Content-Centric Networking (CCN) is a candidate next-generation Internet architecture that offers an alternative to the current IP-based model. CCN emphasizes scalable and efficient content distribution by making content explicitly named and addressable. It also offers some appealing privacy features, such as lack of source and destination addresses in packets. However, to be considered a fully viable Internet architecture, CCN must support private and anonymous communication that is at least at parity with IP. Within this space, VPNs are a very popular tool that enable users to communicate across insecure public networks as if they were connected over a private network. They are also absent from the repertoire of CCN research. To fill this void, we design, implement, and evaluate CCVPN, a content-centric analog to IP-based VPNs in the current Internet architecture. To the best of our knowledge, CCVPN is the first such CCN-based design. Our design is functionally equivalent to IP-based VPNs while gaining better privacy due to the non-linkability of encapsulated packets to their originating network. We analyze the security of CCVPN and experimentally assess its performance.