How to create a private VPN using a public VPN server?

Posted on 2014-01-15
Last Modified: 2014-01-16
Hi all,

Two users, each with their own PC, and a printer in a remote network that cannot be reached in any normal way (the gateway/firewall doesn't allow anything, virtually). Hence our idea: we put a PC in that network, we make it connect to a public VPN server under a known name, we connect ourselves too to the VPN server, and then we can access the printer.

1. Is that possible?
2. Are there such servers available?
3. Free??
Question by:Sjef Bosman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 57

Expert Comment

ID: 39784413
I have never heard of a one.

Why can you setup a VPN server where the printer resides?  If there is a business need for this, then it should be justified and allowed.
LVL 46

Author Comment

by:Sjef Bosman
ID: 39784778
That printer and the additional PC are in the same network, behind the impenetrable firewall. The VPN server must be outside that network, in order to create a connection to the outside and allow traffic via that connection inwards. The problem with all networks is that they don't have a fixed IP address, so a provate VPN server becomes a little awkward. It's not impossible, using dyndns, but it would be a lot easier if there were an external public VPN (OpenVPN) server available that could create a VPN for only 4 or 5 PC's, of which one is the PC next to the printer. There is a way to configure an OpenVPN client so that reverse connections are allowed.
LVL 57

Expert Comment

ID: 39786358
-- > ... , behind the impenetrable firewall.

If the firewall is that locked down are you sure you would be able to establish a outbound VPN connection?

If your firewall is that locked down, and you can not get an exception to allow this inbound are you sure your company's policy would allow you to connect to a VPN server?
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 46

Author Comment

by:Sjef Bosman
ID: 39787025
Well, the policy is not so important (yet). First, I want to make sure it's technically feasible, which I think it is. I admit I've never tried to open a VPN port from the inside of the network through the firewall, but I assume it will work, give the fact that other network protocols go through without any problem.
NetworkThis is the general idea: A and B want to print on the remote printer. Normally it isn't accessible, but if a local PC sets up a VPN connection with a VPN server, and A and B can connect to the same VPN, the printer should become available. The remote PC might have to share the network printer, that I'm not sure of yet.
LVL 57

Accepted Solution

giltjr earned 500 total points
ID: 39787160
No, the policy is the FIRST thing you need to check.  Not sure about your work place but at mine even attempting something like this is grounds for termination.

Why?  Because the box you show as 'public vpn service' now has a connection to each network BEHIND your firewall.  Which means it has FULL access to everything behind your "impenetrable firewall".

This is why there is no such thing as a public VPN server.

It is possible that even with a direct VPN connection between "remote" and the other PC's could be against your company's policy if either of those sites are considered untrusted.  Why?  Again if you setup a VPN between "remote" and A they both have access to each other's networks behind their respective firewalls.  Same thing with "remote" and B.  In fact it is possible that since A and B both have connections to "remote" that they would have full access to each other networks.

If there is a business justification to share the printer at remote with A and B, then your technical team will come up with a supported and allowed configuration.  

If there is not a business justification and you could violate your company's policy and who knows what could happen.
LVL 46

Author Closing Comment

by:Sjef Bosman
ID: 39787259
Ok, got it, no public VPN server. So I'll have to set up my own, which is a thing I don't really intended to hear: it took me a lot of time to get both an OpenVPN sever and a few clients configured correctly. Far too many parameters ;-) But if it's the only way to go...

Thanks for your valuable comments!

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question