Follow these steps to learn how to set up a VPN server on your Zentyal Community Edition free small business server.
Zentyal Community Edition small business server is a great and free solution for any company that needs functionality similar to Windows Small Business Server, but does not have the budget for Microsoft's take on the multi-function server. (There are other editions of Zentyal that are not free.) Zentyal Community Edition offers plenty of features to meet your needs, which include:
- VPN server
- Firewall and routing
- DHCP server
- DNS server
- NTP server
- Email server (including webmail)
- Certificate Authority
- Web server
- Workgroup (including Windows Active Directory syncing)
- XMPP server
I'll walk through the process of setting up a VPN server on your Zentyal Community Edition small business server. With this portion of the server set up, your users will be able to gain remote access to all of the features on the server.
The VPN server on Zentyal is an OpenVPN PPTP server, which benefits from:
- Public key authentication
- SSL-based encryption
- Clients available for Windows, Mac, and Linux
- Allows use of network applications transparently
Let's set this VPN server up. I am assuming you already have Zentyal Community Edition up and running.
Create a Certificate Authority and certificatesBefore you set up the VPN, you must create a Certificate Authority (CA) and certificates for those that want to connect (the CA for the VPN server will be created automatically during VPN setup). When you first set up the VPN server (by going to VPN | Server), you will be prompted to create your CA. Click the presented link that will take you to the CA setup page (Figure A). Figure A
This is the CA for the VPN server. (Click the image to enlarge.)
Once you create the CA certificate, you need to create the certificates for anyone needing to use the VPN.
1. Go to Certificate Authority | General in the left navigation.2. Fill out the information for the new certificate in the Issue A New Certificate section (Figure B).
3. Click the Issue button.Figure B
All of your created certificates will be listed here. (Click the image to enlarge.)
Once all of your certificates are ready, it's time to start setting up the VPN.
Set up the VPN server
When you go to VPN | Servers in the left navigation, you will be presented with an empty server listing. Click the Add New button to start the process of setting up your VPN server. Here are the steps for creating the VPN server.
1. Give the server a name (this must be in the form domain.com).
2. Click Add.You should be directed to your VPN server listing with your new server in place (Figure C). Figure C
This server is ready for configuration. (Click the image to enlarge.)
By creating the server, Zentyal automatically configures: port, protocol, certificate, and network address. Now you have to edit the configuration for this server.
1. From within the server listing, click the Configuration button.2. In this new screen, you can configure the VPN exactly how you need it (Figure D). You can even reconfigure the default settings for the VPN created by Zentyal.
3. Click the Change button when your configuration is complete.Figure D
Configure the VPN how you want it. (Click the image to enlarge.)
You should pay close attention to these settings:
- VPN Address: This is the virtual subnet used by the VPN. Make sure this does not conflict with any other networks in use.
- Server Certificate: By default, this will be the certificate created by Zentyal. You can import your own certificate from an external source, and then select that certificate here.
- Authorize The Client By The Common Name: You can select a string of characters from the drop-down that will require the common name of the client certificate is within order for authentication to succeed.
- TUN Interface: You can select either a TAP or TUN interface (TAP is default).
- Network Address Translation (NAT): If you need NAT, enable it here.
- Redirect Gateway: If you want to force all client network traffic to go through the VPN, check this box; otherwise, the clients will use their own resources for Internet traffic.
- Name Servers/WINS Server: If you want name/WINS servers to overwrite those used on the clients, configure them here.
After you enter all of the necessary information, click the Save Changes button that's in the upper right corner. This will save all of your options and start the VPN server.Now, it's time to advertise the networks. To do this, go back to the VPN server listing, click the Add New button, and then click the Add A New One button. You will first give this advertised network a name (Figure E) and then configure that network. After giving the network a name, click Add. Figure E
You can add as many advertised networks as needed to the VPN. How you make use of the advertised networks will depend upon what you need to be visible to the clients. Set this up carefully, and make sure the advertised networks do not conflict.Finally, you need to download the necessary bundles for easy connection to the VPN server. You do have to set up the client before downloading the bundle (Figure G); these bundles will contain all the necessary certificates needed for connection. To download the necessary bundles, go back to the server listing, and click Download Client Bundle and download the client bundle for the platform needed. If the client will be downloaded to a Windows machine, make sure to select the OpenVPN option. Figure G
Once the client bundle is added and installed on the client machine, they should be able to connect to the Zentyal VPN and begin to use the resources on that network.