My company is starting to roll-back remote work and one of the things they are cracking down on is people who work remotely while out of town. For some reason they think that “work from home” means you have to be in your actual house. Apparently the bigwigs are having IT check people’s IP address for any funny business.
We are planning on a visit to my family’s place in Florida over the winter and were hoping to stay for a couple of months to get out of the cold.
Is there a way for me to setup my home as a VPN home base and then route all web traffic from Florida through our home? My work laptop is locked-down and we can’t install a VPN client on it. We would want all of the internet traffic to be routed from my folk’s place in FL to my home. That way my work laptop would appear as if it was connecting from home instead?
Is that sort of thing possible? How would I do it?
Yes, I do this myself because I don’t want to pay for additional netflix users. It’s fairly comon for companies to do too.
All depends on what model your home router is as you might need some additional hardware if your router doesn’t support site to site vpn. You could use a pc to host a VPN server at home and then have a gateway router or you could buy a gateway router if your home router doesn’t support it.
Try and use wireguard for a VPN, it’s much faster than openvpn. In addition, I’d just setup your Florida router to route the work laptop via the Vpn, no sense slowing everything down for no reason.
Gi.net have dirt cheap routers you can buy to use for your VPN client router for your work pc if you don’t have a site-to-site capable router in Florida.
Don’t use a client on the work pc (you’ve said you can’t install anyway) as that’ll flag with IT that you’re using VPN software, going the site-to-site VPN route with routers means that your pc won’t know that it’s on a VPN.
If the VPN server in your home goes down, or the internet goes out, you could be really fucked. I’d want to make sure I had someone reliable who was able to go in and get things restarted in that event.
The VPN might work, but given this will be for several months, it might better to just tell them you are temporarily changing your address due to renovations or a sick family member or something.
I use a gl.inet router for travel reasons and I have it set up so that it automatically connects to my wireguard VPN server at home on startup. Just make sure that your work laptop will only ever be connected to that travel router and you’re good. I believe there’s a way to automatically block internet traffic on all devices if the VPN connection suddenly goes down, so there’s basically no way that IT will suddenly see your laptop on a foreign IP address.
If you have a spare raspberry pi laying around, you can also install openwrt or RaspAP on it to do something similar. But I found that the gl.inet routers have way better performance than a raspi4. The raspi4 wifi module just isn’t powerful enough to have a rock solid and speedy connection.
Absolutely doable. Have an IPSec, OpenVPN, WireGuard, etc capable router in both the Florida and your home location connected to each other. Do policy based routing on the Florida router to force all network traffic from your work laptop across the VPN and NAT through your home networks public uplink.
Idk where you live, but in my case, my company actually allows you tu work from anywhere as long as you inform where are you going to be working from and hire an special insurance. That’s because the one they pay only covers you in your house. It’s like the workplace accident insurance, and in this case your workplace is your house.
I’m not saying don’t do it, but I’d suggest that you should consider what happens if you suffer some kind of accident and what the consequences are. I’m my case it would mean that the company’s insurance would not cover my medical bill nor the days I’m not able to work. And that’s the happy outcome. If I die, my wife and daughter don’t get a single dime.
With that being said: yes, you need a wireguard server and a port open in your firewall it could be your own router the one that acts as the server (if it supports it). If you need to connect to a company VPN, then you would also need a wireguard client that Acts as the default gateway to your work laptop, otherwise when you connect to the work’s VPN traffic could leak outside the wireguard tunnel.
I’m curious on their plan here. For instance, I live in Wisconsin, work from home but my ISP when you look up my ip comes from Ohio. What are they going to do then? Call the ISP, confirm that ip is assigned to me?
In theory, you could something on the network locally that runs openvpn, and install the client on your work machine, but in all reality, if your IT team is competent enough to audit IPs, they would likely notice anything that you set up, and that kind of behavior is a massive security breach. You’re better off getting express consent from your supervisor, than risk getting fired.
Yes, you can actually do it with an ssh tunnel / vpn / or a tinc tunnel wich have mesh support. Don’t forget to setup a dead man switch in your home configuration so no traffic leaks to the internet in case the vpn/tunnel fail. Good luck.
Sounds like bs to me. Any IT dept knows that consumer internet can and often change their public ip so would be massively unreliable to use that information.
They could use geolocation but again that’s also sometimes unreliable.
yes you can set this up…BUT there are other issues you might not be considering…tax implications for you and the company by working remote. And this depends on the state you are based in and working from.
Before you try any of these suggestions, consider the fact you’re not a local admin on the laptop, so cannot disable Windows location services.
It will also very likely have an MDM solution installed.
Is the laptop equipped with GPS? If yes, a VPN will make no difference.
If no, the laptop will still report it’s location via the WiFi network SSIDs in range.
Those networks will have had Android or iOS devices (with GPS) previously connected, which have reported their location, connected and visible SSID names already.
I sorda have this setup in a more travel friendly way. Home router/firewall (pfsense) runs wireguard, pfsense also does ddns to cloudflare for my domain. My travel router is a client for my wireguard server through my domain.com.
If my IP changes from my residential isp, theoretically cloudflare gets updated and my VPN continues to work. You would just set this up on your equivalent hardware.
Also this is just one potential solution. There are several ways to do this such as swapping wireguard for ipsec, it really depends on your understanding networking protocols