The virtual private networks  were designed to allow secure access for remote users connected via the Internet to the corporate network . SSL-based encryption technology.wikipedia. for example sales people or teleworkers. another open source VPN alter- native. OpenVPN has the following advantages: Authentication using public key infrastructure. configure and maintain than IPSec. Easier to install. Figure 2. Your users might need to access to the network resources when they are outside the company premises. Traffic is encapsulated and can only be read at the other end. Zentyal can operate in two modes.

59: Accept the OpenVPN license It is recommended you install all the modules. You will find all the VPN installation files and related certificates.You must unzip it (click on the file with right button and select Extract all). Figure 2. Figure 2. Figure 2.60: List of modules that will be installed 91 .58: Extracted bundle files Right click on the installer and click on Run as administrator. OpenVPN needs to create the virtual network interface and install the drivers.

a double click on the shortcut that has appeared in your desktop al- lows you to connect to the VPN.CHAPTER 2 ZENTYAL INFRASTRUCTURE The network Adapter software is not certified for Windows. Figure 2. This means a Zentyal server acting as a gateway and VPN server. Once installed. with multiple local area networks (LAN) behind it.63: Zentyal and remote VPN clients The goal is to connect the data server with other 2 remote clients (sales person and CEO) and also the remote clients to each other.. to the folder C:\Program Files (x86)\OpenVPN\config to guarantee the daemon will automatically find them. Figure 2. allows external clients (the road warriors) to con- nect to the local network via the VPN service.61: Despite the warning you can install the driver TIP: You must copy all the files included in the bundle.62: Shortcut to connect to the VPN . but it is totally safe to install. 92 . Figure 2. C   OVPN   Z Zentyal can be configured to support remote clients (sometimes known as road war- riors). expect for the OpenVpn installer.

the VPN server will be listening on all external interfaces. 93 . Zentyal acts as a Certification Authority. UDP is faster and more efficient. you will au- tomatically be notified of local network detail. However. Figure 2. then configure the Zentyal VPN server by selecting Create a new server. The only value you need to enter to create a new server is the name. therefore there is more room for data. Note that you also need a certificate for the VPN server. In this scenario.65: New VPN server created The following configuration parameters are added automatically and can be changed if necessary: port/protocol. As you can see. the networks connected directly to the network interfaces of the host. you need to create a Certification Authority and individual certificates for the two remote clients. as less control information is transmitted. Therefore. through the private network.e. In addition. Figure 2. Zentyal ensures the task of creating a VPN server is easy and it sets the con- figuration values automatically. TIP: Zentyal allows the configuration of VPN with UPD or TCP protocols. If you need to change the network address you must make sure that there is no conflict with a local network. Zentyal will create this certificate automatically. The VPN network addresses are assigned both to the server and the clients. TCP.64: Server certificate (blue underline) and client certificate (black underline) Once you have the certificates. on the other hand. certificate (Zentyal will create one automatically using the VPN server name) and network address.First. i. is more reliable and can cope better with unstable connections and Internet providers that kill long last- ing connections. You need to explicitly create an unique certificate for each user that will connect to the VPN through Certification Authority → General.

SERVER CERTIFICATE: Certificate that will show the server to its clients. NETWORK ADDRESS TRANSLATION (NAT): It is recommended to enable this transla- tion if the Zentyal server that accepts the VPN connections is not a default gateway of the internal networks to which you can access from the VPN. with the name vpn- <yourvpnname>. You can also use a TUN type interface more similar to a IP node of Layer 3. The Zentyal CA issues by default a certificate for the server. Unless you want to import an external certificate. AUTHORIZE THE CLIENT BY THE COMMON NAME: Requires that the common name of the client certificate will start with the selected string of characters to authorize the connection. In most of the cases you can leave the rest of the configuration options with their default values. this option is indifferent.2.CHAPTER 2 ZENTYAL INFRASTRUCTURE you must set at least one of your interfaces as external at Network → Interfaces.160. You must take care that this network does not overlap with any other and for the purposes of firewall. 94 . the clients will get addresses . it is an internal network. If you want the VPN clients to connect between themselves by using their VPN ad- dresses. In this scenario only two interfaces are required. etc. more similar to a bridge of Layer 2.168.3*.66: VPN server configuration In case more advanced configuration is necessary: VPN ADDRESS: Indicates the virtual subnet where the VPN server will be located and the clients it has. By default 192. you must enable the option Allow connections among clients. If Zentyal server is both the VPN server and the gateway (most common case).1/24. one internal for LAN and one external for Internet. Figure 2. TUN INTERFACE: By default a TAP type interface is used. Like this the clients of these internal networks respond to Zentyal’s VPN instead of the gateway. usually you maintain this configuration.*.

Figure 2. you must enable the service and save the changes.e. the external client will access through the VPN to the established networks. These networks will be accessible by authorised VPN clients.68: Widget of the VPN server After this. in the most common case. all internal networks. Later you must check in Dashboard that the VPN server is running. The VPN can also indicate name servers. you have to enable the objects you have defined. This is specially useful in the case you have redirected the gateway.67: VPN server using NAT to become the gateway for the VPN connection REDIRECT GATEWAY : If this option is not checked. After having created the VPN server. i. see High-level Zentyal abstractions. 95 . To do this. Figure 2. By checking this option you can achieve that all the traffic of the client will go through the VPN. search domain and WINS servers to over- write those of the client. routes between the VPN networks and between other networks known by your server. you must advertise networks. but will use his/her local connection to access to Internet and/or rest of the reachable networks.

depending on the Connection strategy you will try establishing con- nection in order or trying a random one. When you create a bundle.CHAPTER 2 ZENTYAL INFRASTRUCTURE You can configure the advertised networks for this VPN server through the interface of Advertised networks. to browse shared files from the VPN  you must explicitly allow the broadcast of traffic from the Samba server. These are available in the table at VPN → Servers. select those certificates that will be used by the clients and set the external IP addresses to which the VPN clients must connect. As you can see the image below. Moreover. Otherwise. you can also add an OpenVPN installer.installation packages that include the VPN configuration file specific to each user and optionally. you have one main VPN server and up to two sec- ondary servers.69: Advertised networks of your VPN server Once you have done this.70: Download client bundle A bundle includes the configuration file and the necessary files to start a VPN connec- tion. Mac OS and Linux clients. you need to configure these clients to use Zentyal as name server. it will not be possible to ac- cess services by the hosts in the LAN by name. it is time to configure the clients. by clicking the icon in the column Download client bundle. The easiest way to config- ure a VPN client is by using the Zentyal bundles . Figure 2. The Zentyal administrator will download the configuration bundles to the clients us- ing the most appropriate method. Also. Figure 2. If you want to use the local Zentyal DNS service through the private network.  For additional information about file sharing go to section File sharing and Domain Services 96 . an installation pro- gram. but only by IP address. You can create bundles for Windows. if the selected system is Windows. You now have access to the data server from both remote clients.

Another important difference is the routing information exchange. routes are exchanged in both directions. First. introduce a Password for Zentyal-to Zentyal tunnels to establish the connection between the two offices in a safer environment.  http://www. their Zentyal servers and their internal net- works so that one. You need to add this widget from Configure widgets. single network infrastructure can be created in a secure way and through Internet. C   VPN     In this scenario two offices in different networks need to be connected via private network. The following image clarifies the scenario: Figure 2. enable the Allow Zentyal-to- Zentyal tunnels to exchange routes between Zentyal servers. You can see the users currently connected to the VPN service in the Zentyal Dash- board.org/rfc/rfc1058 97 . To do this you need to configure a VPN server similarly as explained previously. as a client. located in the upper part of the Dashboard. Figure 2. configure the Advertised Networks that will be propagated to the other nodes..72: Office interconnection with Zentyal through VPN tunnel The goal is to connect multiple offices. and propagated to other clients using the RIP  protocol. And then. the server pushes network routes to the client. One will act as a VPN client and the other as a server.ietf. However. you will use Zentyal as a gateway in both networks. Therefore.71: Widget with connected clients . in the roadwarrior to server scenario described above. In the server to server scenario. you can. you need to make two small changes. To do this.

. you must introduce the IP address and protocol-port for the server accepting requests.and to which only the server can access through an internal interface. You can configure the client manually or automat- ically by using the bundle provided by the VPN server.CHAPTER 2 ZENTYAL INFRASTRUCTURE Figure 2. You must give a name to the client and enable the service.73: Zentyal as VPN client You can configure Zentyal as a VPN client at VPN → Clients.75: Dashboard of a Zentyal server configured as a VPN client . If you do not use the bundle. Figure 2. These certificates must have been created by the same certification authority the server uses.74: Automatic client configuration using VPN bundle When you Save changes in the Dashboard. Figure 2. you can see a new OpenVPN daemon run- ning as a client and the objective connection directed towards another Zentyal server configured as a server. through which you can access to the host located in a local network . The tunnel password and certificates used by the client will also be required. P  P  A In this example you will configure a VPN server and a client on a computer located on an external network. you will connect to the VPN. Therefore: 98 .