What's the most convenient travel router that can easily connect to various hotel wifi and wireguard vpn?
Purpose is to avoid employer knowing that I'm overseas for a while.
Is GliNet the best one?
 Thalidomide Vintage Ad Shirt $22.14 |
 DMT Has Friends For Me Shirt $21.68 |
Thalidomide Vintage Ad Shirt $22.14 |
dude even SighSee knows when you're using a vpn
if your employer cares about where you are, they can find out
you're not smarter than an entire corporate IT department
I'm not that stupid. The vpn server is my PC at my house. To corporate IT it would just look like I'm at home. Granted if there's a power outage at my house while I'm away, I'd be fricked.
Why would you be fricked? You're supposed to be at home right? So you have to act like it. Tell them the power went out. Easy.
I've always wondered if you could just rent a cloud server near your home and log in through that. Would they know?
The IP would show up being from that cloud provider, yeah. Would the security team brush it off as "it's close to his house, good enough", also probably yeah.
You’re thinking of VPN services where the IP ranges become known. If I have a full tunnel VPN in the router that goes back to my house, SighSee and my employer will see me at my house and won’t know I’m on VPN. If it’s done in the router and you only connect to the router and not to the hotel WiFi, unless your laptop has GPS (highly doubtful) they would never know
>what is latency
>what are time zones
>what is geolocation on MFA
Not likely that you'll be caught if they aren't looking for it, but you have to be aware that trying to defraud your employer without a trace is harder than it looks like.
>>what is geolocation on MFA
Damn I was not aware of this until now, thanks anon
Not an issue if you use your phone in roaming mode. My phone's IP address still shows up as one from the home country even if I'm abroad.
>>what is geolocation on MFA
just connect the phone to your VPN travel router, you dumb frick
surely you're not moronic enough to have GPS on all the time
Also one that doesnt make me only have 4 mbs because i got the yellow one from glinet and set it up with wireguard and my own private vpn vps and it was slow af connecting from fast wifi in Romania
Oh God Oh no we wouldnt ever want to defraud our inviolable employers now you turbohomosexual
You might want to visit SighSee for this. Be very careful though, if your employer has policies against working overseas then getting having your PC break down or get stolen means extreme amounts of fun.
I tried using a Slate AX router with wireguard configured to my home router while I was working in Europe. The latency alone, on top of the corporate VPN, made me never want to do it again. I had to end up taking "surprise" PTO just because the latency was so bad.
If you don't use a corporate VPN, I'd recommend just renting a VM or something from AWS or Azure and connecting to it then connecting to your corporate assets. Keep in mind if they're not supposed to be seeing AWS/Azure traffic from your IP, you're fricked.
That means you set it up entirely wrong or the hardware was too weak. I run a jitsi meet server from France and people from California, and Hawaii use it just fine.
Not even close to the same use case.
a video call to a server across the ocean to similar locations is a similar use case you dumb homosexual. What do you think a VPN is exactly, it's not some magical fairy box.
Hey man, if you don't understand the technology being mentioned in
just don't post. I appreciate you attempting to relate your personal experience to help out but it's obvious it's just not in your knowledge base. Thanks.
>speaking as if you know
listen moron. you obviously did something wrong to get shit results. People have been doing this for literally 3 years now at a minimum. Or do you honestly think you're the first person in the world to use an end user product built specifically for this exact thing you tired to do and failed?
Ugh please stop, I'm dropping the conversation because I just don't want any secondhand embarrassment from you anymore.
You're right, you'll be embarrassed, but due to your own actions.
Not him, but just to help those unaware, latency has absolutely nothing to do with MBPS. Imagine getting gigabit internet, but everything is recieved 5 seconds after you request it from the server - it's like the difference between client and server lag in vidya
t. also an uninformed techie
Jesus, I'm literally due to fly to Asia in January and I'm using the exact same VPN router as you with wireguard connecting to my corporate VPN in Europe and now I'm concerned the latency is going to be fricked.
Do you have any suggestions on how to improve the latency or what the bottlenecks could be?
My connection will be Hotel Wi-Fi --> VPN Router (Wireguard) --> VPS in Europe --> Corporate VPN in Europe --> business data
I guess the limitation will be the upload speed of the VPS in Europe right?
lol typical weeb OMG ASIA homosexual is borderline moronic. nobody help this gay. let him get fired on his own.
>My connection will be Hotel Wi-Fi --> VPN Router (Wireguard) --> VPS in Europe --> Corporate VPN in Europe --> business data
No that's not right at all. I assume your laptop has the corp VPN client installes on it yes? Also the hotel WiFi isn't connecting to you work laptop straight up. This diagram explains the connections of a good setup.
use this setup for the cloud server
They literally won't care. What if you were at an office sharing space like WeWork or working from Starbucks. They literally won't care. Only when it comes to national borders and taxation is when flags are raised.
don't be like this moron
and depend on a 20Mbps connection from halfway across the globe for good service then complain the VPN sucks.
>They literally won't care
Highly dependent on the type of data being worked with/on dude, bit irresponsible to say otherwise.
If they were strict you wouldnt be working from home.
>depends on the type of data
what do you think the work VPN is for? Companies suddenly trust home networks now? lmao.
They absolutely would not go to lengths to match your IP to your home address and update it every time your ISP issues you a new IP. Unplug your ISP router and wait 5 min, boom you have a new IP. They have real work to do, not babysit a static IP list that needs updating 3000 times a week.
Think for a moment.
I work in this industry. It's less about encryption and more about export control laws and regulations. If you're seen connecting from ISP/IP/location that has no correlation to your previous activity, I promise you flags are going to be raised. This is more relevant to financial and government institutions and data. If you work with any of this data, don't take the risk. I promise you they have the resources to investigate this traffic.
>"Hey where are you working today?"
"Airbnb in new state, WeWork had to find peace and quiet from home, Starbucks, literally anything"
>"oh ok"
I get that, and I wouldn't care. Just saying there are organizations that would care, that's all. If you don't deal with the aforementioned industries you probably have nothing to worry about.
>If you work with any of this data, don't take the risk
you wouldn't even be able to work from home if this were the case
t. works for a israelite hedge fund
>israelite hedge fund
How do you even sleep at night fr fr. Pay must be nice but frick that shit.
>government institutions
USGS are rescinding almost all telework agreements. It's over for us govvie bros.
Exactly this. I regularly cross check employees and contractors IPs against a geo database that shows location, ISP, etc.
This information is used to help detect when people are outside areas they shouldn't be working as we can't have the information in some counties, outsourcing the work illegally, and to detect when people go over the allocated "out of state or province" allowance which is a generous 45 continuous days.
>detect when people go over the allocated "out of state or province" allowance which is a generous 45 continuous days
So you waste your time correlating computers to IPs and track when they go over 45 days? Sounds like your days are numbered as being employed.
>"sir, sir, you can't go to that state even though it's a remote role! sir!"
>waste time
It's automated lol. If your activity doesn't match the ruleset, have fun calling the help desk to get your access unblocked. Always a fun time when help desk kicks it up to security, then I get to CC your manager on a policy violation email.
>it's real in my mind.
Even if that's true, you have a shit organization and in sure people leave due to shit policies. That's the great thing about remote work. Telling homosexuals like yourself and their homosexual bosses to frick themselves. I will travel and live how I want because I can. Regardless of some homosexual connection janny in "security".
Ok. Good luck to you 🙂
Some organizations have the need. People are aware of why.
This is the dumbest shit I've ever read. Most organizations don't do this. If that FAANG poster is correct there's no way smaller companies even give a frick. I worked for a medium sized tech firm and they didn't care at all. They just said "you check to see if you're eligible to work in that country, that's not our responsibility".
If your company is that anal, it's very old school or a bank.
Not a bank. Not old school. High security though yes.
>High security
Then you wouldn't be working remote if true. (which it's not)
and how would you deal with wework, coffee shops, and other locations? You still never addressed this. (because you can't)
CPRA. Plenty of states have privacy laws too.
Keep pretending like your understand the needs of every industry
>you must work from a home IP address because security
You honestly can't be this moronic, can you?
I never said home. I said we look for changes that are not informed. Part of the trust is them telling us where they will be
Mama mia this thread is like I walked into the spiceworks forums of "IT professionals "
>You honestly can't be this moronic, can you?
Many companies will do IP blocks for a region, it's not hard to ask Cox cable what their IP blocks are for X place and whitelist it, it's simple for a user to call into the helpdesk after googling "what's my IP" and whitelist it for access. Many companies do this if they are concerned about data security. Not all do though, many will just geo-block any country they don't do business with.
Latency will always depend on your connection method+distance round trip to destination+whatever applications are reaching out to from said place. You gotta weigh it all, for me working in Philippines was about ~350-800ms to NoVA, depending on the weather(literally). Phone calls were shit but I always just use an app on my phone because it works better.
The sweet spot for working abroad is being with the company long enough or in a Sr. position where no one cares, small enterprise and SMB companies often pay less but give the most leeway. Don't risk "being a DN" if you work in healthcare, financial, or directly for a government agency. If shit hits the fan and you had/have access to company assets, shit gets stolen your ass can be in actual legal trouble. Hell if the institution you are working for had a line in their data information security policy or insurance, detail something about what information can be in what location; that can also lead to trouble.
Just ask your boss if you can work around "current country" and if there are any rules about maybe visiting "neighboring country" if he says no, there is your answer. If he says "yeah you can't leave the country with work stuff" there you go as well, congrats. shrimple as that.
My GoogleFi phone always keeps its US IP on its mobile data, even in China I had a US IP there without a VPN or anything.
Google Fi will keep it as long as the Data stays active for the VPN service they offer to remain on, it will do this until the app stops via a reboot or app crash. I know I have Fi, they've recently fixed the loophole where you could leave 1 phone at home in the US. with a sim in it and then carry your phone abroad. After 90 days it shuts down now unless your email is that of a US government entity working abroad. You'll still get texts and calls, but VPN+data will stop
🙁 damn. That was a great option too.
I think there's a divergent here in actual remote work and morons trying to get around working remote when they clearly shouldn't. If the company is "high security" they shouldn't be remote and will likely change back to not being remote in the near future. While others work for companies that simply only care if the job is being done.
I agree but to add,I really I think it has to do with more people wanting to work remote when they are in positions of virtually no job security or importance. No you working as a T1 or T2 helpdesk/customer service monkey is not enough to vouch for you working abroad on a 12 hour time difference where for all I know you just came from the bar an hour before. Nor is it enough to risk the possibility of your laptop being lost/stolen abroad with company assets because you picked Tong's party hostel.
A lot of flexibility comes with seniority and working with upper management where not giving a frick because they know you're a asset to the team is worth giving some additional freedoms.
> While others work for companies that simply only care if the job is being done.
I'd say it's more the position one is in as well, like above. Ain't no one going to give you the time of day to maybe work on a 800ms latent calls for 8hrs a day while you are mumbling as to not wake the neighbors with your thin apartment walls. Where as Sr. Net Engineer who basically only has a task list for the week with a call here and there, can easily work anywhere without hiccups coming to them.
Also most people don't realize how boring DN can be 80% of the time
If you are in the US, do you know how many privacy laws you'd be breaking if you actually did this? This is how I know this is a larp. Your company is opening itself to massive legal liability and discrimination lawsuits tracking and storing each individual employees geolocation. Then sending them an email to their boss, also revealing private information to them as well. lmao. You didn't think this one through did you. Geolocation data isn't even foolproof either and constantly needs updating. If just one employee pushed back you'd be fricked. But then again, it's fake since you're larping.
If you're in the EU you'd be mega fricked.
>implying privacy protections apply to work devices
You should expect that anything you do on your work laptop is visible to infosec, compliance and HR jannies.
It's literally in the AUP that every single employee signs, I seriously hope people don't think they're the exception lol
>AUPs make it legal
lmao, no. AUPs are not above the law. Storing, sharing, and processing personal information such as IP addresses, then punishing employees is a big no no.
Which law, specifically, are you attempting to apply here?
Even Germany, famously anal on data protection after the Third Reich and it's successors deem company email accounts and company phones to be fully within the domain of the company, so keeping a log of IP addresses for security purposes will not even raise any questions, provided the employees have been informed about it.
Uh oh connection jannies. Your response?
Source:
>https://azure.microsoft.com/en-us/blog/bring-your-own-ip-addresses-byoip-to-azure-with-custom-ip-prefix/
>Your response?
Speaking from experience with Azure: Good luck!
Just know there is always a way around your moronic controls. Azure does fine and plenty of orgs use it.
>t. likely wouldn't even be able to afford the OpEx for his "home IP" on MS Azure, let alone the migration
You sure showed everyone who's the moron in this thread.
>Key Takeaways:
>You are not charged for the hosting or management of onboarded ranges brought to Azure.
Wow how could I possibly afford free. Damn. Also how much do you think it costs to host a basic server in the cloud? Oh no I'll have to use their free tier with a $200 credit. I can't possibly make a new account once that's been used up in 6-12 months...
The larper reveals himself.
If you do a lookup of the IP it will show that the owner is MS/Azure services. BYOIP is simply for companies who have decades old IP's tied to many vendors and changing it would be too great a task.
I love people go WTF IF MY COMPANY SEES MY IP?!?!
Hey morons, if your company is doing that there is a far better chance they have already blocked access to all company websites, services, and visibility from remote countries already. It's really not a complex thing or out of the ordinary during a security audit for them to suggest and implement geoblocking by country request codes or IP.
If your biggest worry is your boss seeing you with a foreign IP and getting axed for it, you probably aren't in a position to digital nomad. Besides most people get caught via their phones reporting their location for mail/document access anyways, that's often the giveaway, not your desktop.
I mean surely migrating your residential IP to Azure will eventually flag inside the Cloud / Data centre IP ranges eventually?
I've read stories of people buying other similar VPN's offering residential IP's and eventually the IP ranges get updated and they get exposed.
It will absolutely still show up as being from a cloud vendor.
It's disclosed to employees. Yes US employees
I think he must be larping because even my current company for example (not a FAANG but still S&P 500) one of my colleagues got new internet from a new ISP and his IP was showing as Isreal for literally months because the IP ranges hadn't switched over yet to the real country. He had not messages, emails or anything flagged whatsoever. I still think it's showing on all the IP checkers as Isreal even now.
Some companies definitely do check, search /r/digitalnomad for a bit and you'll see the morons who went abroad with no VPN get asked to come home pretty quickly.
Fake Connection Janny in "Security" has zero response to this.
It's fake because isreal has it's own IP block/ASN
https://ipinfo.io/countries/il#section-routers
When IP blocks are exchanged by providers there is a process to hand them over, anyone who's worked with datacenters or WAN's would know this instantly. By the time the IP block is ready to be leased to clients it is 100% updated to register correctly. There is a possibility their NMS uses some weird out of data local data repo for IP tracking but doubtful.
Geolocation isn't always 100% accurate though.
That colleague of mine could very well be bullshitting. Purely anecdotal.
I went down the KVM over IP rabbit hole last night and unfortunately it can't reliably do video calls (at least at my price point) which I need to do every morning. There were options for $7k-8k devices but at this point I'm better off with a router VPN instead.
I'm senior in an important team and have been there a while but I'm also in the financial industry so probably a higher risk. The answer would 100% be a hard no to move anywhere which is why I'm pursuing this route.
Strangely the IT infrastructure honestly seems pretty lax... I've been using public Wi-Fi all over the country connecting to the corporate VPN and nothing flagged yet. Testing my own Wireguard VPN soon whilst being at home is my next step to see if anyone says anything, but I'm doubtful.
Careful. Sometimes we keep that information and don't act on it unless it's an insurance liability.
Then boom, manager wants you gone? Upcoming layoffs? We now have a "for cause" justification.
Generally these can be made to look bag enough we get to skip past the warning step.
Dude, stop fricking larping. It's very clear you don't actually work in IT.
All companies are exactly the same
Gotcha
You're right I work in tech
IT 2.0
That's literally not how anything works.
>t. actually works in Security
Let's for a moment go into a deep dive of your comment then shall we?
>sometimes we keep VPN connection logs
Lol no, either you do or fricking don't. There's no arbitrary sometimes. Idiot.
>and don't act unless it's an insurance liability
lmao no. If a company wants to fire you it won't be over VPN logs. It'll be for well documented performance issues that cannot be challenged. You've clearly never dealt with an actual company covering its ass from wrongful firing lawsuits.
Also using "we" as if you're management or secret henchment of management. Lmao.
and finally
>tech and IT are different
lol, lmao even
You lack of reading comprehension is astounding.
Never said "connection logs", I said information. As in the packet of consolidated summarized info.
Performance isn't the only cause for firing. Undue risks, exposure to risks, circumvent of notification policies around access and geography.
Tech (IT 2.0) and IT are different. You're being left behind if you can't see it's a cliff and not a slow transition between the two.
I'm not henchman. I do a lot of analysis. It's up to managers to keep and use this information, which some do.
I never claimed to be management. I am a very senior individual contributors and my average day interfaces with most of the c-suite.
>As in the packet of consolidated summarized info.
Which would consist of.....? oh right proof. An employer isn't going to fire someone without proof if it's not right to work state.
You're a larping homosexual. Just stfu. You can't even keep a single argument other than "ooooh be careful we'll fire you if you get caught!". Most likely you're someone who wants to work remote but can't because you're too much of a b***h to ask permission to work remote or worst care you don't even have a job.
>"Tech and IT are different!!!!"
Maybe if you're a moron you'd think this. What do you think DevOPs is. Tech or IT? They are both infrastructure and development. Again, you'd know basic shit like this if you actually had a job and didn't read your "work experience" from blog posts.
>I do a lot of analysis
I'm sure as a connection janny, you do. lol. Most of it useless if you're spending your days tracking down employees working in another state longer than 45 days.
You do realize you've had multiple people reply to you, right?
You're wrong on so very many points. I see this type of behavior a lot from people like yourself, you fit a specific profile and I'd bet a pay cheque it's on point if we ever met in real life.
Drop your discord. If you're in NA, SA, EU I'll stop by and grab you a drink, and show you in person with words and credentials just how wrong you are.
Serious offer. This is a travel board. I do love to travel. Proving a butthurt ranter wrong is as good as any, plus everywhere has something worth visiting near by.
>proving a ranter wrong
You haven't proven anything wrong, only that you're talking out your ass.
So I take it that's a no fo meeting to provide credentials proof in person yeah?
>social engineering doesn't exist
Thought you were in security big guy.
Jesus dude give it up. I've called you out. If you can't grab a drink arranged via Discord you're not an adult or a shut in. In both cases I understand why this thread confuses you.
plenty of people here already proved you wrong. I owe you nothing and I'm not the one desperately trying to prove who I am, unlike you, homosexual.
Oh yeah, remote video calls through the KVM over IP sounds like an extremely lofty goal and definitely not happening on my PiKVM setup. Even if you had the bandwidth and processing power a 500ms ping is a huge deal, and then there's the layers of drivers and shit that enable the audio/video/microphone to work that I would be surprised to see function. I don't even get sound through my PiKVM. I use my own hardware connected to my GLiNet tunnel for the calls, but fortunately I never need to share my screen on those calls. They might know I'm not on the company computer but I have already alluded to using my personal computer for calls, emails, MS Teams, etc.
Yeahhh this was the same setup I had in mind. VPN Router will be a wired connection to my laptop, when a request is made from the laptop it will go via the VPN router via the VPS in Europe.
that diagram kek
I can only speak for the UK but from my research, the 183 day rule is only the first step. You then have statutory residence tests that HMRC will perform to determine whether you're a tax resident in the country still.
For my case for example if I was a tax resident the previous year I can stay 16+ days in the UK the following year and still maintain that.
However I've been told that HMRC won't even be notified of this unless you explicitly phone them up and tell them. So nothing will happen.
As for the country you're working from, again working on a non-work visa is breaking immigration law etc. but realistically for places like Thailand where they know literally 10's of thousands of people are doing this, I don't think they care or investigate it... this is the same country where you get caught drink driving and can pay off the officer 3k baht and drive home lmao. They even have wework type digital nomad spaces here dotted around full of westerners all most likely breaking these laws.
The dude saying that IT would be able to see a different IP address is right. Yes the traffic from the work VPN is encrypted and no middle man will see that data. I think you're both arguing different points lol.
Moral of the story is just get a VPS with a cloud provider with high upload speed in the country you should be working in and test this entire setup from your bedroom for at least a month before even thinking about moving so in the offchance IT asks you can say you got a VPN so you can watch Korean netflix or some other moronic excuse.
Fricking based anon, I'm preparing the same trip but I'm terrified about getting fired and then my company suing my ass for insane money. Why only 6 months?
My point is they will see the IP and not care. The guy is a moron thinking you are somehow vulnerable going through a VPN tunnel that traverses a... *gasp*... cloud provider! Which hilariously his workplace probably uses.
Yes this is the best one. Set up pivpn on your home network, use picrel to auto connect to vpn and they’ll never know.
On this topic, how do you handle taxes? If you stay for 6+ months are you going to frick your employer over with payroll laws in whatever country you're in?
>Is GliNet the best one?
I have the AC1300 and its works gewd. I have used it to work remotely from other states, not overseas though.
Sometimes you'll have trouble connecting to places that need a GUI sign in, like Starbucks or whatever. With "normal" APs, it's been no issue with connecting to my home WG instance.
>Is GliNet the best one?
/g/numan autist here and yes. I use their Flint 2 at home as well because of the OpenWRT preinstalled (adblock/vpn/network monitoring extensions). Hard to beat their refurb prices.
https://store-us.gl-inet.com/collections/certified-refurbished-product/products/refurbished-beryl-gl-mt1300-wireless-travel-router
(This is the early bird model I got for home use). Great little products that respect your freedoms.
https://www.gl-inet.com/products/gl-mt6000/
Would renting a data center work for this? Are there any whose IP's won't be flagged like AWS would?
every service provider is assigned a block of IP addresses so probably not
Could they tell that you're using one and not, say, a rented office space?
Yes, the datacenter providers have their own IP address blocks and the owning entities are public knowledge to the point of geographic locations, check out the various GeoIP lookups for funsies. If your VPN entry point is tagged as suspicious (every single datacenter IP block counts btw) then the rest depends on what your company's SOC is doing, you might either get nothing because nobody cares and just tries to evade work until their pants are thoroughly soiled with ransomware, or they actually set up their IDS right and you'll immediately have your access nuked with a followup call asking what the frick is going on because it looks like someone busted your account wide open and is trying to access company resources from a shady rental server.
>or they actually set up their IDS right and you'll immediately have your access nuked with a followup call asking what the frick is going on because it looks like someone busted your account wide open and is trying to access company resources from a shady rental server.
Holy shit you're moronic. I honestly hope you don't work in IT since you lack the most basic understanding of how a VPN works.
The"shady server" isn't accessing anything from your company, your encrypted traffic is going right over it. Do you understand what "encrypted" means? Again, do you honestly think your home connection is anything special or different or more secure than a connection from a cloud provider? All should be treated as unsafe, and the attack vector is the same, your work machine.
>The"shady server" isn't accessing anything from your company, your encrypted traffic is going right over it. Do you understand what "encrypted" means?
Do you think the secure connection just magically originates from the ether to connect to your system via tachyons or something? The VPN endpoint has to talk to something in order to set up the connection, which in this case is some IP address assigned to that "shady server" at some VPS farm. "Encrypted" isn't a magic buzzword that turns you completely invisible to everyone.
>Again, do you honestly think your home connection is anything special or different or more secure than a connection from a cloud provider?
It is "special" and "different" as in the system can reasonably expect the connection to originate from a residential IP block in your country. Trying to connect as a regular workstation from a cloud provider is much more unusual and if the system is configured to care, there goes your access. My previous employer even had to put out a big intranet announcement in red because morons kept trying to pull the exact shit you suggested and clogging support because the security appliance got mad at them again.
>Do you think the secure connection just magically originates from the ether to connect to your system via tachyons or something? The VPN endpoint has to talk to something in order to set up the connection, which in this case is some IP address assigned to that "shady server" at some VPS farm. "Encrypted" isn't a magic buzzword that turns you completely invisible to everyone.
Again, I honestly hope you don't work in IT. IKE (Internet Key Exchange) is how your connection is formed. This goes from your work machine to your employers VPN gateway. Everything in between cannot see/decrypt its traffic. Regardless of IP, regardless of router, switch, et al in between your work device and your work VPN gateway. It absolutely in no way "talks to an IP and says ok come on it, it's a home address it must be good!" lmao.
A VPN you setup to change your IP is different from the VPN your work provides you. You aren't connecting your work VPN to a cloud server and the cloud server isn't connecting to your works VPN gateway, moron. If you honestly think that's how it works I can't help you.
>work sent out emails
Indeed if you are any indication of IT knowledge at your former employer, no doubt many morons like you fricked up the configuration.
Again, if you worked at a shared office space, you have no control over their connection, they very well may buold a VPN to a cloud service and do the same thing to proxy their connection or filter their connections to block unwanted sites. You would have no clue.
>This goes from your work machine to your employers VPN gateway.
Yeah, and if you set up one of those boxes like OP to tunnel traffic from the hotel/resort/whatever network to a random datacenter, then the VPN gateway sees an incoming connection from an IP address block that belongs to the random datacenter. Which, again, might make the security appliance angry depending on how it's set up because corporate security devices like to talk to each other, they don't exist in a vacuum.
I'd really like to know how you think the internet functions.
Do a traceroute to google.com. See the "random" IPs your request is going through? Yeah so is your other traffic too. Those big bad scary data centers are pushing your traffic! Shut it down!
The internet works by everything having a source address and a destination address. If you set up a VPN tunnel that ends at a rental box in us-east-1 to mask your IP address and connect to the corporate VPN via said tunnel, what IP address is the VPN corporate endpoint going to see?
The big bad shady rental server IP, which your company should have resources on too, moron. Like I said, that shouldn't matter since any number of cases would produce this outcome without you doing anything or knowingly connecting to a location that proxys it's traffic. In fact google is about to push all chrome users to proxy their traffic through big bad google data centers! *gasp*! And if you are on the security team that controls the IDS that flags this has a finding, lol. Lmao even. You're just trying to justify your job as 1000s of other platform engineering checks on the endpoint itself are better, more accurate indicators of a compromised machine. Not a fricking IP.
If your company has a remote policy they can get fricked on asking permission. It's none of their business.
>The big bad shady rental server IP
Well there you go. Now we can circle back to the original point I was making: depending on your company's level of paranoia, they might either not give a frick or the VPN endpoint can drop your ass because a workstation VPN profile trying to connect from an IP address block has much better chances of having something odd going on, including a rogue employee trying to hide his physical location.
>which your company should have resources on too, moron
You do realize that the company systems can differentiate between traffic, for example an internal server poking at some cloud storage pool, someone initiating a VPN from the intranet towards the cloud and someone attempting to fire up a VPN connection from the cloud towards the intranet? It isn't some opaque "oh I guess there's connections from that network" firehose of data.
>trying to connect from an IP address block
trying to connect from an IP address block that is commonly used to hide something*
No cloud bad
Cloud shady
Home IP good
Home IP safe
>for example an internal server poking at some cloud storage pool
Why would an internal server be initiating traffic to an unknown location? kek again you clearly don't know IT.
>someone initiating a VPN from the intranet towards the cloud
Again this makes zero sense. You aren't terminating your works VPN to any where other than your work VPN gateway. No one (except you) has implied otherwise. Holy frick just stop.
>someone attempting to fire up a VPN connection from the cloud towards the intranet
Again, your work VPN is initialized by your work laptop, and nothing else. If your company were serious they'd authenticate by a machine certain matched with an SSO service. They wouldn't be authenticating by specific IP, moron.
*machine cert
Steve Connection Janny, is that you?
Don't listen to the first moronic response. The company won't care where you're working remotely since you'll be working remote. Look up the basics of "ZeroTrust", it means the endpoint (your work machine) is the highest priority in keeping it locked down and secure. That's how this "work remote" situation succeeds.
i'm planning to start a 1-man LLC and then nobody can tell me shit so long as i have a few clients
Just came back from a wonderful 6 months in an asia tour. Built a whole social life in these 6 months than i ever did back home.
Used wireguard glinet set up
2 location one at my house one at my friends house in case my shit fails
2 phones a phone that has all location services off connected to the vpn wifi for mfa
Was shitting bricks when my employer asked me to connect to corporate vpn thought i was fricked but turned out to be fine.
Best decision if my life cancelled my apartment doing a year again. frick america.
Could get a 6 fig salary in person but you cannot beat that remote fricking lifestyle.
Nice job anon how fast was your connection my glinet through vps was slow as frick and annoying to work on
Did you get one of the good routers?
i got the basic b***h yellow one
but all my bnbs had fiberoptic connections
640mbps
through the gli net it was at 32mbps got the basic xfinity 300mpbs/20??
had no problems / lag with team meetings
NERD FIIIIGHT
So much misinformation with the VPN angle. You don't own the company data you're transmitting and you certainly don't get to decide how it gets back to your organization without approval lol. Clear all remote work with your employer.
Greeting nerds. I provide you with two options:
1) Tailscale, it's free and you use your home node as the exit node, and boom, all your traffic is from your house.
2) Remote desktop or VNC into your actual server and do your work from there (terribly slow sometimes, but depends on how often you need to do actual work)
Both assume you can install software on your devices, but 1) works pretty flawlessly and transparently over ANY wifi or eth connection
>Both assume you can install software on your devices
Any company worth working for will give you a locked down and heavily monitored laptop
and honestly even if you do manage to get a "clean" laptop, MS Teams, web portals, etc all collect info about your IP location and usage. VPN software sometimes fricks up or lets stuff through. having a VPN router is much more transparent and reliable.
Lol you can't and shouldn't fricking install software on your work laptop that isn't approved by your company. This is fricking brainlet tier on par with the moron that monitors IPs all day.
>actively monitoring IPs to see they come from residential locations
You realize common work spaces like WeWork exist right? You realize coffee shops exist right? Often times they proxy their traffic to *gasp* those evil cloud providers!
>location services
Yeah based on your network connection, which will be proxied.
Hi connection janny. Your existence is pathetic and pointless.
"Lol you can't and shouldn't fricking install software on your work laptop that isn't approved by your company. This is fricking brainlet tier on par with the moron that monitors IPs all day.
"
tier he says.....I worked 20 years in FAANG and we do it all the time. Also have RUN InfoSec Orgs, and they give developers HUGE leeway to do shit on their laptops all the time.
>"works at FAANG"
No you don't homosexual. You can't even properly comment on SighSee using > correctly.
You're mega moronic and totally up your ass....a lost cause
not an argument.
FAANG security is a joke outside specific AWS departments. Opinion discarded
>You realize common work spaces like WeWork exist right? You realize coffee shops exist right? Often times they proxy their traffic to *gasp* those evil cloud providers!
ya, all fine and dandy until management asks you to come to office from the local coffee shop and you're on the other side of the planet. Quit being a moron.
To deny IT and security departments of large companies aren't scanning IPs connecting to corporate VPNs for non-residential IPs is odd.
>until management asks you to come to office
Why would they if you're remote?
Next thing he'll tell you is that internal security will call every starbucks and coworking space in the area and ask if they've seen this man
Like the israelite hedge fund band guy said earlier, if the company really gave a frick about security, 100% remote wouldn't be an option and even bringing any kind of important data home wouldn't be.
This being said I wouldn't be as moronic as not being upfront about where i'm working from unless i'm already currently seeking another job. You never know whether you're getting away with it or they're currently building a case and getting backlogs.
even remote workers can be asked to come into the office for important meetings etc. it is not uncommon to find that as a clause in your T&Cs of employment
i used to do a job where i was travelling most of the time and working from home for the rest of the time but even then if there was an important customer visiting or something they would ask me to come to the office
>"sorry I tested positive for COVID. next time!"
True. I've worked remote roles that have team meetings and get togethers. The travel to the office is always been paid for. (from Germany to California). In that case I absolutely show up. Those are fun.
adding a couple of tips to the overall good advice here:
- so much can be blamed on you supposed local setup, assuming you already work from home. worried about a power outage affecting VPN? yeah you had a power outage, you had to go to a coffee shop, the internet is "weird" here, you don't know what a VPN is. or maybe your cousin set up your modem (sic) and you only know the wifi password and not what is going on at the router as far as VPNs are concerned.
- if you need to use your work computer to work, it's unfortunate, but just be aware. instead of installing VPN software on the computer, use a VPN router (like 2x BerylAX). if you are paranoid about geolocation, disable wifi and use an ethernet adapter to the router. be VERY cautious about theft since it will be worlds more difficult to explain a lost computer when traveling. i leave my work computer at home and access it with a pikvm, which means zero detectability but a lot of lag. i only need to use work computer once a week or so.
- you are not just trying to fool the IT department who "probably doesn't care where you are as long as your work gets done" - you are also up against jealous office-bound employees, the legal team, and local country taxes. there are a lot of reasons to be super vigilant about this. make sure your work computer time is set so that emails and shared screen don't indicate you are on the other side of the world. do not cheap out on internet service; diversify your connection options even if it means buying two SIM cards. always be on time for shit. don't use 24/7 mouse jigglers or other obvious methods of disguising your work hours.
PIKVM is very interesting... I've not heard about this before but I'm guessing this is similar to RDP except you don't have to install any software on your work PC whatsover?
How's the latency? Could I buy a better device as long as it has KVM over IP... I need to connect to my work laptop and then do my work over a Linux Red hat remote desktop environment so I imagine this might be too much lag...
Forgot about this thread. I think the other guy that responded is not answering your question about PiKVM latency specifically. Honestly, it's bad, but it works for me. I can be in the same room as the PiKVM/router all on the same network and it's usable for email and light spreadsheet work, but annoying. Beyond the lag there's also the difference between browser-based input and what happens on screen: it is good but not perfect (touchpad scrolling for example). When I'm abroad, the lag and compression/quality bother me a lot, I can do what I need to do once or twice a week but it takes 3 times longer than if I was actually sitting at the computer. Which I don't find to be my problem, or feel any guilt over, because I'm doing all this because of a technicality I disagree with and out of a fear that I should not have. Not to un-sell you on it, but it is an expensive solution that is inherently laggy, but it is so elegantly untraceable that it was worth it to me. I no longer worry about the company computer reporting location or what would happen if it got lost/stolen. I started to think about what I've spent in total between this thing and GLiNet routers and all that shit and it's still ultimately less than a day's pay to reduce the chances I get in trouble/fired, so it's absolutely worth it to have 2+ solutions to any remote-working problem I might have. I started to buy at least 2 SIM cards when I travel anywhere for the same reason - another $10 to delay/prevent me getting fired is not even a rounding error financially.
It really comes down to a few things:
1. If your IT department is competent and is actively monitoring IP addresses and only expect residential IP addresses, they *will* notice IPs coming from AWS/Azure/Hetzner/GCP/Rackspace. This means you need to route through your house/some residential place before connecting to corporate VPN, otherwise you're fricked.
2. If you're on a macbook (and probably some corporate windows machines?) and again your IT department is competent, location services which are presumably group policy managed and if there's rules for locations of hardware, you should assume they'll know. Unlikely you can disable (or disable it without them knowing). The good news is that you can check if location services are enabled.
gli.net routers are nice. i like it also has microsd and usb so i can backup files on storage
California was a mistake
It's quite obvious who actually works in security and who took security+ ITT.
Security+ is just a money grab. First it was a forever cert. Then it was "pay us $50 every year to keep it valid". Now they think they are on par with actual security certs like CCNP Security, AWS security, and CCSP. Oh and they have a $300 " fill the gap" course you can take to renew your cert.
why is this dude so butthurt he's not as untrackable as he thinks he is lol, I bet you think we're actually anonymous on SighSee too
yes, you
No ones arguing you're untraceable, homosexual.
The larp fear mongerer from someone who doesn't even work in Tech/IT (a connection janny certainly would be not considered a developer btw) is absolutely moronic and must be called out as such. It's fricking reddit-teir to speak from an unsubstantiated position of authority with such certainty.
imagine arguing about this on a Saturday morning on a travel board meant for maladjusted losers and me