Zentyal. Zentyal for Network Administrators. for Network Administrators VERSION 3.2 SP2 VERSION 3.2 SP1. Preparation for the certification exam

Similar documents
ReadyNAS Setup Manual

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

LogMeIn Hamachi. Getting Started Guide

What is included in the ATRC server support

How to Create a Basic VPN Connection in Panda GateDefender eseries

READYNAS INSTANT STORAGE. Quick Installation Guide

SSL VPN Technology White Paper

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Step-by-Step Configuration

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

Dell Statistica Statistica Enterprise Installation Instructions

How To Configure L2TP VPN Connection for MAC OS X client

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

HOWTO: How to configure IPSEC gateway (office) to gateway

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

Steps for Basic Configuration

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

NETASQ ACTIVE DIRECTORY INTEGRATION

Network Configuration Settings

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

NETASQ MIGRATING FROM V8 TO V9

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Fireware Essentials Exam Study Guide

PRINT FLEET MANAGER USER MANUAL

ReadyNAS Duo Setup Manual

Networking Guide Redwood Manager 3.0 August 2013

Endpoint Security VPN for Mac

Configuring Windows Server 2008 Network Infrastructure

User Guide. DocAve Lotus Notes Migrator for Microsoft Exchange 1.1. Using the DocAve Notes Migrator for Exchange to Perform a Basic Migration

Technical Brief for Windows Home Server Remote Access

Intel Active Management Technology with System Defense Feature Quick Start Guide

Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks

SSL VPN Portal Options

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Step-by-Step Configuration

2X ApplicationServer & LoadBalancer Manual

Barracuda Link Balancer Administrator s Guide

ReadyNAS Remote White Paper. NETGEAR May 2010

Virtual Appliance Setup Guide

Installation & Configuration Guide Version 1.0. TekSMTP Version Installation & Configuration Guide

Deploying F5 to Replace Microsoft TMG or ISA Server


2X ApplicationServer & LoadBalancer Manual

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

WatchGuard System Manager User Guide. WatchGuard System Manager v8.0

Installation and Maintenance Guide Release 1.0

Application Note Startup Tool - Getting Started Guide

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

v6.1 Websense Enterprise Reporting Administrator s Guide

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

PHD Virtual Backup for Hyper-V

NMS300 Network Management System

Kerio Control. Step-by-Step Guide. Kerio Technologies

Device LinkUP + Desktop LP Guide RDP

Configuration Guide BES12. Version 12.2

Chapter 4 Managing Your Network

1 Introduction to the Axxess Server

VPN Configuration Guide. Dell SonicWALL

Synthetic Application Monitoring

GRAVITYZONE HERE. Deployment Guide VLE Environment

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Wharf T&T Cloud Backup Service User & Installation Guide

Cloud Attached Storage 5.0

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Parallels Plesk Panel

Advanced Configuration Steps

UIP1868P User Interface Guide

SMART Vantage. Installation guide

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Resonate Central Dispatch

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Virtual Web Appliance Setup Guide

Copyright 2013, 3CX Ltd.

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

Preparing for GO!Enterprise MDM On-Demand Service

The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide

Guideline for setting up a functional VPN

Integrate Check Point Firewall

Synchronization Agent Configuration Guide

Networking Best Practices Guide. Version 6.5

SonicWALL Global Management System Configuration Guide Standard Edition

Remote Filtering Software

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Administrator's Guide

SSL SSL VPN

Content Filtering Client Policy & Reporting Administrator s Guide

Mobile Device Management Version 8. Last updated:

Small Business Server Part 2

SonicWALL SSL VPN 3.5: Virtual Assist

SANGFOR SSL VPN. Quick Start Guide

Transcription:

Zentyal Zentyal for Network Administrators for Network Administrators VERSION 3.2 SP2 VERSION 3.2 SP1 Preparation for the certification exam Zentyal Certified Associate (ZeCA) Zentyal Certified Associate (ZeCA) All benefits of this book will be used to support Openchange Project

Zentyal for Network Administrators VERSION 3.2 SP2

PRODUCED BY Zentyal S.L. BSSC Building C/ Eduardo Ibarra Nº 6 50009 Zaragoza, Spain www.zentyal.com COPYRIGHT NOTICE Copyright 2014 Zentyal S.L. All rights reserved. No part of this manual shall be reproduced, stored in a retrieval system, transmitted by any means, electronic, mechanical, photocopy, recording or otherwise, or translated to any language without the written permission of Zentyal S.L. No patent liability es assumed with respect to the use of the informtion contained herein. Although every precaution has been taken in the preparation of this training guide, Zentyal S.L. assumes no responsability for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. The information provided is on an "as is" basis and no warranty or fitness is implied. The copyright of this manual is owned by Zentyal S.L., Zentyal and the Zentyal logo are registered trademarks of Zetyal S.L. Other trademarks and registered trademarks referred to in this manual are the property of their respective owners, and are used for identification purposes only.

Index. I Z... 9.. P... 9 1.1.1. SMBs and ITC... 9 1.1.2. Zentyal: Linux server for SMBs... 9 1.1.3. About this manual... 12.. I... 12 1.2.1. Zentyal installer... 13 1.2.2. Initial configuration... 22 1.2.3. Hardware requirements... 27.. F Z... 28 1.3.1. Zentyal webadmin interface... 28 1.3.2. Network configuration with Zentyal... 35 1.3.3. Practical examples... 40.. S... 40 1.4.1. Management of Zentyal components... 41 1.4.2. System Updates... 42 1.4.3. Automatic updates... 43 1.4.4. Proposed exercises... 44.. S -... 45. Z I... 47.. Z I... 47.. H - Z... 48 2.2.1. Network objects... 48 2.2.2. Network services... 50 2.2.3. Practical examples... 52 2.2.4. Proposed exercises... 53.. D N S DNS... 53 2.3.1. Introduction to DNS... 53 2.3.2. DNS cache server configuration with Zentyal... 58 2.3.3. Transparent DNS Proxy... 59 2.3.4. DNS Forwarders... 60 2.3.5. Configuration of an authoritative DNS server with Zentyal... 60 2.3.6. Practical examples... 64 2.3.7. Proposed exercises... 66.. T NTP... 67 2.4.1. Introduction to NTP... 67 2.4.2. Configuring an NTP server with Zentyal... 67 2.4.3. Practical examples... 68.. N DHCP... 69 2.5.1. Introduction to DHCP... 69 2.5.2. DHCP server configuration with Zentyal... 70 3

2.5.3. Practical examples... 74 2.5.4. Proposed exercises... 74.. C CA... 75 2.6.1. Public Key Infrastructure (PKI)... 75 2.6.2. Importing certificates in clients... 77 2.6.3. Certification Authority configuration with Zentyal... 85 2.6.4. Practical examples... 89.. V VPN O VPN... 89 2.7.1. Introduction to the virtual private networks (VPN)... 90 2.7.2. Configuration of an OpenVPN client... 90 2.7.3. Configuration of a OpenVPN server with Zentyal... 92 2.7.4. Configuration of a VPN server for interconnecting networks... 97 2.7.5. Practical examples... 98 2.7.6. Proposed exercises...101.. VPN S IP L TP IPSEC...101 2.8.1. Introduction to IPsec and L2TP...101 2.8.2. Configuring an IPsec tunnel in Zentyal...102 2.8.3. Configuring an L2TP/IPsec tunnel in Zentyal...103.. S -...106. Z G...109.. Z G...109.. F...109 3.2.1. Introduction to the Firewall System...109 3.2.2. Firewall configuration with Zentyal...110 3.2.3. Port forwarding with Zentyal...114 3.2.4. Source rewriting rules (SNAT) with Zentyal...114 3.2.5. Practical examples...115 3.2.6. Proposed exercises...117.. R...117 3.3.1. Introduction to network routing...117 3.3.2. Configuring routing with Zentyal...118 3.3.3. Configuring traffic balancing with Zentyal...120 3.3.4. Configuring wan-failover in Zentyal...121 3.3.5. Practical examples...123 3.3.6. Proposed Exercises...126.. Q S Q S...126 3.4.1. Introduction to Quality of Service...126 3.4.2. Quality of service configuration in Zentyal...127 3.4.3. Practical examples...129 3.4.4. Proposed exercises...129.. N RADIUS...130 3.5.1. Introduction to RADIUS...130 3.5.2. Configuring an access point with RADIUS...130 3.5.3. Configuration of the RADIUS client...132 3.5.4. Configuring a RADIUS server with Zentyal...134 3.5.5. Practical examples...135.. HTTP P S...135 3.6.1. Introduction to HTTP Proxy Service...135 3.6.2. Configuring the web browser to use the HTTP Proxy...136 3.6.3. HTTP Proxy configuration in Zentyal...139 3.6.4. Access Rules...140 4

3.6.5. Filter profiles...142 3.6.6. Bandwidth Throttling...144 3.6.7. Practical examples...145 3.6.8. Proposed exercises...146.. C P...146 3.7.1. Introduction...146 3.7.2. Configuring a captive portal with Zentyal...147 3.7.3. Exceptions...147 3.7.4. List of Users...148 3.7.5. Using the captive portal...148.. I P S IDS IPS...149 3.8.1. Introduction to Intrusion Detection/Prevention System...149 3.8.2. Configuring an IDS/IPS with Zentyal...150 3.8.3. IDS/IPS Alerts...151 3.8.4. Practical examples...152 3.8.5. Proposed exercises...153.. S -...154. Z O...155.. Z O...155.. U C...155 4.2.1. Introduction to Directory Services...155 4.2.2. Configuration of an OpenLDAP server with Zentyal...156 4.2.3. Configuring external Microsoft Active Directory...162 4.2.4. Deploying master/slave Zentyal configurations...163 4.2.5. User s corner...165 4.2.6. Practical examples...166 4.2.7. Proposed exercises...166.. F D S...167 4.3.1. Introduction to file sharing and Domains...167 4.3.2. Samba 4: the implementation of Active Directory and SMB/CIFS in Linux...167 4.3.3. Configuring Zentyal as a Standalone Domain server...168 4.3.4. Configuring a file server with Zentyal...170 4.3.5. Joining a Windows client to the domain...173 4.3.6. Kerberos Authentication System...175 4.3.7. Group Policy Objects...177 4.3.8. Joining Zentyal server to an existing domain...179 4.3.9. Total Migration...181 4.3.10.Know Limitations...182 4.3.11.Proposed exercises...182.. F T P FTP...183 4.4.1. Introduction to FTP...183 4.4.2. Configuration of a FTP client...184 4.4.3. FTP server configuration with Zentyal...187 4.4.4. Practical examples...188.. W HTTP...189 4.5.1. Introduction to HTTP...189 4.5.2. HTTP server configuration with Zentyal...190 4.5.3. Practical examples...192 4.5.4. Proposed exercises...192.. P...192 5

4.6.1. About the printers sharing service...193 4.6.2. Printer server configuration with Zentyal...193.. B...196 4.7.1. Design of a backup system...196 4.7.2. Zentyal configuration Backup...197.. S -...203. Z U C...205.. Z U C...205.. E M S SMTP POP -IMAP...205 5.2.1. Introduction to the e-mail service...205 5.2.2. SMTP/POP3-IMAP4 server configuration with Zentyal...208 5.2.3. E-mail client configuration...214 5.2.4. Practical examples...219 5.2.5. Proposed exercises...220.. M...221 5.3.1. Introduction to the mail filter...221 5.3.2. Mail filter schema in Zentyal...221 5.3.3. External connection control lists...228 5.3.4. Practical examples...228 5.3.5. Proposed exercises...229.. O C M E...229 5.4.1. Introduction to OpenChange Technology...229 5.4.2. Configuring a stand-alone OpenChange server...230 5.4.3. Configuring the OpenChange Server as an additional exchange server231 5.4.4. Configuring the Microsoft Outlook Client...232 5.4.5. Configuring Out Of Office notifications from the Microsoft Outlook client...235 5.4.6. ActiveSync support...236 5.4.7. OpenChange Webmail...237 5.4.8. Known Limitations...239.. W...240 5.5.1. Introduction to Webmail service...240 5.5.2. Configuring a webmail in Zentyal...240.. G...242 5.6.1. Introduction to the groupware service...242 5.6.2. Configuration of a groupware server (Zarafa) with Zentyal...242 5.6.3. Zarafa basic use cases...245.. I M S J XMPP...248 5.7.1. Introduction to instant messaging service...248 5.7.2. Configuring a Jabber/XMPP server with Zentyal...249 5.7.3. Setting up a Jabber client...251 5.7.4. Setting up Jabber MUC (Multi User Chat) rooms...256 5.7.5. Practical examples...260 5.7.6. Proposed exercises...261.. S -...262. Z M...263.. Z M...263.. L...263 6.2.1. Zentyal log queries...263 6

6.2.2. Configuration of Zentyal logs...266 6.2.3. Log Audit for Zentyal administrators...266 6.2.4. Practical examples...267 6.2.5. Proposed exercises...268.. E...268 6.3.1. Events and alerts configuration in Zentyal...268 6.3.2. Practical examples...270 6.3.3. Proposed exercises...270.. U...271 6.4.1. Introduction to Uninterruptible power supply systems...271 6.4.2. UPS Configuration with Zentyal...271.. M...274 6.5.1. Monitoring in Zentyal...274 6.5.2. Metrics...275 6.5.3. Memory usage...276 6.5.4. File system usage...276 6.5.5. Temperature...277 6.5.6. Bandwidth Monitoring...277 6.5.7. Alerts...278.. A M Z R...279 6.6.1. Zentyal Remote...280 6.6.2. Registering your Zentyal Server to Zentyal Remote...280 6.6.3. Alerts...281 6.6.4. Troubleshooting...282 6.6.5. Summarized reports and group task management...283 6.6.6. Remote management and inventory...284 6.6.7. Free trials...284. A...285.. A A: T V B...285 7.1.1. About virtualization...285 7.1.2. VirtualBox...286.. A B: A...296 7.2.1. Scenario 1: Base scenario, Internet access, internal networks and host network...296 7.2.2. Scenario 2: Multiple internal networks...299 7.2.3. Scenario 3: Multiple gateways...299 7.2.4. Scenario 4: Base scenario + external client...301 7.2.5. Scenario 5: Multi tenancy...302.. A C: D...302 7.3.1. Importing configuration data...302 7.3.2. Advanced Service Customization...303 7.3.3. Development environment of new modules...306 7.3.4. Commercial Editions Release Policy...306 7.3.5. Community Edition Release Cycle...306 7.3.6. Bug management policy...306 7.3.7. Community support...307.. A D: A -...308 7.4.1. Answer to self-assessment questions...308 7

CHAPTER 2 ZENTYAL INFRASTRUCTURE.... I VPN The virtual private networks were designed to allow secure access for remote users connected via the Internet to the corporate network - as well as securely connect different subnets via the Internet. Your users might need to access to the network resources when they are outside the company premises, for example sales people or teleworkers. The solution is to allow these users to connect to your system via the Internet, although this might mean risking the confidentiality, availability and integrity of the communication. To avoid these problems, the connection is not made directly, but through virtual private networks. Using VPN, you can create a secure communications tunnel over the Internet that will only accept connections from authorized users. Traffic is encapsulated and can only be read at the other end. Apart from the security advantages, VPN connections are seen like another local network connection by the Firewall, thus having access to local resources and simplifying the infrastructure needed to offer remote services. The usefulness of the VPN is not limited to remote access by users; an organization may wish to interconnect networks located in different places, such as offices in different cities. Similarly, Zentyal can operate in two modes, as a server for remote users and also as a VPN Client of a VPN hub server. Zentyal integrates OpenVPN and IPsec/L2TP to configure and manage virtual private networks. In this section you will see how to configure OpenVPN, the default VPN protocol in Zentyal. In the following section you will find out how to configure IPsec/L2TP. OpenVPN has the following advantages: Authentication using public key infrastructure. SSL-based encryption technology. Clients available for Windows, Mac OS and Linux. Easier to install, configure and maintain than IPSec, another open source VPN alternative. Allows to use network applications transparently. C O VPN In order to configure a VPN client on Windows, first your system administrator must give you the bundle for your client. Figure 2.57: The system administrator gives you the bundle for your client http://en.wikipedia.org/wiki/virtual_private_network http://openvpn.net/ 90

You must unzip it (click on the file with right button and select Extract all). You will find all the VPN installation files and related certificates. Figure 2.58: Extracted bundle files Right click on the installer and click on Run as administrator, OpenVPN needs to create the virtual network interface and install the drivers. Figure 2.59: Accept the OpenVPN license It is recommended you install all the modules. Figure 2.60: List of modules that will be installed 91

CHAPTER 2 ZENTYAL INFRASTRUCTURE The network Adapter software is not certified for Windows, but it is totally safe to install. Figure 2.61: Despite the warning you can install the driver TIP: You must copy all the files included in the bundle, expect for the OpenVpn installer, to the folder C:\Program Files (x86)\openvpn\config to guarantee the daemon will automatically find them. Once installed, a double click on the shortcut that has appeared in your desktop allows you to connect to the VPN. Figure 2.62: Shortcut to connect to the VPN.. C O VPN Z Zentyal can be configured to support remote clients (sometimes known as road warriors). This means a Zentyal server acting as a gateway and VPN server, with multiple local area networks (LAN) behind it, allows external clients (the road warriors) to connect to the local network via the VPN service. Figure 2.63: Zentyal and remote VPN clients The goal is to connect the data server with other 2 remote clients (sales person and CEO) and also the remote clients to each other. 92

First, you need to create a Certification Authority and individual certificates for the two remote clients. You need to explicitly create an unique certificate for each user that will connect to the VPN through Certification Authority General. Note that you also need a certificate for the VPN server. However, Zentyal will create this certificate automatically. In this scenario, Zentyal acts as a Certification Authority. Figure 2.64: Server certificate (blue underline) and client certificate (black underline) Once you have the certificates, then configure the Zentyal VPN server by selecting Create a new server. The only value you need to enter to create a new server is the name. Zentyal ensures the task of creating a VPN server is easy and it sets the configuration values automatically. Figure 2.65: New VPN server created The following configuration parameters are added automatically and can be changed if necessary: port/protocol, certificate (Zentyal will create one automatically using the VPN server name) and network address. The VPN network addresses are assigned both to the server and the clients. If you need to change the network address you must make sure that there is no conflict with a local network. In addition, you will automatically be notified of local network detail, i.e. the networks connected directly to the network interfaces of the host, through the private network. TIP: Zentyal allows the configuration of VPN with UPD or TCP protocols. UDP is faster and more efficient, as less control information is transmitted, therefore there is more room for data. TCP, on the other hand, is more reliable and can cope better with unstable connections and Internet providers that kill long lasting connections. As you can see, the VPN server will be listening on all external interfaces. Therefore, 93

CHAPTER 2 ZENTYAL INFRASTRUCTURE you must set at least one of your interfaces as external at Network Interfaces. In this scenario only two interfaces are required, one internal for LAN and one external for Internet. If you want the VPN clients to connect between themselves by using their VPN addresses, you must enable the option Allow connections among clients. In most of the cases you can leave the rest of the configuration options with their default values. Figure 2.66: VPN server configuration In case more advanced configuration is necessary: VPN ADDRESS: Indicates the virtual subnet where the VPN server will be located and the clients it has. You must take care that this network does not overlap with any other and for the purposes of firewall, it is an internal network. By default 192.168.160.1/24, the clients will get addresses.2,*.3*, etc. SERVER CERTIFICATE: Certificate that will show the server to its clients. The Zentyal CA issues by default a certificate for the server, with the name vpn- <yourvpnname>. Unless you want to import an external certificate, usually you maintain this configuration. AUTHORIZE THE CLIENT BY THE COMMON NAME: Requires that the common name of the client certificate will start with the selected string of characters to authorize the connection. TUN INTERFACE: By default a TAP type interface is used, more similar to a bridge of Layer 2. You can also use a TUN type interface more similar to a IP node of Layer 3. NETWORK ADDRESS TRANSLATION (NAT): It is recommended to enable this translation if the Zentyal server that accepts the VPN connections is not a default gateway of the internal networks to which you can access from the VPN. Like this the clients of these internal networks respond to Zentyal s VPN instead of the gateway. If Zentyal server is both the VPN server and the gateway (most common case), this option is indifferent. 94

Figure 2.67: VPN server using NAT to become the gateway for the VPN connection REDIRECT GATEWAY : If this option is not checked, the external client will access through the VPN to the established networks, but will use his/her local connection to access to Internet and/or rest of the reachable networks. By checking this option you can achieve that all the traffic of the client will go through the VPN. The VPN can also indicate name servers, search domain and WINS servers to overwrite those of the client. This is specially useful in the case you have redirected the gateway. After having created the VPN server, you must enable the service and save the changes. Later you must check in Dashboard that the VPN server is running. Figure 2.68: Widget of the VPN server After this, you must advertise networks, i.e. routes between the VPN networks and between other networks known by your server. These networks will be accessible by authorised VPN clients. To do this, you have to enable the objects you have defined, see High-level Zentyal abstractions, in the most common case, all internal networks. 95

CHAPTER 2 ZENTYAL INFRASTRUCTURE You can configure the advertised networks for this VPN server through the interface of Advertised networks. Figure 2.69: Advertised networks of your VPN server Once you have done this, it is time to configure the clients. The easiest way to configure a VPN client is by using the Zentyal bundles - installation packages that include the VPN configuration file specific to each user and optionally, an installation program. These are available in the table at VPN Servers, by clicking the icon in the column Download client bundle. You can create bundles for Windows, Mac OS and Linux clients. When you create a bundle, select those certificates that will be used by the clients and set the external IP addresses to which the VPN clients must connect. As you can see the image below, you have one main VPN server and up to two secondary servers, depending on the Connection strategy you will try establishing connection in order or trying a random one. Moreover, if the selected system is Windows, you can also add an OpenVPN installer. The Zentyal administrator will download the configuration bundles to the clients using the most appropriate method. Figure 2.70: Download client bundle A bundle includes the configuration file and the necessary files to start a VPN connection. You now have access to the data server from both remote clients. If you want to use the local Zentyal DNS service through the private network, you need to configure these clients to use Zentyal as name server. Otherwise, it will not be possible to access services by the hosts in the LAN by name, but only by IP address. Also, to browse shared files from the VPN you must explicitly allow the broadcast of traffic from the Samba server. For additional information about file sharing go to section File sharing and Domain Services 96

You can see the users currently connected to the VPN service in the Zentyal Dashboard. You need to add this widget from Configure widgets, located in the upper part of the Dashboard. Figure 2.71: Widget with connected clients.. C VPN In this scenario two offices in different networks need to be connected via private network. To do this, you will use Zentyal as a gateway in both networks. One will act as a VPN client and the other as a server. The following image clarifies the scenario: Figure 2.72: Office interconnection with Zentyal through VPN tunnel The goal is to connect multiple offices, their Zentyal servers and their internal networks so that one, single network infrastructure can be created in a secure way and through Internet. To do this you need to configure a VPN server similarly as explained previously. However, you need to make two small changes. First, enable the Allow Zentyal-to- Zentyal tunnels to exchange routes between Zentyal servers. And then, introduce a Password for Zentyal-to Zentyal tunnels to establish the connection between the two offices in a safer environment. Another important difference is the routing information exchange, in the roadwarrior to server scenario described above, the server pushes network routes to the client. In the server to server scenario, routes are exchanged in both directions, and propagated to other clients using the RIP protocol. Therefore, you can, as a client, configure the Advertised Networks that will be propagated to the other nodes. http://www.ietf.org/rfc/rfc1058 97

CHAPTER 2 ZENTYAL INFRASTRUCTURE Figure 2.73: Zentyal as VPN client You can configure Zentyal as a VPN client at VPN Clients. You must give a name to the client and enable the service. You can configure the client manually or automatically by using the bundle provided by the VPN server. If you do not use the bundle, you must introduce the IP address and protocol-port for the server accepting requests. The tunnel password and certificates used by the client will also be required. These certificates must have been created by the same certification authority the server uses. Figure 2.74: Automatic client configuration using VPN bundle When you Save changes in the Dashboard, you can see a new OpenVPN daemon running as a client and the objective connection directed towards another Zentyal server configured as a server. Figure 2.75: Dashboard of a Zentyal server configured as a VPN client.. P P A In this example you will configure a VPN server and a client on a computer located on an external network; you will connect to the VPN, through which you can access to the host located in a local network - and to which only the server can access through an internal interface. Therefore: 98

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information