Zentyal and VPN

I am so happy I could dance a jig. I finally figured out Zentyal’s VPN server, and have I have it working with all of my Android devices. As it turns out, the solution was so simple if it was a snake it would have bit me. I found a lot of help for Zentyals VPN just none for using it with an Android device. This is how I was able to get it all to work.

Create a new VPN Server, something like mydomain.vpn.

I don’t remember having to do much to the defualt configuration.

  • UDP Port 1194.
  • I used the default IP address.
  • Choose your server certificate, vpn-mydomain.vpn. This was automatically generated if I recall correctly?
  • Client Auth, choose your server. If your Zentyal installation was named MyHomeServer then that is what this would be as well.
  • Enable TUN interface.
  • Enable NAT.
  • Enable Client-to-Client connections (this is optional, it is not required).
  • DISABLE Allow Zentyal-to-Zentyal tunnels. If you need them then you probably don’t need my simple advice.
  • DISABLE Reject routes pushed by Zentyal tunnel clients.
  • Listen on ALL interfaces.
  • Redirect Gateway is enabled.*
  • First nameserver. Should be the IP address of your Zentyal server.
  • Second nameserver. Not required but I have mine set to 8.8.8.8.
  • Search Domain is BLANK.
  • WINS Server is BLANK.

No changes where made to Advertised Networks.

Now this is where I have always had issues in the past. Trying to get my Android device to connect to the VPN. I have been successful in the past using OpenVPN-AS and the Android software but not with Zentyal.

I am still using the official OpenVPN Android app from the Play Store the trick here is you need to import the profile from the SD card instead of automatically downloading it from the server like when using OpenVPN-AS.

  • Client type, select Linux.
  • Client’s certificate, select the name of your Zentyal server.
  • Server address, this is the external address of your Zentyal server. Either a static IP or domain.
  • Additional and Second Additional server addresses are BLANK.
  • Then download the configuration file.

You should now have a file called something like mydomain.vpn-client-myservername.tar.gz. Open it up and extract the files. You should have:

  • 0EFC76386GC758CJ.pem (your file name will vary)
  • cacert.pem
  • mydomain.vpn-client.conf
  • myserver.pem

Now you to get it all to work with Android you need to rename the .conf file to .ovpn.

  • rename: mydomain.vpn-client.conf –> mydomain.vpn-client.ovpn

Copy all of these files to your Android device (with OpenVPN installed). I just emailed myself all of the files that makes it easy to get them on all of my devices. Once copied to your Android open up OpenVPN.

  • Menu > Import > Import Profile from SD Card > (the location you saved the files to)

You should be good to go from there and able to connect! Hope that helps.