VPN and printing



  • I have a client that has their program in a data center and they need access to the files via Windows file explorer to view and print. I almost know nothing about VPN and could use a few pointers.

    The printers in the office are a Sharp MF and HP p203o LaserJet.

    Both have static IP on the LAN and the Sharp uses the Sharp software/driver set where as the HP is using the Universal Driver set.



  • Are the users accessing these documents on the same network the printers are on?



  • Not really sure what the question is. Is the program they are accessing located in the datacenter, and that app on the remote system needs to print to the local printers? Please clarify.



  • Certain users will not be using the program, they will be accessing files via Windows Explorer that is on the cloud server. These same files that they will be accessing they need to print locally.

    Files and program on cloud server.

    Users and printers on LAN in office.



  • @technobabble How are they accessing the program?

    Realistically if there is a full VPN (client or site-to-site) then you should be able to add printers to the remote server which would access the printers on the local LAN. Is this the best way of doing it? Depends on your environment and the bandwidth between sites.



  • @coliver Program is accessed by RDP app.... however, they have a different RDP desktop login so they can see the remote desktop and see Windows Explorer.

    Also nothing is in place...basically the datacenter guys said...oh...to print from Windows Explorere you need VPN...and tell your IT guy.



  • Do you have full access to the remote machine? You can install things on it?



  • Ok...Ok...hold the phone...if they are using RDP...why aren't the printers redirecting?



  • @coliver I have access to a RDP desktop when the customer is not using it.. I presume I have privileges.



  • A VPN will make everything into a single network. That one site is local and one is remote will be invisible. All applications should work exactly the same as when everyone is in one place. It literally turns everything into a single LAN.



  • @scottalanmiller said:

    A VPN will make everything into a single network. That one site is local and one is remote will be invisible. All applications should work exactly the same as when everyone is in one place. It literally turns everything into a single LAN.

    Exactly. This.



  • @technobabble said:

    Ok...Ok...hold the phone...if they are using RDP...why aren't the printers redirecting?

    There is a check box in the RDP shortcut options to connect local printers to remote session. Make sure that box is checked.



  • upload-32232642-b13f-4d3f-9197-598b62d86bdb



  • It's usually checked by default, but maybe it isn't. In the remote session, it'll show as "redirected" under Printers and Devices.



  • @thanksaj Thanks, this I know...I originally setup all their servers a few years ago and all of their "clients offices" were able to print from those servers via printer redirection.

    Since they decided to move the servers offsite, I have not be included in anything until they asked about printing and VPN.



  • @technobabble said:

    @thanksaj Thanks, this I know...I originally setup all their servers a few years ago and all of their "clients offices" were able to print from those servers via printer redirection.

    Since they decided to move the servers offsite, I have not be included in anything until they asked about printing and VPN.

    The VPN is just connectivity. As Scott had said, it really should have no bearing on printing. Once the VPN is in place, it's all one logical network, despite being different physical networks.



  • @thanksaj I understand, I'm just thinking out loud...there is no need for VPN to print if they have a full RDP desktop...

    Now if some users have only the RDP app then they would not have access to RDP desktop.

    Easiest fix...give RDP desktops to those who need to access files as well as the program.

    Why make it more difficult adding technology.



  • @technobabble said:

    @thanksaj I understand, I'm just thinking out loud...there is no need for VPN to print if they have a full RDP desktop...

    Now if some users have only the RDP app then they would not have access to RDP desktop.

    Easiest fix...give RDP desktops to those who need to access files as well as the program.

    Why make it more difficult adding technology.

    That would make the most sense. KISS 🙂



  • Is printing through RDP redirection working now?



  • @Dashrender Yes, that is how they print from the program. So I think it's a misunderstanding between the data center and the client.



  • Thanks again for all your help and information.

    Finally I got all the information needed to move forward. At this time everyone can print to the office and their clients can print at the client's local offices.

    However, one of my client's remote worker doesn't login to a device at the office. He directly RDPs into the server at the datacenter. My client wants this user to be able to print to the Client's local printers.

    The datacenter people say that a VPN will solve this issue by connecting the datacenter server to the local office via VPN and thus the printers will show up. Does this sound right to you guys?



  • @technobabble said:

    The datacenter people say that a VPN will solve this issue by connecting the datacenter server to the local office via VPN and thus the printers will show up. Does this sound right to you guys?

    The VPN alone won't do that, you'd still have to map the printer.

    Though, if RDP printer redirect is working correctly, and the user is using a PC that has the printer mapped on it, he should be able to choose client's local office printer.

    But, if he's RDPing from, say, home, and he wants the print job to print at the office, he'd have to either VPN into the office from his laptop, which should then allow that printer to RDP printer redirect map into the session, and he's be golden, or the client could setup a VPN session between their office and the DC.



  • @Dashrender This of course would be so easy if the offsite worker had a desktop at the office to remote into. No VPN would be necessary.

    So since the offsite worker has no connection to the office at all, how am I to use VPN to create that connection to a networked printer? Am I setting up VPN directly to the printer? Is this something I should be using Pertino for?



  • Can you give us more details - is the user working from home and they want to print to the office printer?
    Does the user have a way to print to the printer in the office when they are offsite now?



  • @Dashrender Local office where home user is expexted to print from RDP session at datacenter to LAN based printers, see image below:

    vpn needed map.png



  • there are three solutions to this.

    1. User creates PDF printout, and sends those to a user at the office to be printed
    2. Assuming there is a VPN endpoint in the office, run a VPN client on the users home computer, map the printer to that computer, then using RDP redirection, print to the office
    3. Assuming there is a VPN endpoint at the office, run a VPN client on the Datacenter Server (or a second VPN endpoint to enable point to point VPN), map the printer in the local office to that server. When the user RDPs in, they should see the printer in the office as an option.

    IF you're running a Print Server in the office (not printing directly to the printers) you can install Pertino on the home computer and the server in the office (or the server in the DC and the server in the office) and then send the print jobs through Pertino.



  • Ok...I presume number 1 is out.

    So #2 would be done by adding a IPsec Policy?



  • @technobabble said:

    Ok...I presume number 1 is out.

    So #2 would be done by adding a IPsec Policy?

    Where are you going to terminate the VPN tunnel at the local office?



  • I have a CradlePoint MBR1200 business class router. I know I can add IPsec Policy, but not sure if that means it is an Endpoint.



  • @technobabble said:

    I have a CradlePoint MBR1200 business class router. I know I can add IPsec Policy, but not sure if that means it is an Endpoint.

    IPSec Policy - I'm not familiar with this wording - but if it means VPN, OK. Does CradlePoint have a VPN client for the end user? Unless more recent Windows include it, Windows doesn't include an IPSec VPN client.


Log in to reply