[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

How to create a private VPN using a public VPN server?

Hi all,

Two users, each with their own PC, and a printer in a remote network that cannot be reached in any normal way (the gateway/firewall doesn't allow anything, virtually). Hence our idea: we put a PC in that network, we make it connect to a public VPN server under a known name, we connect ourselves too to the VPN server, and then we can access the printer.

1. Is that possible?
2. Are there such servers available?
3. Free??
0
Sjef Bosman
Asked:
Sjef Bosman
  • 3
  • 3
1 Solution
 
giltjrCommented:
I have never heard of a one.

Why can you setup a VPN server where the printer resides?  If there is a business need for this, then it should be justified and allowed.
0
 
Sjef BosmanGroupware ConsultantAuthor Commented:
That printer and the additional PC are in the same network, behind the impenetrable firewall. The VPN server must be outside that network, in order to create a connection to the outside and allow traffic via that connection inwards. The problem with all networks is that they don't have a fixed IP address, so a provate VPN server becomes a little awkward. It's not impossible, using dyndns, but it would be a lot easier if there were an external public VPN (OpenVPN) server available that could create a VPN for only 4 or 5 PC's, of which one is the PC next to the printer. There is a way to configure an OpenVPN client so that reverse connections are allowed.
0
 
giltjrCommented:
-- > ... , behind the impenetrable firewall.

If the firewall is that locked down are you sure you would be able to establish a outbound VPN connection?

If your firewall is that locked down, and you can not get an exception to allow this inbound are you sure your company's policy would allow you to connect to a VPN server?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Sjef BosmanGroupware ConsultantAuthor Commented:
Well, the policy is not so important (yet). First, I want to make sure it's technically feasible, which I think it is. I admit I've never tried to open a VPN port from the inside of the network through the firewall, but I assume it will work, give the fact that other network protocols go through without any problem.
NetworkThis is the general idea: A and B want to print on the remote printer. Normally it isn't accessible, but if a local PC sets up a VPN connection with a VPN server, and A and B can connect to the same VPN, the printer should become available. The remote PC might have to share the network printer, that I'm not sure of yet.
0
 
giltjrCommented:
No, the policy is the FIRST thing you need to check.  Not sure about your work place but at mine even attempting something like this is grounds for termination.

Why?  Because the box you show as 'public vpn service' now has a connection to each network BEHIND your firewall.  Which means it has FULL access to everything behind your "impenetrable firewall".

This is why there is no such thing as a public VPN server.

It is possible that even with a direct VPN connection between "remote" and the other PC's could be against your company's policy if either of those sites are considered untrusted.  Why?  Again if you setup a VPN between "remote" and A they both have access to each other's networks behind their respective firewalls.  Same thing with "remote" and B.  In fact it is possible that since A and B both have connections to "remote" that they would have full access to each other networks.

If there is a business justification to share the printer at remote with A and B, then your technical team will come up with a supported and allowed configuration.  

If there is not a business justification and you could violate your company's policy and who knows what could happen.
0
 
Sjef BosmanGroupware ConsultantAuthor Commented:
Ok, got it, no public VPN server. So I'll have to set up my own, which is a thing I don't really intended to hear: it took me a lot of time to get both an OpenVPN sever and a few clients configured correctly. Far too many parameters ;-) But if it's the only way to go...

Thanks for your valuable comments!
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now