Thank you for your post. It helped me with my own setup.
I have some suggestions you may want to consider:
1. The easiest setup to overcome your problem is to configure your VPN on a subnet that is different from your LAN subset. This way you can use zentyal's firewall directly, without using the firewall.postservice file. Just add an entry on the external to internal networks filters to allow traffic from you VPN subnet to your LAN subnet. It's working on my system.
2. In case you still prefer your method, you have other options too. You can write a pair of lines like these on your firewall.postservice file:
iptables -I inospoof 1 -j ACCEPT -s x.x.x.x/x -i ppp9+
iptables -I fnospoof 1 -j ACCEPT -s x.x.x.x/x -i ppp9+
by using the -I option, you don't have to rebuild the nospoof chains. Instead these rules become the first in the chain so that the default ones can remain unchanged. Also note the ppp9+ on the end. It means interfaces starting with ppp9 (+ is a wildcard). This setup requires that you change the pptpd-options file. Add a line with the text unit 91. The pptp interface names will now be called ppp91, ppp92, ppp93, etc...