OpenVPN client on Zentyal - can this be done?

[merk]

I am using Zentyal 3.0 as a gateway/firewall and file server in a small home LAN.

I live in a country where some international websites are blocked, and so I normally run OpenVPN clients on one or two of my local hosts to tunnel to a commercial VPN server provider offshore. Instead, I would like to run my VPN client on the Zentyal box, and make the tunnel available to my entire LAN.

I have not yet installed the Zentyal VPN module, but a quick look at the documentation suggests it is aimed at setting up a server, rather than a client. My understanding is that Linux OpenVPN actually implements both server and client through a single package, but not so sure about the Zentyal module.

Can anyone offer a little guidance here? Can this be done through the Zentyal module? Or would I be better off just implementing an OpenVPN client directly in Ubuntu? I fear that doing it outside of Zentyal will still require me to make a bunch of messy adjustments to zentyal to make it play nice.

Any knowledgeable suggestions on the best way to attempt to do this?

[c4rdinal]

I am using Zentyal 3.0 as a gateway/firewall and file server in a small home LAN.

I live in a country where some international websites are blocked, and so I normally run OpenVPN clients on one or two of my local hosts to tunnel to a commercial VPN server provider offshore. Instead, I would like to run my VPN client on the Zentyal box, and make the tunnel available to my entire LAN.

I have not yet installed the Zentyal VPN module, but a quick look at the documentation suggests it is aimed at setting up a server, rather than a client. My understanding is that Linux OpenVPN actually implements both server and client through a single package, but not so sure about the Zentyal module.

Can anyone offer a little guidance here? Can this be done through the Zentyal module? Or would I be better off just implementing an OpenVPN client directly in Ubuntu? I fear that doing it outside of Zentyal will still require me to make a bunch of messy adjustments to zentyal to make it play nice.

Any knowledgeable suggestions on the best way to attempt to do this?

Yes, this can be done. Just read the official Documentation for more info.

HTH

[merk]

Thanks Cardinal, you are right. yes I have now read that part of the docs, and certainly should have done before posting. I see that a vpn client is easily doable through the Zentyal interface.

The bit I am still unsure of is how to hook this into the rest of the system to get the behavior I seek.

*<What I want is that certain hosts on the local network always route through the VNP when going outside, and others do not.>*

I am a bit out of my depth here, but I think it should work something like this:

Certain hosts on internal network --> eth1 --> NAT --> tun(VPN) --> ppp0 --> eth0 --> Internet
  Other hosts on internal network --> eth1 --> NAT                ------> ppp0 --> eth0 --> Internet

Once i have set up my VPN client, I am not sure which Zentyal modules I should use to get this routing to work. Can I simply add a couple of rules to the firewall, or if I will need to use a squid proxy, or go directly into fiddling with routing tables, or something like that.

My entire local network uses only static IPs, so the contingent routing can be based on IPs or MAC addresses, whichever is more efficient.

Undoubtedly there are ways to do this directly in Linux, but naturally, I'd prefer to do everything at the Zentyal level if possible, for ease of maintenance.

Can anyone point me in the right direction?

[guy2545]

Thanks Cardinal, you are right. yes I have now read that part of the docs, and certainly should have done before posting. I see that a vpn client is easily doable through the Zentyal interface.

The bit I am still unsure of is how to hook this into the rest of the system to get the behavior I seek.

*<What I want is that certain hosts on the local network always route through the VNP when going outside, and others do not.>*

I am a bit out of my depth here, but I think it should work something like this:

Certain hosts on internal network --> eth1 --> NAT --> tun(VPN) --> ppp0 --> eth0 --> Internet
  Other hosts on internal network --> eth1 --> NAT                ------> ppp0 --> eth0 --> Internet

Once i have set up my VPN client, I am not sure which Zentyal modules I should use to get this routing to work. Can I simply add a couple of rules to the firewall, or if I will need to use a squid proxy, or go directly into fiddling with routing tables, or something like that.

My entire local network uses only static IPs, so the contingent routing can be based on IPs or MAC addresses, whichever is more efficient.

Undoubtedly there are ways to do this directly in Linux, but naturally, I'd prefer to do everything at the Zentyal level if possible, for ease of maintenance.

Can anyone point me in the right direction?

I can't tell you how to do it in Zentyal because I only just starting looking at it to replace my Ubuntu Server. But the way I do it with pfsense is with two different subnets. All 192.168.2.xxx address go out through the VPN and all 192.168.1.xxx address go out over the open internet.

[c4rdinal]

Thanks Cardinal, you are right. yes I have now read that part of the docs, and certainly should have done before posting. I see that a vpn client is easily doable through the Zentyal interface.

The bit I am still unsure of is how to hook this into the rest of the system to get the behavior I seek.

*<What I want is that certain hosts on the local network always route through the VNP when going outside, and others do not.>*

I am a bit out of my depth here, but I think it should work something like this:

Certain hosts on internal network --> eth1 --> NAT --> tun(VPN) --> ppp0 --> eth0 --> Internet
  Other hosts on internal network --> eth1 --> NAT                ------> ppp0 --> eth0 --> Internet

Once i have set up my VPN client, I am not sure which Zentyal modules I should use to get this routing to work. Can I simply add a couple of rules to the firewall, or if I will need to use a squid proxy, or go directly into fiddling with routing tables, or something like that.

My entire local network uses only static IPs, so the contingent routing can be based on IPs or MAC addresses, whichever is more efficient.

Undoubtedly there are ways to do this directly in Linux, but naturally, I'd prefer to do everything at the Zentyal level if possible, for ease of maintenance.

Can anyone point me in the right direction?

Just create two (2) network objects. 1. Certain host and 2. Other hosts. Then use bandwidth shaping, to route those traffic to the appropriate gateway.

[dsla]

Just create two (2) network objects. 1. Certain host and 2. Other hosts. Then use bandwidth shaping, to route those traffic to the appropriate gateway.

I think this is just what I need also, but I'm afraid I don't understand how to do it. Could you spell it out in Zentyal 3.0 please?

So far, I've got my Zentyal server to connect to my VPN provider successfully and to create a tun0 interface, but I can't see how to route any traffic to it.

Thanks in anticipation
Dan