logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

[Solved] Implementing VPNs with Public Fixed IP, Dynamic IP using DDNS, and Private IP with VPS

terry1996 13773 18
Best answers

How can I deploy a VPN if the internet connection has a fixed public IP, a dynamic public IP, or only a private IP behind NAT, and do I really need a public fixed IP?

You do not strictly need a fixed public IP, but for most VPN setups at least one endpoint must be publicly reachable. If the server has a public fixed or variable IP, you can run the VPN server on that host or on its router; with a dynamic public IP, DDNS can be enough [#17072808][#17073097] If the site only has a private IP behind NAT, use a VPS or a purchased VPN server in the cloud as the public hub, install VPN software there, and have the server side and all clients connect to it; in that case you typically get username/password access [#17072808] For IPsec-style setups, one end of the tunnel must still be accessible at a public address, so a pure private-IP endpoint is not enough by itself [#17072844] For a prepaid SIM with a public IP, one reply says it is subscription-only and mentions Orange with an offer around 9.99 [#17069635]
Generated by the language model.
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
| New topic
  • #1 17069543
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    At work I was given a job to embrace VPNs, then I will implement them.

    From what I read on the net, the requirements for placing a VPN is a public fixed IP address, if not correct me.

    If we have a public dynamic IP address, you can use the DDNS protocol.

    And if we have a router's private IP address can we buy a VPS server in the cloud and put a VPN on it?


    I am most interested in this last option, as if you could give some sources or wider info, if I am right at all :D

    In addition, I'm looking for a prepaid card with a public IP address, just to make a VPN
  • ADVERTISEMENT
  • #2 17069635
    makosuu
    Network and Internet specialist
    Posts: 2984
    Help: 369
    Rate: 369
    terry1996 wrote:
    In addition, I'm looking for a prepaid card with a public IP address,

    Subscription only. At Orange, you can even get the one for 9.99.
  • ADVERTISEMENT
  • #3 17069755
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    Damn I know that there are subscriptions, a few months, maybe years ago I saw the offer of some mobile vikings or something like that with a public on prepaid
  • #4 17069997
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    VPN is a very broad concept and you can safely give some examples where you don't need to have an IP address at all to create a VPN :)
    Write what your goal with this VPN is, it should help you get an answer that would satisfy you.
  • #5 17070054
    m.jastrzebski
    Network and Internet specialist
    Posts: 5238
    Help: 679
    Rate: 862
    terry1996 wrote:
    At work I was given a job to embrace VPNs, then I will implement them.

    From what I read on the net, the requirements for placing a VPN is a public fixed IP address, if not correct me.

    If we have a public dynamic IP address, you can use the DDNS protocol.

    And if we have a router's private IP address can we buy a VPS server in the cloud and put a VPN on it?


    I am most interested in this last option, as if you could give some sources or wider info, if I am right at all :D

    In addition, I'm looking for a prepaid card with a public IP address, just to make a VPN

    Or maybe start by describing what this VPN is for?
  • #6 17072419
    specpc
    Level 10  
    Posts: 14
    Rate: 5
    Dude, what do you need it for? What do you want to do on this public ip or DDNS address?
  • #7 17072793
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    I only know that 2.3 people will use it sporadically, transfer about 20Gb per month
    law firm
    so connectivity to data resources on a private server,
  • #8 17072808
    m.jastrzebski
    Network and Internet specialist
    Posts: 5238
    Help: 679
    Rate: 862
    terry1996 wrote:
    I only know that 2.3 people will use it sporadically, transfer about 20Gb per month
    law firm
    so connectivity to data resources on a private server,

    So you have 3 people somewhere and somewhere server.
    If the server has a permanent / public IP, you put a vpn server on it or its router. Customers connect from each address.

    If the server does not have a fixed IP, you buy the vpn server service. Both the server (or its router) and 3 clients connect to the purchased vpn server.

    Instead of a vpn server, there may be a vps server, only you will have to install vpn software on it. In option 2 you will get a user / password.
  • ADVERTISEMENT
  • #9 17072809
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    So you mean a secure connection to data resources that are somewhere on the internet? On some file system or application?

    Added after 1 [minutes]:

    You do not need a VPN for this, after all, you do not care about any tunneling of traffic, and access to data does not have to be on the layer, which is usually encapsulated by VPN.
  • ADVERTISEMENT
  • #10 17072823
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    As I love how everyone gets smart, they will not help but collect points for writing a comment, each time +3 points for a comment that adds nothing to the discussion. I wrote clearly VPN to VPN, people. . .
  • #11 17072844
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    I don't understand your delicate (?) Indignation. My post was based on your first one, from which I concluded that your understanding of VPNs is not in-depth, which at the same time forced me to conclude that and the order that someone gave you might not have been thought through.

    But if you insist, I suggest you think through the following:
    - VPN is a broad term that generally applies to tunneling of traffic to create a "private network", i.e. something that works on Layer 3 (or 2) and benefits. On the third layer, there are protocols such as IP, which do not directly transfer data, but allow a whole range of protocols that can be used by various applications (e.g. sharing network resources in Windows, etc.).
    - To share data, you do not have to take into account any third-layer conditions, IP addresses, just use a service / application that will allow you to securely, e.g. an encrypted cloud resource.

    If you really want this VPN, think about implementation, go for some and read the documentation on how to do it. The most popular IPSec is not able to use the "mediator" and at least one end of the tunnel must be accessible at a public address.
  • #12 17072852
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    I just choose the internet service provider and minimize the costs, but so that it can be implemented. My manager knows what he commissioned me. I just have to learn it :D
  • #13 17072856
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    Take a fixed, external IP address is enough. Then you can use open source VPN solutions, such as those that will not require a permanent public IP address from "clients".
  • #14 17072858
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    The point is that a permanent external is the most expensive in a given location - and the customer cuts XD costs
  • #15 17072860
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    Seriously? It should be ten / ten zlotys a month ...
  • #16 17072868
    m.jastrzebski
    Network and Internet specialist
    Posts: 5238
    Help: 679
    Rate: 862
    terry1996 wrote:
    The point is that a permanent external is the most expensive in a given location - and the customer cuts XD costs

    You won't get either the vps server or the vpn service for free. Probably similar costs. With the amount of data you give you something specific hint.
  • #17 17073050
    makosuu
    Network and Internet specialist
    Posts: 2984
    Help: 369
    Rate: 369
    m1w wrote:
    constant

    Why a permanent address? Public variable is enough.
  • #18 17073097
    m1w
    Level 12  
    Posts: 34
    Help: 7
    Rate: 1
    You're right, DDNS could be enough.
  • #19 17075035
    terry1996
    Level 18  
    Posts: 739
    Help: 6
    Rate: 32
    Okay, bought with a permanent public because we got a discount.

    The client argued about every 20 PLN so XD
| New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around implementing VPNs using various IP configurations, including public fixed IP, dynamic IP with DDNS, and private IP with a VPS. Users clarify that while a public fixed IP is often preferred for VPN setups, it is not strictly necessary. Dynamic IPs can utilize DDNS for connectivity, and a VPS can be employed to host a VPN server, allowing clients to connect securely. The conversation also touches on the cost implications of obtaining a public IP and the feasibility of using prepaid options. The need for a clear understanding of the VPN's purpose is emphasized, as well as the potential for open-source solutions that do not require a permanent public IP.
Generated by the language model.

FAQ

TL;DR: For small teams setting up a VPN, add a static public IP; "It should be ten / ten zlotys a month ..." and simplifies access. [Elektroda, m1w, post #17072860]

Why it matters: This helps admins pick a reachable, low‑cost VPN path without overbuying, fast.

Quick Facts

Do I need a static public IP to host a VPN?

Not strictly. With a public dynamic IP, pair the server with DDNS. Clients use a hostname instead of changing numbers. This keeps tunnels reconnecting after IP changes. [Elektroda, m1w, post #17073097]

How does DDNS help with a dynamic public IP?

DDNS maps a stable domain name to your changing public IP. Your router or server updates the record whenever the IP changes. Remote clients connect to the hostname, so the VPN stays reachable despite renumbering. [Elektroda, m1w, post #17073097]

What if my ISP uses CGNAT or gives only a private IP?

Use a VPS as a public hub. Run the VPN server on the VPS. Connect your office router or server to it as a client. Remote users also connect to the VPS, then reach the office through the tunnel. [Elektroda, m.jastrzebski, post #17072808]

For a small law firm, what’s the simplest VPN plan?

Get a fixed public IP on the office link. Run a VPN server on the office router or the server itself. Let each user connect from any address. If fixed IP is unavailable, use a VPS hub instead. [Elektroda, m.jastrzebski, post #17072808]

Can I use a VPS to host the VPN server?

Yes. Rent a VPS and install your preferred VPN software. Point all clients to the VPS address. Also connect the office network to the VPS to reach internal resources behind NAT. [Elektroda, m.jastrzebski, post #17072808]

Can prepaid mobile plans provide a public IP for VPN?

Usually no. Choose a subscription SIM that offers a public IP option. One user notes Orange provides this add‑on for 9.99. [Elektroda, makosuu, post #17069635]

How much does a static IP add‑on cost?

Approx. 10 PLN per month, based on user experience. Actual fees vary by provider and plan. [Elektroda, m1w, post #17072860]

Does IPsec require a public IP at one end?

Yes. "At least one end of the tunnel must be accessible at a public address." This excludes a pure mediator for classic IPsec. Place the public address on the server or gateway. [Elektroda, m1w, post #17072844]

Do I even need a VPN to access files securely?

Not always. If you only need secure data access, use an encrypted application or cloud. VPN encapsulates at network layers, which may be unnecessary for file access alone. [Elektroda, m1w, post #17072809]

How do I set up a VPN with dynamic IP using DDNS?

Do this: 1. Enable DDNS and register a hostname on your router or server. 2. Configure your VPN to listen on a chosen port and update DDNS on changes. 3. Share the DDNS hostname with users and connect clients to it. [Elektroda, m1w, post #17073097]

How do remote users connect if the office has no public IP?

Build a hub‑and‑spoke topology. The office initiates a persistent VPN to a VPS. Remote users connect to the same VPS. Route traffic through the hub to reach office resources. [Elektroda, m.jastrzebski, post #17072808]

Is 20 GB/month heavy for a VPN?

Your described profile is modest: 2–3 users moving about 20 GB per month. Pick the simplest workable approach outlined here. [Elektroda, terry1996, post #17072793]

What did the original poster choose in the end?

They bought a permanent public IP after receiving a discount. The client had contested even 20 PLN differences before agreeing. [Elektroda, terry1996, post #17075035]
Generated by the language model.
ADVERTISEMENT