Tentative to describe, high level view, VPN using Zentyal
Assumption:
- Zentyal is your firewall, DNS and DHCP server, thus also default route for all devices on your LAN
- it has 2 interfaces, one internal one external
- front-end edge router is forwarding to Zentyal (external IP) either all incoming flow or at least protocols exposed on Zentyal external interface (listening services like mail server, VPN server, HTTP server)
Configuration:
- configure VPN server as per
documentation. This means defining and configuring VPN server and create certificate for client(s)
- once server is up and running, download client bundle using previously create certificate
- install and run this bundle client side.
It works
(however read further)
What I mean to explain here is that there is not need for specific FW rules, port forwarding or other strange settings.
This is really straightforward (or at least supposed to be
)
If it doesn't work, then do not change anything but try to identify where failure occurs. Workaround like "disabling FW" doesn't help. Better to add some FW rules like accept any-to-any if you think FW may be faulty.
When I wrote "it works", I meant that client should be able to launch VPN client and build tunnel.
Accessing services running on LAN is another step that requires tunnel to be enabled first. This means, if I may rephrase it "do not focus on internal server access but first ensure that tunnel is there, up and running.
Once you have reach this point, then you can try to access your internal server and focus on potential problems (and there is potentially a lot
)
- route to your LAN is known client side because your LAN is advertised thus once tunnel is up, this route is added client side.
- this doesn't permit to access myserver.mydomain transparently because DNS is not changed client side, thus myserver.mydomain might not be resolved as expected.
What I try to highlight is that "I can't access my server" might not be due to VPN related issues only, reason why I suggest you progress step by step without introducing workaround a soon as something doesn't bring expect result. Once you have the big picture in mind, investigating should not be that complex (especially because it does work when done properly)