Can a VPN be used in the opposite direction?

I am currently reading about VPNs, and based on what I have learned so far, a VPN is basically a proxy (that can work for all types of traffic) with encryption, for example I can access a web server through a VPN like this:

My PC (I have a VPN client installed) <-> [VPN Server] <-> Web Server

But what if I have a web server installed on my PC and I want people to access it through the VPN (i.e. I give them the IP of the VPN server to connect to), for example:

Some PC <-> [VPN Server] <-> My PC (have a Web Server installed)

And Some PC must not have a VPN client installed. Can this be done?

user710853

Posted 2017-03-24T22:12:40.170

Reputation: 21

"And Some PC must not have a VPN client installed." Computers do what they're programmed to do. If a computer's programming enables it to use a VPN, then it has VPN software. – Nat – 2017-03-25T07:32:52.447

Answers

By definition, a VPN is:

A virtual private network (VPN) is a virtualized extension of a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

And the part that concerns us here is:

They are used to securely connect geographically separated offices of an organization, creating one cohesive network.

So, it's not a proxy per se, it will put you inside of the network you're connecting to, so the access of resources is bi-directional. Meaning that, you can access network resources and inside-network computers can access your resources.

fernando.reyes

Posted 2017-03-24T22:12:40.170

Reputation: 862

Yes. VPNs don't really have a direction, they are just tunnels between distant networks. In terms of IP routing and access, there is no difference between a VPN a physical connection – and it's just as common to see a fully symmetric site-to-site VPN as it is with client-server ones.

It's the routers and firewalls on both ends of the VPN link that sometimes enforce a "direction", e.g. by deliberately blocking incoming connections, or by implementing NAT instead of proper routes, or (like your home router) by connecting several computers to Internet but only using one IP address for them all.

So in other words, yes it's technically possible, but very much depends on how the VPN server is configured (and whether it's on the same network as "some PC" or whether they're separated by Internet). In some cases it might already work by default, or just need a firewall exception; in some others it'd need a "port forwarding" rule on the VPN server (exactly as one would set up in a home router).

user1686

Posted 2017-03-24T22:12:40.170

Reputation: 283 655

1Also, standard hint about port forwarding over VPN: Unless the VPN client is set to connect to the connection initiator via VPN, the response may take a different path and a connection will not be established. – Daniel B – 2017-03-25T08:37:05.077

No, but maybe HTTPS?

If you want remote parties to access your VPN server, then they need a VPN client. That's pretty much by-definition.

But, why VPN? If you're after features like security, privacy, authentication, etc. for web traffic, HTTPS is the standard tool. VPN's for more general networking purposes, whereas HTTPS is for web servers.

Nat

Posted 2017-03-24T22:12:40.170

Reputation: 283

I doubt this is about encryption. His ISP probably doesn’t allow him to receive incoming connections. – Daniel B – 2017-03-25T08:37:46.213