This action might not be possible to undo. Are you sure you want to continue?
Introduction to the virtual private networks (VPN)
Zentyal integrates OpenVPN  PPTP and IPsec to conﬁgure and manage virtual private networks. In this section you will see how to conﬁgure OpenVPN, the default VPN protocol in Zentyal. In the following section you will ﬁnd out how to conﬁgure PPTP and IPsec. OpenVPN has the following advantages: Authentication using public key infrastructure. SSL-based encryption technology. Clients available for Windows, Mac OS and Linux. Easier to install, conﬁgure and maintain than IPSec, another open source VPN alternative. Allows to use network applications transparently.  http://openvpn.net/
Configuration of a OpenVPN server with Zentyal
Zentyal can be conﬁgured to support remote clients (sometimes known as road warriors). This means a Zentyal server acting as a gateway and VPN server with a local area network (LAN) behind it allows external clients (the road warriors) to connect to the local network via the VPN service. The following ﬁgure can give a more accurate view:
In addition. you must set at least one of your interfaces as external at Network ‣ Interfaces. Zentyal ensures the task of creating a VPN server is easy and it sets the necessary values automatically. you will automatically be notiﬁed of local network detail. you need to create a Certiﬁcation Authority and certiﬁcates for the remote clients. certiﬁcate (Zentyal will create one automatically using the VPN server name) and network address. then conﬁgure the Zentyal VPN server by selecting Create a new server. the networks connected directly to the network interfaces of the host. You can leave the rest of the conﬁguration options with their default values. . Zentyal will create this certiﬁcate automatically when you create a new VPN server. If you want the clients to connect between themselves by using their VPN addresses. The following conﬁguration parameters are added automatically and can be changed if necessary: port/protocol. In this scenario. Zentyal acts as a Certiﬁcation Authority. i. you must enable the option Allow connections among clients.e.Zentyal and remote VPN clients The goal is to connect the data server with other 2 remote clients (sales person and CEO) and also the remote clients to each other. Once you have the certiﬁcates. In this scenario only two interfaces are required. through the private network. The only value you need to enter to create a new server is the name. As you can see. one internal for LAN and one external for Internet. The VPN network addresses are assigned both to the server and the clients. First. However. If you need to change the network address you must make sure that there is no conﬂict with a local network. Note that you also need a certiﬁcate for the VPN server. the VPN server will be listening on all external interfaces. Therefore.
When you create a bundle select those certiﬁcates that will be used by the clients and set the external IP addresses to which the VPN clients must connect.VPN server conﬁguration After having created the VPN server. you can also add an OpenVPN installer. by clicking the icon in the column Download client bundle. These are available in the table at VPN ‣ Servers. Mac OS and Linux clients. The easiest way to conﬁgure a VPN client is by using the Zentyal bundles . After this. You can create bundles for Windows. Keep in mind that Zentyal will advertise all internal networks automatically. Moreover. routes between VPN networks and between VPN networks and other networks known by your server. These networks will be accessible by authorised VPN clients.e. Once you have done this. In this scenario a local network will automatically be added to ensure the 3rd client is visible to the other two clients. an installation program. it is time to conﬁgure the clients. . if the selected system is Windows.installation packages that include the VPN conﬁguration ﬁle speciﬁc to each user and optionally. you must establish networks. you must enable the service and save the changes. i. Obviously. The Zentyal administrator will download the conﬁguration bundles to the clients using the most appropriate method. you can add or remove the necessary routes. Later you must check in Dashboard that the VPN server is running.
If you need a VPN server that is not the gateway of the local network. Otherwise.e. i. the host does not have any external interfaces. This is best explained by the following image: . In reality. it will act on behalf of all the advertised networks in order to ensure that it receives all the response packages that it will later forward through the private network to its clients. you must ensure that the ﬁrewall module is enabled. As this is one of the ﬁrewall options. With this option. you need to conﬁgure these clients to use Zentyal as name server. otherwise you can not enable this option. the VPN server will act on behalf of the VPN clients within the local network. If you want to use the local Zentyal DNS service through the private network.. then you need to use the Port redirection with Zentyal.  For additional information about ﬁle sharing go to section File sharing and authentication service You can see the users currently connected to the VPN service in the Zentyal Dashboard. You now have access to the data server from both remote clients. but only by IP address. to browse shared ﬁles from the VPN  you must explicitly allow the broadcast of traﬃc from the Samba server. Also. it will not be possible to access services by the hosts in the LAN by name.Download client bundle A bundle includes the conﬁguration ﬁle and the necessary ﬁles to start a VPN connection.
you must conﬁgure a VPN server as previously explained. And then. introduce a Password for Zentyal-to Zentyal tunnels to establish the connection between the two oﬃces in a safer environment. One will act as a VPN client and the other as a server. You can conﬁgure the client manually or automatically by using the bundle . You should bear in mind that the LAN 1 network must be advertised in the Advertised networks. To do this. First. enable the Allow Zentyal-to-Zentyal tunnels to exchange routes between Zentyal servers. The following image clariﬁes the scenario: Zentyal as VPN server vs. you need to make two small changes. you will use Zentyal as a gateway in both networks. Therefore. You must give a name to the client and enable the service. Zentyal as a VPN client The goal is to connect the client 1 on the LAN 1 with client 2 on the LAN 2 as if they were in the same local network. You can conﬁgure Zentyal as a VPN client at VPN ‣ Clients.Connection from a VPN client to the LAN with VPN by using NAT Configuration of a VPN server for interconnecting networks In this scenario two oﬃces in diﬀerent networks need to be connected via private network. However.
conﬁgure the client manually or automatically by using the bundle provided by the VPN server. If you do not use the bundle. the hosts with client roles will only have access to those routes the server has explicitly advertised. However. you must introduce the IP address and protocol-port for the server accepting requests. These certiﬁcates must have been created by the same certiﬁcation authority the server uses. . Client conﬁguration When you Save changes in the Dashboard. The tunnel password and certiﬁcates used by the client will also be required. you can see a new OpenVPN daemon in the LAN 2 running as a client and the object connection towards another Zentyal server within the LAN 1. Dashboard of a Zentyal server conﬁgured as a VPN client When the connection is complete. the host with the server role has access to all routes of the client hosts through the VPN.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.