Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - renss78

Pages: [1]

As a solution i used pfSense as VPN Client to create a Site-to-Site VPN connection with the Zentyal VPN Server.

PfSense does have a WAN failover option which works pretty well. PfSense does not advertise his underlaying networks to the Zentyal so i had to manually add routes on the Zentyal server which lead to the underlaying networks of the pfSense.

I hope this helps for the people who faced the same problem.


I have set-up a test environment with 2 WAN's. One as default gateway... if i pull out the default gateway cable Zentyal does not automatically switch to the other WAN :(. You need to set the other WAN interface as default... but hand. Than it works fine.

Is there a solution for this? or should i just use a 3th party tool to make failover work.

Yup got the same, no clue.. Help??

Other modules / VPN server for interconnecting networks Problem
« on: January 18, 2016, 03:50:41 pm »

I have setup a Zentyal-to-Zentyal Server to connect two networks, but i cannot ping a machine which is behind Site A (the zentyal server).

Site A (datacenter, zentyal 4.2)
Zentyal-to-Zentyal VPN Server --> VPN
WAN(eth0) --> External Address
LAN(eth1) -->
Windows Server -->
Advertised Routes -- > openVPN-eth1-, VPN (192.168.160.x, added manually).

Site B (office, zentyal 4.2)
Is connected to the Zentyal-toZentyal VPN server (as client) which is at the datacenter --> VPN
WAN(eth0) --> (External Address, it is part of our LAN network, temporary).
LAN(eth1) -->
Windows 7 (laptop which is connected with the eth1) -->
Advertised Routes -- > openVPN-eth0-, openVPN-eth0-, VPN (192.168.160.x, added manually).

From the Zentyal (Site B) i can ping (Site A, eth1) and A, Windows Server).
From the Laptop (Site B) i can ping (Site A, eth1) but not (Site A, Windows Server)

On the Windows 7 laptop(ip:, gw:

When i run a tracert to it goes via

1 -->
2 -->

When i run a tracert to it goes via

1 -->
2 -->
3 --> Time-out

Why it goes via the 160.1 when i try to reach because it does not know the ip but it does know the 10.50.73.x network.. so it just sends out via 160.1.

But why?, please help me out.

Other modules / Re: Openvpn server
« on: January 08, 2016, 10:20:36 am »
I assume you have two networks Network A and Network B (lets say the printers are on Network B). Network A needs to use the printers on Network B using the VPN connection. I dont know anything about the bridged networks but i know that you just want two local networks to talk to each other (via VPN). The Server need to share it's local resources to the Client. But only share its local resources (LAN) and not using it as gateway (than you would use the VPN servers Internet connection).

This means that you need advertised routes so your client knows, HEY! This guy is trying to reach the (the printer ip), ahh for that network i need to use the VPN (TAP interface). In Zentyall you can add advertised routes to at the client package (which you download) so the OpenVPN client application knows when to use the VPN and when not. In your case it only would be the 192.168.123.x network (where your printers are).

Just set up a VPN Server at Network B where the printers are, make sure the advertised routes are add... make sure the VPN Client (at Network A) connects to the server, than all the resources at Network B should be pingable and usable for Network A. IF you want interconnecting networks (routes are exchanged in both directions) you need to setup a site-to-side (zentyal-to-zentyal) network.

Configuration of a VPN server for interconnecting networks

Installation and Upgrades / Re: VPN Internet Traffic Redirect?
« on: November 13, 2015, 09:17:40 am »

Installation and Upgrades / OpenVPN with Zentyal
« on: November 13, 2015, 09:16:59 am »

I have a problem with connecting to my VPN service.

From the home office it is possible to connect to the VPN, it works fine. But as soon as i try to connect from a different location it is not possible to connect!

I tried connecting from several locations but it fails with the following error:

Code: [Select]
Fri Nov 13 09:02:08 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 13 09:02:08 2015 TLS Error: TLS handshake failed
Fri Nov 13 09:02:08 2015 SIGUSR1[soft,tls-error] received, process restarting

The VPN Server is located at a datacenter so it is not locally connected at the Home office.

Stuff i tried:
TCP instead of UDP.
Changed the TAP interface, TUN.
Different port(not 1194).
Add rules to the Windows Firewall.
Turned off the Windows Firewall(i know this is stupid and not a solution but at least i tried).
Turned off IP Tables.
Renew the Certificates.
Yes i run the application as Administrator.
The LOGs on the server do not register the connection from the other location, only from the home office!
Scanned with NMAP the UDP port(1194), yes it is open.

I'm running the OpenVPN Server on a Zentyal server.

I don't know any options, i'm facing this problem for a few days now. Any help would be appreciated, maybe i even  send you a bottle of wine!

Yours faithfully, Rens

Installation and Upgrades / Re: VPN Internet Traffic Redirect?
« on: October 23, 2015, 05:02:30 pm »

Here is a update:

I found out that the Zentyal DOES try to push the Advertised Networks to the client true OpenVPN only thats fails...

I solved that with my last post by manually add the route.

By default the advertised network should be pushed correctly so this problem would NOT occur. At the moment i do not have a solution for this problem, only a workaround;)

The error which you see in the VPN State Log:

Code: [Select]
Fri Oct 23 15:59:21 2015 PUSH: Received control message: 'PUSH_REPLY,route,route x.x.x.0,route,route,route,route-gateway,ping 10,ping-restart 120,ifconfig'
Fri Oct 23 15:59:21 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Oct 23 15:59:21 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Oct 23 15:59:21 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Oct 23 15:59:21 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Fri Oct 23 15:59:21 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])

Installation and Upgrades / Re: VPN Internet Traffic Redirect?
« on: October 23, 2015, 02:00:03 pm »

In the first place, thanks for your quick response :)

You were certainly right about one thing:

your computer at home does not know what to do when to reach "192.168.x.y" - reach the one at home or reach the one at the other end of the VPN?

And the solution you purposed would probably work, but both networks are /24... completely different subnets since they are /24. But what you said made me think the following:

When i ping for example the LAN(which is behind the Zentyal), how does Windows know what connection to use to send the ping...... the normal local internet connection or the VPN connection... well it does not!!

My solution:

Manually add the following routes to my local ovpn file which is in the config folder:

Code: [Select]

Now does the OpenVPN client know that it must ONLY use the VPN connection for these subnets.

BUT i don't want to manually add these routes for all those clients i'm going to use... The next step is i'm going to find a way to PUSH the routes to the clients(which can be achieved to edit the openvpn.conf) But i have no idea where to find it in Zentyal.

Maybe a tip for a new feature in Zentyal, make it possible to push routes via the GUI.

Best regards,


Installation and Upgrades / VPN Internet Traffic Redirect?
« on: October 23, 2015, 10:52:29 am »

I'm setting up a network with the VPN option in Zentyal.


eth0(WAN) --> ip)
eth1(LAN) --> (internal lan)
VPN --> (vpn lan)


When i connect via my Windows 8 workstation, i can connect fine but all my traffic goes true the VPN server(internet), we dont want that, i want to keep using my local(office) WAN connection.

So at the VPN server configuration(VPN-->Servers-->Config) i unchecked the Redirect gateway option and checked the Network Address Translation and Allow client-to-client connections options. Now indeed i use my own local(office) WAN connection BUT i cannot reach the VPN network(can't ping the my own ip is 160.2) and i cannot reach the 172.80.0.x network. All of this works when i check the option Redirect the gateway, but than all the internet goes true the VPN connection.

So i think the solution is: Add static routes... but i have no clue what values i must add.....

Best regards,


Pages: [1]