Is VPN the way to go?

I have a home network and my main machine is OpenSuSE. Occasionally I travel but would like to print something on my printer, OK that other machine is Windows 10. Can a VPN connection from the Windows machine be done to my home network be done so I can print on my network printer? Thinking of using OpenVPN for this.

A VPN can be used to provide secure remote connectivity to your home network. Is this what you have in mind?

Remote Windows 10 computer----<Internet>----Home firewall/router----openSUSE host (VPN server)

You’ll need to install OpenVPN on the Windows machine as it’s inbuilt VPN client software doesn’t support that protocol. Your firewall will also need to configured to allow the service as well.

This might help with giving you the basic idea…
https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide#DownloadingandInstallingOpenVPN

I would say so unless there is a way for the router to do it. My service is AT&T with a Pace U-Verse router. Thank you for the link! Will certainly read it.
Thank you!

I’m not familiar with these at all. Usually only high end routers would provide such capabilities, although some can be re-flashed to with DD-WRT firmware to provide such capabilities. IMHO, it would be just easier to implement this via your secure openSUSE host behind the router. Make sure that the router is configured to forward UDP port 1194 port to allow such connectivity of course.

You can set up remote access to any kind of resource in your LAN(ie printers, network shares, machines, etc) with some basic steps…
Protocol required
Is your resource deployed using a network protocol? In the case of your printer, it sounds like no, it’s directly attached to a machine. But if your printer has some kind of network interface either wired or wireless, then machines (not just remote) can access the printer directly.

Direct attached devices
When a device is directly attached to a machine, then only that machine can provide network access to the device. This means the machine will have to be on, and the machine has to be configured to pass a request directly to the device (eg configuring the machine as a printer server) or the machine itself has to be remotely accessible (eg remotely logging on to the machine, copying a file to the machine and then the machine creating a print job for the printer).

Router and Firewall Configuration
Only after the above two are resolved, you can then know what needs to be done on your router/firewall.
Assuming typical SOHO Internet Gateway device configuration, it will be configured to be running an iptables type of firewall and NAT for your internal network.
If for instance your printer is configured with its own network address in the “Protocol required” section, then you can simply configure a firewall/routing configuration to forward print jobs to your printer, so you would print across the Internet the same way you print within your LAN, you only need to know your public IP address. Be aware that SOHO Internet gateways almost certainly do not protect against the new class of printer attacks reported nowadays.
Or,
You can configure your Internet Gateway device as a VPN endpoint. You would connect your openSUSE to your Internet Gateway which would then allow access to anything in your LAN.
Or,
You can configure a specific machine in your network as a VPN endpoint which would itself be placed either in a DMZ or internal zone, which would in turn be able to forward to your LAN.

HTH,
TSU

The OP has already indicated that they have a network printer.

You can configure your Internet Gateway device as a VPN endpoint. You would connect your openSUSE to your Internet Gateway which would then allow access to anything in your LAN.

That is what the OP is asking about. A VPN would provide the required security, rather than just port forwarding for remote printer access (which I’d strongly discourage for obvious security reasons).

If so,
Then here is another sub option…
If you deploy a proxy server firewall on your edge,
Then it would be possible to expose the printer directly (through the proxy server) without an encrypted tunnel (like a VPN).

The reason why is how a proxy firewall works…
Instead of simply forwarding traffic which is how most firewalls work,
A proxy firewall terminates the external connection at the firewall and then a new connection is created by the firewall to the internal resource.
When that internal connection is made, it can be specified that only specified commands are permitted, thereby blocking any “additional” commands that might be used in an attack. You can think of this like blacklisting unknown commands.

TSU

I still think VPN connectivity is the way to go if remote printing is really seen as a must have. A proxy firewall is operating at the application layer, and overkill for a use case like this IMO. In any case, if I were the OP wanting to print remotely, I would consider instead printing to (or saving to) PDF while traveling and emailing such documents, then doing the actual printing when I got home. My 2c.

I agree with this approach.