Zentyal 3.2 PPTP Server


Here is howto install Zentyal 3.2 PPTP Server. Since Zentyal 3.2 the developers have decided to remove the PPTP Server and now provide a more secured implementation together with L2TP and IPSec.

But as i can notice L2TP with IPSec is buggy and I’ve managed to fix the issue that i have but also decided to install PPTP Server and remove it after there is more stable release.

This example is for the Zentyal 3.2 Server installation which is using Ubuntu 12.04 LTS.

Install and configure the PPTP Server

Login as root and install the PPTP Server

sudo su
apt-get install pptpd

My /etc/ppp/pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns <my Zentyal IP>
proxyarp
nodefaultroute
debug
lock
nobsdcomp
mtu 1200
mru 1200
plugin winbind.so
ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="MYDOMAIN\\VPN-Clients"'

The last two lines are for Authentication, this line will allow PPTP connections to all clinets that are members of my VPN-Clients group.

My /etc/pptpd.conf

option /etc/ppp/pptpd-options
logwtmp
bcrelay eth0
localip 192.168.0.170
remoteip 192.168.0.171-179

I’m using the bcrelay on my eth0 interface that is my internal LAN interface

Configure Zentyal Firewall

Now you need to allow traffic from your VPN clients to your local network. Create file /etc/zentyal/hooks/firewall.postservice and add your IP range to fnospoofmodules and inospoofmodules

vi /etc/zentyal/hooks/firewall.postservice
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.171/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.171/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.172/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.172/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.173/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.173/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.174/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.174/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.175/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.175/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.176/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.176/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.177/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.177/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.178/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.178/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.179/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.179/32 -j iaccept
exit 0

Don’t forget the exit 0 at the end.

Now we need to allow PPTP traffic to our Zentyal Server. Go to Network -> Services and Add new PPTP Service with TCP 1723 and GRE protocol

Zentyal PPTP service

Now Allow the traffic on the WAN interfaces. Go to Firewall -> Packet Filter -> Filtering rules from external networks to Zentyal and add the PPTP service

Zentyal PPTP xternal interface

With this configuration you will be able to have PPTP clients connect to your Zentyal 3.2 Server and to enable client to connect just add him to VPN-Clients group.

Zentyalhttp://www.zentyal.org/



9
Leave a Reply

avatar
4 Comment threads
5 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
ManelJamonstojanoskiLaurentDamjan MOMIROVSKI Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Damjan MOMIROVSKI
Guest
Damjan MOMIROVSKI

How to access Zentyal through RDP. *Note*: this method is provided for reference only, and is not intended as a supported method of accessing Zentyal desktop interface. Use at your own risk. Question: How can I access Zentyal Server graphic environment using an RDP client (i.e. Windows Remote Desktop or Vinagre)? Answer: In order to access Zentyal through Remote Desktop Protocol, first we should install the xrdp daemon: sudo apt-get install xrdp Check that this should install, apart from xrdp, tightvncviewer server. In some scenarios, however, it installs vnc4server, or does not install any of these becausevnc4server is already installed.… Read more »

Laurent
Guest
Laurent

Why adding identical rules so many times ?

/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.179/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.179/32 -j iaccept

nstojanoski
Guest
nstojanoski

it’s because I’ve added all the IP’s that i use for my PPTP connections in /etc/pptpd.conf:

remoteip 192.168.0.171-179

Regards

Jamo
Guest
Jamo

Nick, This is an awesome post. Everything work for me the first time. You are the man.

Manel
Guest
Manel

hello, is this the same when adding pptp to zentyal 4.0 ?

nstojanoski
Guest
nstojanoski

Hello Manel,

I haven’t tested it but it should work because I’m using the linux pptpd package and adding firewall rules so the server will not block the PPTP traffic.

Regards,
Nikola

Manel
Guest
Manel

Hello Nikola,
I do need your help please , when i modify /etc/ppp/pptpd-options and /etc/pptpd.conf
it is impossible to save them because i have not the right it is read only . I tried to modify the right with this cmd ( chmod u+w /etc/ppp/pptpd-options) and i failed also. I have copied it and created a new file containing the file and i failed too . What should i do .Thank you for answering

2016-03-17 8:44 GMT+01:00 lahmar manel :

nstojanoski
Guest
nstojanoski

type: sudo su
enter your password and you will be logged in as root, then you will be able to change the file

Regards,
NIkola

Manel
Guest
Manel

Hello Nikola,

I can’t do it . Did you meant by “you will be able to have PPTP clients connect to your Zentyal 3.2 Server and to enable client to connect just add him to VPN-Clients group” i tried but i failed what should i do . I do really need your help please.

Advertisement