Zentyal 3.2 PPTP Server

Here is howto install Zentyal 3.2 PPTP Server. Since Zentyal 3.2 the developers have decided to remove the PPTP Server and now provide a more secured implementation together with L2TP and IPSec.

But as i can notice L2TP with IPSec is buggy and I’ve managed to fix the issue that i have but also decided to install PPTP Server and remove it after there is more stable release.

ADVERTISEMENT

This example is for the Zentyal 3.2 Server installation which is using Ubuntu 12.04 LTS.

Install and configure the PPTP Server

Login as root and install the PPTP Server

sudo su
apt-get install pptpd

My /etc/ppp/pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns <my Zentyal IP>
proxyarp
nodefaultroute
debug
lock
nobsdcomp
mtu 1200
mru 1200
plugin winbind.so
ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="MYDOMAIN\\VPN-Clients"'

The last two lines are for Authentication, this line will allow PPTP connections to all clinets that are members of my VPN-Clients group.

My /etc/pptpd.conf

option /etc/ppp/pptpd-options
logwtmp
bcrelay eth0
localip 192.168.0.170
remoteip 192.168.0.171-179

I’m using the bcrelay on my eth0 interface that is my internal LAN interface

Configure Zentyal Firewall

Now you need to allow traffic from your VPN clients to your local network. Create file /etc/zentyal/hooks/firewall.postservice and add your IP range to fnospoofmodules and inospoofmodules

vi /etc/zentyal/hooks/firewall.postservice
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.171/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.171/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.172/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.172/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.173/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.173/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.174/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.174/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.175/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.175/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.176/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.176/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.177/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.177/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.178/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.178/32 -j iaccept
/sbin/iptables -t filter -A fnospoofmodules -s 192.168.0.179/32 -j faccept
/sbin/iptables -t filter -A inospoofmodules -s 192.168.0.179/32 -j iaccept
exit 0

Don’t forget the exit 0 at the end.

Now we need to allow PPTP traffic to our Zentyal Server. Go to Network -> Services and Add new PPTP Service with TCP 1723 and GRE protocol

Zentyal PPTP service

Now Allow the traffic on the WAN interfaces. Go to Firewall -> Packet Filter -> Filtering rules from external networks to Zentyal and add the PPTP service

Zentyal PPTP xternal interface

With this configuration you will be able to have PPTP clients connect to your Zentyal 3.2 Server and to enable client to connect just add him to VPN-Clients group.

Zentyalhttp://www.zentyal.org/