Index [zentyal.com]...Similarly, Zentyal can operate in two modes, as a server for remote users and also as a VPN Client of a VPN hub server. Zentyal integrates OpenVPN to conﬁgure

Index

. I Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.. P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.1.1. SMBs and ITC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.1.2. Zentyal Linux Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.1.3. About this manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

.. I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111.2.1. Zentyal installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121.2.2. Initial configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211.2.3. Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

.. F Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281.3.1. Zentyal webadmin interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281.3.2. Network configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351.3.3. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441.3.4. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

.. S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451.4.1. Software updates in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451.4.2. Management of Zentyal components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451.4.3. System Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481.4.4. Automatic updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491.4.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501.4.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

.. L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501.5.1. Zentyal log queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501.5.2. Configuration of Zentyal logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521.5.3. Log Audit for Zentyal administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531.5.4. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541.5.5. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

.. C B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551.6.1. Zentyal configuration backup feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551.6.2. Zentyal configuration Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551.6.3. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561.6.4. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

.. S- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

. Z I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59.. I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

.. H- Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602.2.1. Network objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602.2.2. Network services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622.2.3. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642.2.4. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

.. D N S DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

3

2.3.1. Introduction to DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662.3.2. DNS cache server configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702.3.3. Transparent DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722.3.4. DNS Forwarders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732.3.5. Configuration of an authoritative DNS server with Zentyal. . . . . . . . . . . . . . 732.3.6. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772.3.7. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

.. T NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792.4.1. Introduction to NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792.4.2. Configuring an NTP server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792.4.3. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812.4.4. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

.. N DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822.5.1. Introduction to DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822.5.2. DHCP server configuration with Zentyal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832.5.3. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 872.5.4. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

.. C CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882.6.1. Public Key Infrastructure (PKI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882.6.2. Importing certificates in clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912.6.3. Certification Authority configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . 982.6.4. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1042.6.5. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

.. V VPN OVPN. . . . . . . . . . . . . . . . . . . .1052.7.1. Introduction to the virtual private networks (VPN) . . . . . . . . . . . . . . . . . . . . . . . .1052.7.2. Configuration of a OpenVPN server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . .1062.7.3. Configuration of a VPN server for interconnecting networks . . . . . . . . . . .1122.7.4. Configuration of an OpenVPN client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1132.7.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1162.7.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

.. VPN S IP LTPIPSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1182.8.1. Introduction to IPsec and L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1182.8.2. Configuring an IPsec tunnel in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1192.8.3. Configuring an L2TP/IPsec tunnel in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1212.8.4. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1222.8.5. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

.. F T P FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1232.9.1. Introduction to FTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1232.9.2. Configuration of a FTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1242.9.3. FTP server configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1282.9.4. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1292.9.5. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

..V M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1302.10.1.Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1302.10.2.Creating virtual machines with Zentyal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1302.10.3.Virtual machine maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1332.10.4.Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1352.10.5.Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

..B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1362.11.1.Design of a backup system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1362.11.2.Data backup configuration in a Zentyal server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1372.11.3.Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1412.11.4.Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142

4

..S- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

. Z G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145.. I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145

.. F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1453.2.1. Introduction to the Firewall System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1453.2.2. Firewall configuration with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1463.2.3. Port forwarding with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1503.2.4. Source rewriting rules (SNAT) with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1503.2.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1523.2.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

.. R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1543.3.1. Introduction to network routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1543.3.2. Configuring routing with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1543.3.3. Configuring traffic balancing with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1573.3.4. Configuring wan-failover in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1593.3.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1613.3.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

.. N RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1633.4.1. Introduction to RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1633.4.2. Configuring an access point with RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1633.4.3. Configuration of the RADIUS client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1653.4.4. Configuring a RADIUS server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1683.4.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1703.4.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170

.. HTTP P S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1703.5.1. Introduction to HTTP Proxy Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1703.5.2. Configuring the web browser to use the HTTP Proxy . . . . . . . . . . . . . . . . . . . . .1713.5.3. HTTP Proxy configuration in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1753.5.4. Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1763.5.5. Filter profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1783.5.6. Bandwidth Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1833.5.7. HTTPS block by domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1843.5.8. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1853.5.9. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

.. I P S IDSIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1873.6.1. Introduction to Intrusion Detection/Prevention System . . . . . . . . . . . . . . . . .1873.6.2. Configuring an IDS/IPS with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1883.6.3. IDS/IPS Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1893.6.4. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1893.6.5. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

.. S- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

. Z D D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193.. I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

.. D C F S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1934.2.1. Introduction to Directory and Domain Services. . . . . . . . . . . . . . . . . . . . . . . . . . . .1934.2.2. Configuring a Domain Server with Zentyal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1954.2.3. Configuring Zentyal as a Standalone Domain server. . . . . . . . . . . . . . . . . . . . . .2004.2.4. Joining a Windows client to the domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2024.2.5. Kerberos Authentication System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2044.2.6. Changing the user password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

5

4.2.7. Group Policy Objects (GPO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2064.2.8. Joining Zentyal Server to an existing domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2074.2.9. Total Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2104.2.10.Known Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2114.2.11.Configuring a file server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2114.2.12.Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2154.2.13.Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216

.. A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2174.3.1. Configuring the Antivirus module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2174.3.2. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2184.3.3. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219

.. S- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220

. Z C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221.. I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

.. E M S SMTPPOP-IMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2215.2.1. Introduction to the e-mail service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2215.2.2. SMTP/POP3-IMAP4 server configuration with Zentyal . . . . . . . . . . . . . . . . . . . .2245.2.3. E-mail client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2305.2.4. Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2385.2.5. ActiveSync® support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2405.2.6. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2405.2.7. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

.. M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2425.3.1. Introduction to the mail filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2425.3.2. Mail filter schema in Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2425.3.3. Grey list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2425.3.4. Content filtering system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2435.3.5. Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2445.3.6. Antispam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2445.3.7. SMTP mail filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2465.3.8. External connection control lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2485.3.9. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2495.3.10.Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250

.. I M S JXMPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2505.4.1. Introduction to instant messaging service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2505.4.2. Configuring a Jabber/XMPP server with Zentyal . . . . . . . . . . . . . . . . . . . . . . . . . . .2515.4.3. Setting up a Jabber client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2535.4.4. Setting up Jabber MUC (Multi User Chat) rooms . . . . . . . . . . . . . . . . . . . . . . . . . . .2585.4.5. Practical examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2635.4.6. Proposed exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264

.. S- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265

. A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267.. A A: T VB . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

6.1.1. About virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2676.1.2. VirtualBox. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268

.. A B: A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2806.2.1. Scenario 1: Base scenario, Internet access, internal networks and

host network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2806.2.2. Scenario 2: Multiple internal networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2826.2.3. Scenario 3: Multiple gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283

6

6.2.4. Scenario 4: Base scenario + external client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2856.2.5. Scenario 5: Multi tenancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

.. A C: D . . . . . . . . . . . . . . . . . .2876.3.1. Importing configuration data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2876.3.2. Advanced Service Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2886.3.3. Development environment of new modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2906.3.4. Commercial Edition Release Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2906.3.5. Development Edition Release Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2916.3.6. Bug management policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2916.3.7. Community support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

.. A D: A - . . . . . . . . . . . . . . . . . . . . . . .2916.4.1. Answers to self-assessment questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292

7

EFFECT: The new certificates with the Common Name will be issue after savechanges.

6. ACTION Click on Save Changes top button.

EFFECT: All the certificates are generated and the modules are configured withthese certificates.

.. P

E A

Review all the certificates issued by the CA by using commands ‘cat’ and ‘openssl’.Keep in mind that all the generated certificates are stored in /var/lib/zentyal/CA/.

. V VPN OVPN

.. I VPN

The virtual private networks were designed to allow secure access for remoteusers connected via the Internet to the corporate network as well as securely con-nect different subnets via the Internet.

Your users might need to access to the internal network resources when they are out-side the company premises, for example sales people or teleworkers. The solution isto allow these users to connect to your system via the Internet, although this mightmean risking the confidentiality, availability and integrity of the communication. Toavoid these problems the connection is not made directly but through virtual privatenetworks.

Using VPN you can create a secure communications tunnel over the Internet that willonly accept connections from authorized users. Traffic is encapsulated and can onlybe read at the other end. Apart from the security advantages VPN connections areseen like another local network connection by the Firewall, thus, having access tolocal resources and simplifying the infrastructure needed to offer remote services.

The usefulness of the VPN is not limited to remote access by users. An organizationmay wish to interconnect networks located in different places, such as offices in dif-ferent cities.

Similarly, Zentyal can operate in two modes, as a server for remote users and also asa VPN Client of a VPN hub server.

Zentyal integrates OpenVPN to configure and manage virtual private networks. Inthis section you will see how to configure OpenVPN, who has the following advan-tages:

Authentication using public key infrastructure.

SSL-based encryption technology.

Clients available for Windows, Mac OS and Linux.

Easier to install, configure and maintain than IPSec, (another open source VPN al-ternative).

Allows to use network applications transparently.

http://en.wikipedia.org/wiki/Virtual_private_network http://openvpn.net/

105

CHAPTER 2ZENTYAL INFRASTRUCTURE

.. C OVPN Z

Zentyal can be configured to support remote clients, (sometimes known as road war-riors). This means a Zentyal server acting as a gateway and VPN server with multiplelocal area networks, (LAN), behind it, allows external clients, (the road warriors), toconnect to the local network via the VPN service.

Figure 2.54: Zentyal and remote VPN clients

The goal is to connect the data server with other two remote clients, (Business man-ager and Client), and also the remote clients to each other.

First, you need to create a Certification Authority and individual certificates for thetwo remote clients. You need to explicitly create an unique certificate for each userthat will connect to the VPN through Certification Authority→ General.

Note that you also need a certificate for the VPN server. However, Zentyal will issuethis certificate automatically when new VPN server is created.

In this scenario Zentyal acts as a Certification Authority.

Figure 2.55: Server certificate (blue underline) and client certificate (black underline)

Once you have the certificates then configure the Zentyal VPN server by selecting Cre-ate a new server. The only value you need to enter to create a new server is the name.Zentyal ensures the task of creating a VPN server is easy and it sets the configurationvalues automatically.

106

Figure 2.56: New VPN server created

The following configuration parameters are added automatically and can be changedif necessary: port/protocol, certificate, (Zentyal will create one automatically usingthe VPN server name), and network address. The VPN network addresses are assignedboth to the server and the clients. If you need to change the network address youmust make sure that there is no conflict with a local network. In addition you willautomatically be notified of local network detail, i.e. the networks connected directlyto the network interfaces of the host, through the private network.

TIP: Zentyal allows the configuration of VPN with UPD or TCP protocols. UDPis faster and more efficient, as less control information is transmitted, thereforethere is more room for data. TCP, on the other hand, is more reliable and cancope better with unstable connections and Internet providers that kill long last-ing connections.

As you can see the VPN server will be listening on all external interfaces. Thereforeyou must set at least one of your interfaces as external at Network → Interfaces. Inthis scenario only two interfaces are required, one internal for LAN and one externalfor Internet.

If you want the VPN clients to connect between themselves by using their VPN ad-dresses, you must enable the option Allow connections among clients.

In most of the cases you can leave the rest of the configuration options with theirdefault values.

107


Figure 2.57: VPN server configuration

In case more advanced configuration is necessary:

VPN ADDRESS: Indicates the virtual subnet where the VPN server will be locatedand the clients it has. You must take care that this network does not overlap withany other and for the purposes of firewall, it is an internal network. By default192.168.160.1/24, the clients will get addresses .2,*.3*, etc.

SERVER CERTIFICATE: Certificate that will show the server to its clients. TheZentyal CA issues by default a certificate for the server, with the name vpn-<yourvpnname>. Unless you want to import an external certificate, usually youmaintain this configuration.

108

CLIENT AUTHORIZATION BY COMMON NAME: Requires that the common name of theclient certificate will start with the selected string of characters to authorize theconnection.

TUN INTERFACE: By default a TAP type interface is used, more similar to a bridge ofLayer 2. You can also use a TUN type interface more similar to a IP node of Layer3.

NETWORK ADDRESS TRANSLATION: (NAT) It is recommended to enable this transla-tion if the Zentyal server that accepts theVPN connections is not a default gatewayof the internal networks towhich you can access from the VPN. Like this the clientsof these internal networks respond to Zentyal’s VPN instead of the gateway. IfZentyal server is both the VPN server and the gateway, (most common case), thisoption is indifferent.

Figure 2.58: VPN server using NAT to become the gateway for the VPN connection

REDIRECT GATEWAY : If this option is not checked, the external client will accessthrough the VPN to the established networks, but will use his/her local connectionto access to Internet and/or rest of the reachable networks. By checking this optionyou can achieve that all the traffic of the client will go through the VPN.

The VPN can also indicate name servers, search domain and WINS servers to over-write those of the client. This is specially useful in the case you have redirected thegateway.

After having created the VPN server you must enable the service and save thechanges. Later you must check in Dashboard that the VPN server is running.

109


Figure 2.59: Widget of the VPN server

After this you must advertise networks, i.e. routes between the VPN networks andbetween other networks known by your server. These networks will be accessible byauthorised VPN clients. To do this you have to enable the objects you have defined,(see High-level Zentyal abstractions), in the most common case, all internal networks.You can configure the advertised networks for this VPN server through the interfaceof Advertised networks.

Figure 2.60: Advertised networks of your VPN server

Once you have done this, it is time to configure the clients. The easiest way to con-figure a VPN client is by using the Zentyal bundles, (installation packages that includethe VPN configuration file specific to each user and optionally, an installation pro-gram). These are available in the table at VPN → Servers, by clicking the icon in thecolumn Download client bundle. You can create bundles for Windows, Mac OS andLinux clients. When you create a bundle select those certificates that will be used bythe clients and set the external IP addresses to which the VPN clients must connect.

As you can see the image below you can have onemain VPN server and up to two sec-ondary servers depending on the Connection strategy when defining the connectionorder or you can also try a random order.

Moreover, if the selected system is Windows, you can also add an OpenVPN installer.The Zentyal administrator will download the configuration bundles to the clients us-ing the most appropriate method.

110

Figure 2.61: Download client bundle

A bundle includes the configuration file and the necessary files to start a VPN connec-tion.

You now have access to the data server from both remote clients. If you want touse the local Zentyal DNS service through the private network you need to config-ure these clients to use Zentyal as name server. Otherwise it will not be possibleto access services by the hosts in the LAN by name, but only by IP address. Also, tobrowse shared files from the VPN , you must explicitly allow the broadcast of trafficfrom the Samba server.

You can see the users currently connected to the VPN service in the Zentyal Dash-board. You need to add this widget from Configure widgets, located in the upper partof the Dashboard.

Figure 2.62: Widget with connected clients

For additional information about file sharing go to section Domain Controller and File Sharing

111


.. C VPN

In this scenario two offices in different networks need to be connected via privatenetwork. To do this you will use Zentyal as a gateway in both networks. One will actas a VPN client and the other as a server. The following image clarifies the scenario:

Figure 2.63: Office interconnection with Zentyal through VPN tunnel

The goal is to connect multiple offices, their Zentyal servers and their internal net-works, so that one single network infrastructure can be created in a secure waythrough Internet. To do this you need to configure a VPN server similarly as explainedpreviously.

However, you need to make two small changes. First, enable the Allow Zentyal-to-Zentyal tunnels to exchange routes between Zentyal servers, and then introduce aPassword for Zentyal-to-Zentyal tunnels to establish the connection between the twooffices in a safer environment. Take into account that you need to advertise the LANnetworks in Advertised Networks.

Another important difference is the routing information exchange. In the roadwar-rior to server scenario described previously the server pushes network routes to theclient. In the server to server scenario routes are exchanged in both directions andpropagated to other clients using the RIP protocol. Therefore you can, as a client,configure the Advertised Networks that will be propagated to the other nodes.

Figure 2.64: Zentyal as VPN client

You can configure Zentyal as a VPN client at VPN→ Clients. You must give a name tothe client and enable the service. You can configure the client manually or automat-ically by using the bundle provided by the VPN server. If you do not use the bundleyoumust introduce the IP address and protocol-port for the server accepting requests.The tunnel password and certificates used by the client will also be required. These

http://www.ietf.org/rfc/rfc1058

112

certificates must have been created by the same certification authority the serveruses.

Figure 2.65: Automatic client configuration using VPN bundle

When you Save changes in the Dashboard you can see a new OpenVPN daemon run-ning as a client and the objective connection directed towards another Zentyal serverconfigured as a server.

Figure 2.66: Dashboard of a Zentyal server configured as a VPN client

The propagation of routes can take a few minutes.

.. C OVPN

In order to configure a VPN client on Windows first your system administrator mustgive you the bundle for your client.

Figure 2.67: The system administrator gives you the bundle for your client

You must unzip it, (click on the file with right button and select Extract all). You willfind all the VPN installation files and related certificates.

113


Figure 2.68: Extracted bundle files

Right click on the installer and click onRunasadministrator. OpenVPNneeds to createthe virtual network interface and install the drivers.

Figure 2.69: Accept the OpenVPN license

It is recommended you install all the modules.

114

Figure 2.70: List of modules that will be installed

The network adapter software is not certified for Windows but it is totally safe toinstall.

Figure 2.71: Despite the warning you can install the driver

TIP: You must copy all the files included in the bundle, except for the OpenVPNinstaller, to the folder C:\Program Files (x86)\OpenVPN\config to guarantee thedaemon will automatically find them.

Once installed a double click on the shortcut that has appeared in your desktop allowsyou to connect to the VPN.

115


Figure 2.72: Shortcut to connect to the VPN

.. P

P A

“JD Consulting Inc.” has equipped its two sales agents with corporate laptops. Theselaptops need to have access to company intranet. Grant the sales agents access byusing the OpenVPN module.

1. ACTION Access the Zentyal interface, go to side menu Software Management →Zentyal Components.

EFFECT: Zentyal shows a list with all installable modules.

2. ACTION Select the VPN module and click on Install button.

EFFECT: A modal window with module info is shown, once you have confirmed,the installation process starts to install the own module and its dependencies.

3. ACTION Go to Module Status and enable the VPN module, to do this, check thebox at the Select column. It will inform us about what changes will be done in theSystem. Allow the operation clicking the Accept button.

EFFECT: The button Save Changes has been enabled.

4. ACTION Go to side menu VPN –> Servers. Click on Add new and set a name to theVPN connection in Name. Click on Add.

EFFECT: The new VPN connection is listed.

5. ACTION Click onConfigure in the newVPNconnection. Check theboxAllowclient-to-client connections and Redirect gateway. Click on Change.

EFFECT: The configuration file is modified and is ready to be applied.

6. ACTION Go to the VPN –> Servers. Click on Configure in the Advertised networkscolumn.

EFFECT: All the networks that will be shared are listed.

7. ACTION Set the network that you want to share with the sales agents’ laptops.

EFFECT: The networks are listed.

8. ACTION Go to the VPN –> Servers. Check the box Enabled

EFFECT: The VPN is ready to be started.

9. ACTION Click on Save Changes top button.

EFFECT: The VPN module is configured and enabled.

10. ACTION Go to the side menu Certification Authority –> General. Set the FQDN ofthe sales’s laptop in Common Name and click on Issue.

EFFECT: The certificate is issued.

11. ACTION Repeat the action for the other laptop.

116

EFFECT: Both certificates are listed.

12. ACTION Go to VPN –> Servers. Click on Download client bundle. Select Windowsin Client’s type, the certificate of the sales’ agent in Client’s certificate, check thebox Add OpenVPN’s installer to bundle and set the public IP of the Zentyal serverin Server address. Click on Download.

EFFECT: The bundle with the VPN configuration for the client is downloaded.

13. ACTION Repeat the action for the other laptop.

EFFECT: The bundle is downloaded for the other laptop.

P B

After opening a new branch office in Chicago, the company wants to connect the newoffice with the headquarters located in Washington DC safely. You should connectthe offices by using the OpenVPN module in both servers.

1. ACTION In the Washington DC server, access the Zentyal interface, go to the sidemenuCertificationAuthority –>General. Set the FQDN of second server inCommonName and click on Issue.

EFFECT: The certificate is issued.

2. ACTION Onboth servers, access theZentyal interface, go to SoftwareManagement→ Zentyal Components.

EFFECT: You will see a list of all modules available for installation.

3. ACTION Select the VPN module and click on Install button.

EFFECT: You will see a pop-up window with module information. Upon confirma-tion the system proceeds with the installation of the module and its dependen-cies.

4. ACTION On both servers, go to Module Status and enable the VPN module bychecking the corresponding box in the Status column. You are informed about thechanges that will take place. Allow the operation by clicking on Accept button.

EFFECT: The button Save Changes has been enabled.

5. ACTION In the Washington DC server, go to side menu VPN –> Servers.

EFFECT: All the VPNs are listed.

6. ACTION Click on Add new and set a name to the VPN connection in Name. Clickon Add.


7. ACTION Click on Configure in the new VPN connection. Check the box AllowZentyal-to-Zentyal tunnels and set the password in Zentyal-to-Zentyal tunnel pass-word. Click on Change.

EFFECT: The configuration file is modified and is ready to be applied.

8. ACTION Go to the VPN –> Servers. Click on Configure in the Advertised networkscolumn.


9. ACTION Modify the network that you want to shared with the other Zentyalserver.


10. ACTION Go to the VPN –> Servers. Check the box Enabled

117


EFFECT: The VPN is ready to be started.

11. ACTION Select the Save Changes top button.


12. ACTION Go to VPN –> Servers. Click on Download client bundle. Select the certifi-cate of the other Zentyal server in Client’s certificate and set the public IP of theZentyal server in Server address. Click on Download.

EFFECT: The bundle with the VPN configuration for the Washington DC is down-loaded.

13. ACTION In the Chicago server go to side menu VPN –> Clients. Click on Add newand set a name to the VPN connection in Name. Click on Add.


14. ACTION Click on Configure in the column Upload client bundle. Click on Browseand search the bundle file with the VPN configuration. Click on Charge.

EFFECT: The Client VPN is configured and is ready to be applied.

15. ACTION Go to the VPN –> Clients. Click on Configure in the Advertised networkscolumn.


16. ACTION Modify the network that you want to shared with the other Zentyalserver.


17. ACTION Go to side menu VPN –> Clients. Check the box Enabled.

EFFECT: The Client VPN is ready to be started.

18. ACTION Select the Save Changes top button.


.. P

E A

Configure a VPN which will be only valid with a particular certificate. Check it withtwo clients, one will have the right certificate and the other won’t have a valid one.

. VPN S IP LTPIPSEC

.. I IP LTP

The IPsec protocol (Internet Protocol security) is a set of protocols that aim to im-plement security over the TCP/IP network communications. It provides both authen-tication and encryption of the session. Unlike other solutions like SSL or TLS, IPsecdoes not work in the application layer but in the network layer. This allows you toprovide security to any communication without having to modify the application youare using.

Like OpenVPN™, IPsec is used to deploy virtual private networks (VPN). It can operatein several modes, host to host, network to host and network to network, being the lastone the more frequent: you have subnetworks that you want to link in a secure wayover an untrusted network, like the Internet.

http://en.wikipedia.org/wiki/IPsec

118

Documents

Index [zentyal.com]...Similarly, Zentyal can operate in two modes, as a server for remote users and also as a VPN Client of a VPN hub server. Zentyal integrates OpenVPN to conﬁgure