Just to be sure: OpenVPN connection can only be used from an external subnet to zentyal. (to rule out attempts to use OpenVPN from LAN
Zentyal VPN implementation depends on CA. Therefor you have to activate Certificate Authority in Modules Status section. Then create a Certification Authority Certificate for your CA. Create a certificate for your VPN server and finally create a certificate for the user you want to give VPN rights. Theoretically you can have just 1 certificate and let all your VPN users use that certificate, but when you want to revoke 1 user to use the VPN service, all your other users will be affected too, so I advice to issue 1 certificate per user)
In VPN - Server section create a VPN server.
point to the server certificate to use
client authorization by common name: disabled
use NAT: enabled (if your server is behind NAT)
Allow client to client connections: enabled (if you want to allow clients to 'see' each other.
Interface to listen to: your external interface
Advertised networks: typically your LAN subnet.
Download the bundle for your client and unpack on a location you can find back.
On the client: For an ubuntu client: install networkmanager-openvpn-client
After installation click on network manager and point to VPN connections. Click Configure VPN
Click import and browse to the location you unpacked the bundle.
select the .conf file and click open.
You're set to use the VPN.
For the windows version you can add the OpenVPN client software in the package. I don't have a windows client here, so you have to figure out how to configure this, but I doubt it will be more difficult than the ubuntu version.