Do I need a VPN?

Posted on 2010-01-04
Medium Priority
Last Modified: 2012-05-08
Dear Experts,

I need a solution for this issue:
I'm operating a database that uses a port in my Server that needs to be accessed from outside the organisation.

The problem is:
The server (Windows XP Based) is located under a router, and the server's IP inside this internal department router is:

The router get's it's internet connection from the organisation local network, and the IPs that the router gets are:

I DO NOT have any way to control the organisation LAN configurations, but I can change my router configuration.

Now, I have to access my server's database from the internet, outside the organisation.
We do not have any VPN solution installed.

Is there any kind of solution that I can use that can solve my issue?
For example, I use Logmein to access my server from remote, and there are no problem doing that...
So I guess that there is some kind of solution that I can install on my server in order to have access from outside...

Please you advice,
Doron Tal

Question by:doront99
  • 2
  • 2
  • 2
  • +1
LVL 12

Expert Comment

ID: 26171620
Hi there;

Your best option is to set up a VPN connection. This will allow you to remote into any machine just as if you were on the network.

A less secure option would be to just set up port forwarding to your router to point to the machine you want to remote into.

You can use Logmein as you said in your question, also you can use UltrVNC or PCAnywhere or Radmin.

If both machine are Windows machine then Remote desktop connection is a reliable option.

Best regards.


Author Comment

ID: 26171696
None of them are good for me since they are Remote Desktop like solution.
I don't need to see my screen... I need to let my database client software to connect to the database server.
The client machine is somewhere outside the local network, and it needs to connect to the server that exists inside an organisation network.

Please advice,

Accepted Solution

bluepig earned 900 total points
ID: 26172023
Given what you have described, it can't be done. Your setup is like a large office building with a doorkeeper downstairs (org router) and a receptionist on your floor (dept router). A stranger appearing at the front door, trying to get to your office (server) will not be admitted by the doorkeeper, even if you have told the floor receptionist to let him in. LogMeIn cheats - it's like you going downstairs and standing outside the building, so that when the stranger shows up you can escort him personally into your office.
So, we have to bend one of your conditions:
Solution one - ask your organization to set up a conduit from the outside world to your departmental router, then pipe it through your router to your server.
Solution two - use a remote control solution like LogMeIn to allow users on the internet to connect to a workstation on the same network as your server - they then run the database from the slave machine.
Solution three - put the database out on the internet (hosted, with appropriate security)
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.


Expert Comment

ID: 26181231
LogmeIn gets access because it uses port 80 which is required for any computer to surf the internet. Port 80 must be open, along with 443 for secure ssl connections.  Your only option that I can think of is similar to what I run at home.  Because you are behind 2 routers, one with a subnet of 192.168.1.x and its behind the router you can't forward a port directly to your server. So the only option left is a proxy service that would provide outside dns address to your server. These services have a client program that runs on your server that 'tells' the outside dns server company what the route is to get to your server.  Look into easydns, opendns and other companies that provide this service.  Once its setup, you only have to load the client software that will 'talk' to the dns service you provide.  From there, you could set it up for vpn access only, but be careful as most vpn software requires ports that may not pass through your network routers. OpenVpn will.  But its tricky to setup.  As far as remote desktop, NEVER use the default port of 3389 as it is constantly being scanned by hackers. Hope this isn't too much info at once.
LVL 12

Assisted Solution

jazzIIIlove earned 300 total points
ID: 26183533
Well, for my case, I have done portforwarding to my router and I wrote program that sends my IP for every 10 minutes since my IP is dynamic. I don't know where my program is sadly.

But you can write some similar program, I have used blat mail sender and I associate blat with my program that parses whatismyip.com and I have successfully connected to my machine via remote desktop connection.

Best regards.

Assisted Solution

tbrent77 earned 300 total points
ID: 26184049
Since we don't know the skill level of the author, I am suggesting easy solutions to provide access through 2 routers. As stated, they have no access to the 'internet' router which is the gateway for the first router, therefore port forwarding from this one is not possible.  The easiest and best solution is a proxy service with client software that is usually free.  Why write when its free?  Also the proxy/dns solution will give thier server a domain name that is usable on the internet making it much easier to access from the outside.   As for remote desktop, its very simple and very dangerous. I have set many computers up with it over the years and been forced to change the default port as the computer becomes infected in worse case, or under repeated attack in the least.  For simple database access, a vpn may become necessary because of security, but you may get by with a simple port change on the server instead.  Once I setup the proxy/dns, I would get access working before proceeding with a vpn.  Even with this going, you will probably have to set your server port to something that must always be allowed from 'outside' the network for surfing.  This would be ports 80, 443, 53, 25, 110.  If you have the option of initiating the connection from inside your network, you can probably use any port you wish but that is not what you indicated.
Hope this helps :)

Author Closing Comment

ID: 31672299
Thanks, I guess it can not be done :(

I will try to solve it with the system administrator...

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question