What is OpenVPN
Overview
OpenVPN is open source software which means that everyone can freely use it and modify it as needed that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. Zentyal Community Edition offers plenty of features to meet your needs, which includes OpenVPN also.
1. 0penVPN has the following advantages:
- Authentication using public key infrastructure.
- SSL-based encryption technology.
- Clients available for Windows, Mac OS and Linux.
- Easier to install, configure and maintain than IPSec, another
- Configuration of a OpenVPN server with Zentyal.
2. Install OpenVPN Package
a) Go to Software Management -> Zentyal Components, choose VPN
Service and hit on Install button.
b) After OpenVPN package is successfully installed, navigate to Module
Status and check VPN to enable the module.
c) Accept the new pop-up which allows you to visualize system
modifications then go up on page and hit Save Changes to apply new
settings.
3.Configuration of a OpenVPN server with Zentyal
Zentyal can be configured to support remote clients . This means a zentyal
Zentyal can be configured to support remote clients . This means a zentyal
server acting as a gateway and VPN server, with multiple local area
networks (LAN) behind it, allows external clients to connect to the local
network via the VPN service
(In This Scenario both remote client want to connect with lan through openvpn)
4. Create a Certificate Authority and certificates:
First, you need to create a Certification Authority for the two remote
clients
a) Go to Certificate Authority | General in the left navigation.
(you will find the form to create the CA. You are required to fill in the
Organization Name and Days to expire fields. Optionally, it is possible to
specify the Country code , City and State.)
b)Fill out the information for the new certificate in the Issue A New
Certificate section.
c) Click the Issue button.
(Once certificate issued, it will appear in the list of certificates.)
d) After that Go to Certificate Authority | Server Certificate in the left
navigation and enable zentyal Webadmin module
5.Setup the VPN server
a) Go to VPN | Servers in the left navigation
(you will be presented with an empty server listing. Click the Add New
(you will be presented with an empty server listing. Click the Add New
button to start the process of setting up your VPN server. Here are the
steps for creating the VPN server)
b) Give the server a name (this must be in the form domain.com).
c) Click Add
(This server is ready for configuration. By creating the server, zentyal
automatically configures: port, protocol, certificate, and network address.)
6. Now you have to edit the configuration for this server:
a)From within the server listing, click the Configuration button.
b)In this new screen, you can configure the VPN exactly how you need it .
You can even reconfigure the default settings for the VPN created by
Zentyal.
7. Configure the VPN the way you want it. You should pay close attention to these settings:
a)VPN Address: This is the virtual subnet used by the VPN. Make sure this
does not conflict with any other networks in use.
b)Server Certificate: By default, this will be the certificate created by
zentyal. You can import your own certificate from an external source, and
then select that certificate here.
c)Authorize The Client By The Common Name: You can select a string of
characters from the drop-down that will require the common name of the
client certificate is within order for authentication to succeed.
d)TUN Interface: You can select either a TAP or TUN interface (TAP is
default).
e)Network Address Translation (NAT): If you need NAT, enable it here.
Redirect Gateway: If you want to force all client network traffic to go
through the VPN, check this box; otherwise, the clients will use their own
resources for Internet traffic.
f)Name Servers/WINS Server: If you want name/WINS servers to
overwrite those used on the clients, configure them here.
g)Click the Change button when your configuration is complete.
(After you enter all of the necessary information, click the Save Changes
button that’s in the upper right corner. This will save all of your options
and start the VPN server)
8. Open Firewall Ports:
Before actually opening firewall to OpenVPN traffic the service must
initially be defined for Zentyal Firewall.
a) Navigate to Network | Services | Add New
b) Enter a descriptive name for this service to remind you that is configured
for OpenVPN and choose a Description then hit on Add.
c) After you newly service appears in Services List hit on Configuration
button to edit settings then hit on Add New on next screen
d) Use the following settings on VPN service configuration and when you are done hit on Add.
- Protocol = UDP (if on VPN Server configuration you selected TCP protocol make sure you add a new service here with same port on TCP).
- Source Port = Any.
- Destination Port = 1194.
e)After you added the required services click on upper Save Changes
button to apply settings
9. Now it’s time to open Zentyal Firewall for OpenVPN connections:
a)Go to Firewall | Packet Filter| Filter rules from Internal Network to
Zentyal –Configure Rules and hit on Add New
b)On the newly rule make the following settings and when you finished hit
on Add
- Decision = Accept
- Source = Any
- Service = your vpn service rule just configured
c)Repeat the steps with Filtering rules from External Networks to Zentyal
then save and apply changes by hitting upper Save Changes button.
Now your OpenVPN Server is fully configured and Zentyal can receive
secure connections through SSL tunnels from internal or external
OpenVPN clients, the only thing remaining to do is to configure Windows
OpenVPN clients.
10.Configure OpenVPN clients on Windows
Zentyal OpenVPN offers among file configuration, server certificate and
key needed for a vpn client the software necessary for Windows based
machines to authenticate to VPN Server. To download the OpenVPN
software and clients configurations files (keys and certificates).
a)Navigate to Infrastructure | VPN |Servers and go to Download Client
Bundle button of the server you want to access.
b)On the Download Client Bundle of your server use the following settings
for a Windows machine then Download the client package.
- Client Type = Windows (you can also choose Linux or Mac OS X)
- Client’s Certificate = Zentyal
- Check Add OpenVPN installer to bundle (this will include OpenVPN software installer)
- Connection Strategy = Random
- Server Address = ( public Internet IP Address)
- Additional Server Address = only if you have other public IP Address or leave blank
- Second Additional Server Address = same as Additional Server Address or leave blank
c) Click on Download
d) After the Client Bundle is downloaded or transferred using a secure
procedure on your remote Windows machines, extract the zip archive
and install OpenVPN software and make sure you also install Windows
TAP drivers
e) After the OpenVPN software successfully installs on Windows copy all
Certificates, Keys and client file configuration from extracted archive to
the following locations.
- For 32-bit Windows
C:\Program Files\OpenVPN\config\
- For 64-bit Windows
C:\Program Files (x86)\OpenVPN\config\
f)Click on your OpenVPN GUI Desktop icon to start the program then go
to Taskbar on left OpenVPN icon and hit on Connect.
g) A pop-up window with your connection should appear on your desktop
and after the connection successfully established on both tunnel endpoints, a window bubble will display this fact and show your VPN IP Address.
h) Now you can test your connection by ping Zentyal VPN Server address or
open a browser and check your domain name or VPN Server address in
URL.
Refrences :
a) http://www.tecmint.com/install-openvpn-server-on-zentyal/
b) http://www.techrepublic.com/blog/smb-technologist/set-up-a-vpn-
on-your-zentyal-small-business-server/