Zentyal 3.2 PPTP Server


Here is howto install Zentyal 3.2 PPTP Server. Since Zentyal 3.2 the developers have decided to remove the PPTP Server and now provide a more secured implementation together with L2TP and IPSec.

But as i can notice L2TP with IPSec is buggy and I’ve managed to fix the issue that i have but also decided to install PPTP Server and remove it after there is more stable release.

This example is for the Zentyal 3.2 Server installation which is using Ubuntu 12.04 LTS.

Install and configure the PPTP Server

Login as root and install the PPTP Server

sudo su
apt-get install pptpd

My /etc/ppp/pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns <my Zentyal IP>
proxyarp
nodefaultroute
debug
lock
nobsdcomp
mtu 1200
mru 1200
plugin winbind.so
ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="MYDOMAIN\\VPN-Clients"'

The last two lines are for Authentication, this line will allow PPTP connections to all clinets that are members of my VPN-Clients group.

My /etc/pptpd.conf

option /etc/ppp/pptpd-options
logwtmp
bcrelay eth0
localip 192.168.0.170
remoteip 192.168.0.171-179

I’m using the bcrelay on my eth0 interface that is my internal LAN interface

Configure Zentyal Firewall

Now you need to allow traffic from your VPN clients to your local network. Create file /etc/zentyal/hooks/firewall.postservice and add your IP range to fnospoofmodules and inospoofmodules

vi /etc/zentyal/hooks/firewall.postservice
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.171/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.171/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.172/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.172/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.173/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.173/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.174/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.174/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.175/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.175/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.176/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.176/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.177/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.177/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.178/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.178/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.179/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.179/32 -j iaccept
exit 0

Don’t forget the exit 0 at the end.

Now we need to allow PPTP traffic to our Zentyal Server. Go to Network -> Services and Add new PPTP Service with TCP 1723 and GRE protocol

Zentyal PPTP service

Now Allow the traffic on the WAN interfaces. Go to Firewall -> Packet Filter -> Filtering rules from external networks to Zentyal and add the PPTP service

Zentyal PPTP xternal interface

With this configuration you will be able to have PPTP clients connect to your Zentyal 3.2 Server and to enable client to connect just add him to VPN-Clients group.

Zentyalhttp://www.zentyal.org/



Subscribe
Notify of
guest
9 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Damjan MOMIROVSKI
Damjan MOMIROVSKI
6 years ago

How to access Zentyal through RDP. *Note*: this method is provided for reference only, and is not intended as a supported method of accessing Zentyal desktop interface. Use at your own risk. Question: How can I access Zentyal Server graphic environment using an RDP client (i.e. Windows Remote Desktop or Vinagre)? Answer: In order to access Zentyal through Remote Desktop Protocol, first we should install the xrdp daemon: sudo apt-get install xrdp Check that this should install, apart from xrdp, tightvncviewer server. In some scenarios, however, it installs vnc4server, or does not install any of these becausevnc4server is already installed.… Read more »

Laurent
Laurent
6 years ago

Why adding identical rules so many times ?

/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.179/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.179/32 -j iaccept

nstojanoski
nstojanoski
6 years ago
Reply to  Laurent

it’s because I’ve added all the IP’s that i use for my PPTP connections in /etc/pptpd.conf:

remoteip 192.168.0.171-179

Regards

Jamo
Jamo
5 years ago

Nick, This is an awesome post. Everything work for me the first time. You are the man.

Manel
Manel
4 years ago

hello, is this the same when adding pptp to zentyal 4.0 ?

nstojanoski
nstojanoski
4 years ago
Reply to  Manel

Hello Manel,

I haven’t tested it but it should work because I’m using the linux pptpd package and adding firewall rules so the server will not block the PPTP traffic.

Regards,
Nikola

Manel
Manel
4 years ago
Reply to  nstojanoski

Hello Nikola,
I do need your help please , when i modify /etc/ppp/pptpd-options and /etc/pptpd.conf
it is impossible to save them because i have not the right it is read only . I tried to modify the right with this cmd ( chmod u+w /etc/ppp/pptpd-options) and i failed also. I have copied it and created a new file containing the file and i failed too . What should i do .Thank you for answering

2016-03-17 8:44 GMT+01:00 lahmar manel :

nstojanoski
nstojanoski
4 years ago
Reply to  Manel

type: sudo su
enter your password and you will be logged in as root, then you will be able to change the file

Regards,
NIkola

Manel
Manel
4 years ago
Reply to  nstojanoski

Hello Nikola,

I can’t do it . Did you meant by “you will be able to have PPTP clients connect to your Zentyal 3.2 Server and to enable client to connect just add him to VPN-Clients group” i tried but i failed what should i do . I do really need your help please.

Advertisement