Access workstations without public IP - maybe with VPN

networking vpn remote-access

28,704

Solution 1

The solution a server based VPN programe, eg. Neorouter (cross platform on server and client side - free for your own hosted server service) or TeamView (VPN & Remote Control - free for non-commercial use).

Solution 2

Any computer on the internet can be addressed by its IP address. Those IP address are commonly called "public IP address". Internet servers have public IP addresses.

Nowadays, desktop or laptop computers are typically not connected to the internet directly. They have internet access through a router using a technique called IP masquerading (or NAT). Using this scheme, computers get assigned a "local IP address" such as 192.168.., 172.16.. or 10...*. Those addresses are invalid on the internet. Only the router has a valid public IP address.

A client with a local IP address (behind a router) can always establish an connection with a server using a public address (directly connected to the internet). That's why web browsing works perfectly.

However, if both parties are behind such a router, i.e. none of the computers has a public IP address , establishing a connection is impossible.

You have several options:

Establish the connection through a server (as it is done with TeamViewer)
Configure one of the routers to make incoming connections possible (port fowarding)
Establish a VPN. Minimum requirement is that one of the routers allows either port forwarding or supports some VPN (or connect through a third party server).

Please research the network situation of your office. Find out, whether your IP address is public and, if not, who controls the router. Then, ask whether port forwarding or a VPN is an option they can provide (or consult the manual if you have access to the router).

Solution 3

There is some methods that allow to connect two clients behind some type of NAT-s.

In short NAT assigns temporary public address and port to client, when connection is established. In some cases if another client knows that temporary port, it could connect through it.

Check out STUN, TURN and ICE.

Solution 4

You might be interested in VPN over the Internet without public IP when all the nodes are behind the NAT. Those connections are called F2F (Friend to Friend) or P2PVPN (Point to Point VPN). They might be fully decentralized or may require an initial connection broker like XMPP Jabber or Google Hangout (required only at the time of establishing connections between end hosts). In both types of connections, traffic goes directly from host to host.

The list of available apps for F2F / P2PVPN.

View more solutions

28,704

antivirtel

I'm working as Senior DevOps Engineer for Sky UK. I've recently been certified by RedHat: Red Hat Certified Specialist in Advanced Automation: Ansible Best Practices (Red Hat Ansible Tower 3.5 Ansible 2.8). I'm interested in Linux, and other free OS/software. I like: building complex systems, servers, bash scripts; watching films, driving.

Updated on September 18, 2022

Comments

antivirtel over 1 year
My friend told me, that without public IP of the workstations, I can access machines remotely. But I'm a rather confused in using VPN, I don't understand how can it manage to connect. I saw this video about VPN's mechanism, but he didn't mentioned building them.

The situation is:
- I have an office, with its workstations. Sure, the computers are connected to the Internet.
- I have computers at home, and my other working places with Internet access.
How can I access the office machines with VPN without server with public IP from everywhere? Can you show me a complete tutorial?

(I saw TeamViewer, Hamachi, but if it possible, I want to use a private VPN.)

Thank you very much!