Zentyal "site-to-site" to third party VPN provider?

[ZenDragon]

I run a static IP address on my home network because I use OpenVPN to connect to my home network from my laptops for work. However because I run a static IP at home, on my home boxes I also use PIA (Private Internet Access) service for browsing, so I'm not browsing with my static IP address. I also use PIA in general from my laptop when I'm out on public wifi networks. The problem is that I can only use one or the other. I have two vpn clients PIA for general internet browsing, and OpenVPN to connect to my home, and I cant run them both at the same. So, my question is; Is it possible for me to setup Zentyal to use PIA for all internet bound traffic so all my machines at home go through PIA without having to have the client installed, and so when I VPN to my home network, it just sets the gateway and redirects all my internet traffic through the OpenVPN tunnel, off my home router and out through PIA to the web? I am currently running an old version of Zentyal (2.2) and yes I know I need to update it.Can this version do it? Or if I just bite the bullet and upgrade can 3.4 do it?

[nicolasdiogo]

i think i need to see a picture of this setup to understand it..


let me try:

router (gwInternet)
zbox (zentyal 2.2)


router has connection to internet AND can also route traffic through OPENVPN service PIA?
zbox connects to router to access Internet?

[ZenDragon]

I attached a simple diagram... hopefully that makes sense.

[nicolasdiogo]

it should be fine by using the PIA  as you described.
in this case PIA becomes the gateway for ZENTYAL.
whereby all traffic is redirected to it.

have you not tried that?

ps: love the diagram - which tool did you use?

[ZenDragon]

It was draw.io (website) I just did a search for free online flow chart creator and found that. 

Anyhow, I assume its possible, but i couldn't figure out how to get zentyal set up to connect to pia. At least from the web interface. I'm assuming ill have to SSH into it and set it up that way. I'm not totally new to the Linux command line but I depend on this thing and don't want to take the chance of screwing something up. I've used slackware and gentoo before, but that was some time ago and im just not really familiar with how the config process works and init scripts and all that on this particular distro. Was hoping you all could just point me in the right direction. Or just tell me at a high level what I need to do, I can probably figure out the specifics.

[nicolasdiogo]

could you post some info on this PIA?

i have found articles about it.
but not the actual implementation on linux info.

i am interested in helping you out as i had posted very similar question myself around the same time.
https://forum.zentyal.org/index.php/topic,21950.0.html

since i have installations on running on Virtual Systems; i considered creating a new VM to do the VPN connectivity.
if you have a similar option try that.

[ZenDragon]

PIA (Private Internet Access) is a hosted VPN service, their website is https://www.privateinternetaccess.com. On their client support page here:
   https://www.privateinternetaccess.com/pages/client-support/

It states that they support ubuntu via an OpenVPN client. I know the newer version of Zentyal is based on Ubuntu, but I'm not sure if there are any differences with the version I am running. Anyhow my concern is not so much with just installing the OpenVPN client, its making sure that just doing that via the command line isnt going to screw up any of the zentyal configuration files.

The machine I have this running on is just a really small Micro-ITX board, with 4gb of ram and an 1.6GHz Atom processor, I dont think its beefy enough to run VMs. I have my desktop, and an HTPC but I would rather not have to setup VPN services on those. If I can get it all working on my firewall that would be ideal.

I suppose I can give the OpenVPN setup a shot... Im assuming ill have to muck around with IPTables or something to get the routing to work, although last time I tried to do something with that Zentyal just overwrote it all again.

Im guessing I will have to at the minimum go through the following steps, please feel free to interject if you feel I am missing anything:

1) Install OpenVPN client (they have an ubuntu installer, but I dont know if this will work for Zentyal 2.2 that I am running
2) Edit OpenVPN client to change gateway via the redirect-gateway command. (Their installer might do this automatically.)
3) Setup the Zentyal VPN to use the OpenVPN interface as its gateway? Not sure how to do this.
4) Profit

[nicolasdiogo]

they way i understand it would be:

the PIA vpn will create a connection - which will add a new route and gateway to your zentyal
check with:
route -n

before and after the installation

so you will not need zentyal vpn at all
but you will need to route all traffic into the PIA gateway instead.

[ZenDragon]

so you will not need zentyal vpn at all

This is where I am getting lost. I need open vpn to connect from my laptop when I am external to the device. This how I access resources on my home network when I am out. I cant do this with PIA. I just don't understand how to ensure that traffic on my laptop, with the gateway set as my firewall, in a separate subnet than my normal network (ie 192.168.2.x for vpn users, and 192.168.1.x for home computers), will get routed through the PIA connection on my firewall. Im sure its something simple from the command line that cant be accomplished from the Zentyal web interface, but I just dont know what that is.