Openvpn

[bahareh68]

Hi.                              how can i establish openvpn connection from a defined user in zentyal to zentyal?what commands must be used?                thanks.

[robb]

Just to be sure: OpenVPN connection can only be used from an external subnet to zentyal. (to rule out attempts to use OpenVPN from LAN )

Zentyal VPN implementation depends on CA. Therefor you have to activate Certificate Authority in Modules Status section. Then create a Certification Authority Certificate for your CA. Create a certificate for your VPN server and finally create a certificate for the user you want to give VPN rights. Theoretically you can have just 1 certificate and let all your VPN users use that certificate, but when you want to revoke 1 user to use the VPN service, all your other users will be affected too, so I advice to issue 1 certificate per user)

In VPN - Server section create a VPN server.
Configuration:
point to the server certificate to use
client authorization by common name: disabled
use NAT: enabled (if your server is behind NAT)
Allow client to client connections: enabled (if you want to allow clients to 'see' each other.
Interface to listen to: your external interface

Advertised networks: typically your LAN subnet.

Download the bundle for your client and unpack on a location you can find back.
On the client: For an ubuntu client: install networkmanager-openvpn-client

After installation click on network manager and point to VPN connections. Click Configure VPN
Click import and browse to the location you unpacked the bundle.
select the .conf file and click open.

You're set to use the VPN.

For the windows version you can add the OpenVPN client software in the package. I don't have a windows client here, so you have to figure out how to configure this, but I doubt it will be more difficult than the ubuntu version.

[nontrivial]

Hello,

I am unable to get a VPN connection working as well. I believe I have followed all the steps correctly, and I am trying to connect Zentyal 2.2 server to Ubuntu 12.04 client. It attempts to connect and then I get a timeout error on the client. The only thing I have done differently is that I opened up the OpenVPN port number on the firewall (1194) from the outside network to Zentyal, and I did not check Network Address Translation because I have more than on internal network. Is there a log somewhere on the client and/or server that I can look at while I try to connect?

Jameshtt

[robb]

Did you install networkmanager openvpn on the client?

After that it should be quite straightforward to configure the VPN connection.
download the certifificates from Zentyal server
go to networkconnections, VPN and add a vpn connection
select the conf file you downloaded from the zentyal server to configure the connection
start the vpn cponnection by selecting from the vpn menu in network manager

[nontrivial]

Yes, I followed the instructions. The configuration on the client seems to go swimmingly, it just times out and doesn't work when I try to make the connection.

[robb]

Can you check of you can reach the server on port 1194?

btw logs for openvpn are at /var/log/openvpn
other logs you might want to check are at /var/log/zentyal