Solved

How to create a private VPN using a public VPN server?

Posted on 2014-01-15
6
359 Views
Last Modified: 2014-01-16
Hi all,

Two users, each with their own PC, and a printer in a remote network that cannot be reached in any normal way (the gateway/firewall doesn't allow anything, virtually). Hence our idea: we put a PC in that network, we make it connect to a public VPN server under a known name, we connect ourselves too to the VPN server, and then we can access the printer.

1. Is that possible?
2. Are there such servers available?
3. Free??
0
Comment
Question by:Sjef Bosman
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39784413
I have never heard of a one.

Why can you setup a VPN server where the printer resides?  If there is a business need for this, then it should be justified and allowed.
0
 
LVL 46

Author Comment

by:Sjef Bosman
ID: 39784778
That printer and the additional PC are in the same network, behind the impenetrable firewall. The VPN server must be outside that network, in order to create a connection to the outside and allow traffic via that connection inwards. The problem with all networks is that they don't have a fixed IP address, so a provate VPN server becomes a little awkward. It's not impossible, using dyndns, but it would be a lot easier if there were an external public VPN (OpenVPN) server available that could create a VPN for only 4 or 5 PC's, of which one is the PC next to the printer. There is a way to configure an OpenVPN client so that reverse connections are allowed.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39786358
-- > ... , behind the impenetrable firewall.

If the firewall is that locked down are you sure you would be able to establish a outbound VPN connection?

If your firewall is that locked down, and you can not get an exception to allow this inbound are you sure your company's policy would allow you to connect to a VPN server?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 46

Author Comment

by:Sjef Bosman
ID: 39787025
Well, the policy is not so important (yet). First, I want to make sure it's technically feasible, which I think it is. I admit I've never tried to open a VPN port from the inside of the network through the firewall, but I assume it will work, give the fact that other network protocols go through without any problem.
NetworkThis is the general idea: A and B want to print on the remote printer. Normally it isn't accessible, but if a local PC sets up a VPN connection with a VPN server, and A and B can connect to the same VPN, the printer should become available. The remote PC might have to share the network printer, that I'm not sure of yet.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39787160
No, the policy is the FIRST thing you need to check.  Not sure about your work place but at mine even attempting something like this is grounds for termination.

Why?  Because the box you show as 'public vpn service' now has a connection to each network BEHIND your firewall.  Which means it has FULL access to everything behind your "impenetrable firewall".

This is why there is no such thing as a public VPN server.

It is possible that even with a direct VPN connection between "remote" and the other PC's could be against your company's policy if either of those sites are considered untrusted.  Why?  Again if you setup a VPN between "remote" and A they both have access to each other's networks behind their respective firewalls.  Same thing with "remote" and B.  In fact it is possible that since A and B both have connections to "remote" that they would have full access to each other networks.

If there is a business justification to share the printer at remote with A and B, then your technical team will come up with a supported and allowed configuration.  

If there is not a business justification and you could violate your company's policy and who knows what could happen.
0
 
LVL 46

Author Closing Comment

by:Sjef Bosman
ID: 39787259
Ok, got it, no public VPN server. So I'll have to set up my own, which is a thing I don't really intended to hear: it took me a lot of time to get both an OpenVPN sever and a few clients configured correctly. Far too many parameters ;-) But if it's the only way to go...

Thanks for your valuable comments!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now