6

I have a work-issued computer that I have limited access to the Internet due to the security protocols in place on the device. I want to use this machine at home, for work. I want to be able to hide my IP address as I move frequently for my spouse's work as he moves around the world. I understand there are proxy servers and VPNs, but my work computer has been secured and we do not have access to the internet to freely sign into these services or install software on them.

Is there a way to hide every IP address in a home? Is there a way to get every device in the house to be proxied with one sign in from one device, or is that dreaming?

I would really love to have the flexibility to work from home so I may keep my job. Any suggestions would be greatly appreciated.

(My employer allows us to work from home in the U.S. and Canada - but my spouse moves to other places and we do not want to try and maintain two households as this is extremely costly)

curious
  • 61
  • 1
  • 3
  • 3
    I'm really confused about what you want to do. Is it against policy to work from home? Or why would they care if you move around a lot? – cpast Mar 11 '15 at 04:00
  • 1
    It sounds like your employer is unreasonable if you might not "keep your job" because of protections on the laptop they issued you. Have you brought up the issue with your manager, or the IT staff? – armani Apr 10 '15 at 23:11
  • I'm a little confused too here. But if your job is working with some documents or similar, maybe you can talk to your employer or IT staff to add a folder sync to your computer? Some services like google drive or dropbox. So basically, you're not connecting to your office computer but you can bring your documents anytime. Maybe that's exactly what you wants? – Kertiyasa Mandala Oct 03 '16 at 08:08

6 Answers6

1

So if I understand correctly you can work from home, and that IP address is OK. You need to setup a VPN or SSH tunnel at home, through which you can connect to your work network. You probably need to buy a router or cheap server (older laptop) that can do this.

Can you set VPN on your work laptop? If so, you can connect to your home VPN and work from there. If you cannot setup VPN, you can setup a router that handles this, to which your work laptop connects. You should buy a separate router for this, connect only your laptop to it, so no other devices connect to your home VPN - which will resulting in a slow connection.

For work, do you use VPN? Then your laptop should setup the VPN connection to work, automatically using home VPN and possibly abroad VPN.

That means you have to handle two or even three VPN connections. I have no idea how that works, if that works, if the connection is stable and fast enough. Your home VPN should be very stable, ADSL or cable very fast, upload and download.

You may have to get professional support for this.

SPRBRN
  • 7,529
  • 6
  • 38
  • 38
0

If you are using your work laptop from a remote location, and you wish to access corporate resources, you will need to be on a corporate VPN.

To establish the VPN connection, the VPN gateway will allocate you an IP address within the VPN infrastucture. This IP address is entirely different from the IP of your home or other remote location.

Once the IP address has been issued, the VPN client will likely apply lockdown scripts, run a bit of auditing, and also ensure that proper group policy is applied to your machine. Part of this group policy will be to lock down your brower's proxy settings, meaning that all internet traffic will still go through your corporate proxy and you will still not be able to access sites that are blocked by your employer.

If you question is-- can I hide my local IP address? -- the answer is no, your visible IP address will be the IP address issued by your ISP, and it will be logged when you establish the VPN. However, that IP will not be used for any of your work activities or browser use once the VPN is established.

John Wu
  • 9,311
  • 1
  • 30
  • 40
0

Assuming the following:

  • Work Computer is a black box ... has Corp VPN and needs an inet connection nothing can be reconfigured short of the DHCP handed to its NIC
  • "Home" is not in the US
  • Money < $1k is not a huge issue because if you get to keep your job and not have to collocate you would save a TON.

First, you need a proxy ... not a web proxy but a fixed point in the US in which to bounce your connection off of. There are many ways to accomplish this, but the most reliable is going to be a VPS (Virtual Private Server). For my setup i have used AWS, Digital Ocean, and RamNode for this. They differ in uptime/price/support you will have to do some research.

Once you have your fixed point, you need to create a secure tunnel to it ... in the past I have used TINC but OpenVPN would work as well. Your fixed point VPS would act as the server, and then you would need to get a client device for your corp computer to connect to locally. Client device could be a router with Tomato or DDWRT or you could get a low powered computer such as a raspberry pi or a cheap laptop. I personally would go with a rPi but again you will have to do some research. This client device would have to act as both a Local Gateway as well as a VPN Client to your Fixed Point Server.

So, once it is all set up your network diagram should look like:

[Comp] <-- comp_vpn --> [VPS] <== personal_vpn ==> [rPI] <-- comp_vpn --> [comp computer]

This means that after all the connections where established

  • your company computer would connect to the rPI thinking its the internet
  • your company would see the IP if your Fixed Point VPS
  • connection between Fixed Point VPS and rPI would be a VPN within a VPN
  • no configuration would be required on your company computer

This answer is to give you an overview of what needs to be setup, the configuration of each part will need to be researched / asked on there respective SE sites (not all of this configuration is security related).

It should also be noted that your company may have a VERY good reason for only allowing access to there VPN from within the US. There are admin on security.se that have asked for ways of preventing exactly what was described above due to the fact that a company network access in places like China could be a HUGE security risk. By setting this up, you may be opening your company up to corporate espionage as well as opening yourself up to litigation for knowingly circumventing company policy.

On the one hand I would be a hypocrite telling you that this is bad and you should never do it (being as how I am typing this message over a very similar connection) but on the other, you should be aware that this could get you in to quite a bit of trouble. With great power comes great responsibility ... choose wisely.

CaffeineAddiction
  • 7,771
  • 2
  • 24
  • 42
  • If your company computer is not a black box and you can install software a MUCH easier solution would be leave it at a trusted friend / family members house in the US and setup a Remote Desktop connection with something like TeamViewer. – CaffeineAddiction Nov 01 '16 at 20:47
0

If your personal machine cannot do what you want, you can use a router to set up VPNs and proxies for you. You have a couple options:

  1. Use a separate router and Internet connection for yourself. All connections to the Internet made from that router will be routed through a proxy or VPN. This is the more expensive option, but the configuration is straight-forward. No sign-in, no switching to a service, just use that router and go.
  2. Configure a router to route just your machine's traffic through a VPN/proxy. You need a router that can do this level of routing. It's cheaper, but the configuration might be more complex.
schroeder
  • 129,372
  • 55
  • 299
  • 340
  • This may or may not work depending upon the OP's employer's VPN solution - at least I haven't had much luck establishing a network level VPN connection inside of a VPN connection. – k1DBLITZ Mar 11 '15 at 13:25
  • @k1DBLITZ Assuming the OP's employer uses a VPN... VPN inside a VPN is tricky, but you can chain VPNs at a middle point. – schroeder Mar 11 '15 at 20:55
  • @schroeder please expand on what the middle point is – curious Mar 16 '15 at 03:36
  • That middle point could be another computer or a VPN service that allows VPN chaining. For instance, you could start a service on AWS who's sole purpose is to be the connecting point between the 2 VPNs – schroeder Mar 16 '15 at 05:11
  • 1
    I don't think the issue is when she is at home. I guess she is worried about "moving around the world" with her spouse. Setting up the router when she is in a hotel or a cafe is not an option... –  Aug 09 '15 at 10:28
  • @KagueiNakueka The OP states specifically that she needs solution for when at home. – schroeder Aug 09 '15 at 18:31
0

There's a number of possible solutions to this issue that you could look at, depending on what resources you have access to and how much money you can spend :)

The first one that occurs would be a network KVM solution. This would allow you to connect to the machine "console" over a network and leave the physical system in the US connected to its standard connection to your employers VPN.

One example of KVM over IP solutions would be this.

Rory McCune
  • 62,266
  • 14
  • 146
  • 222
0

Is there a way to hide every IP address in a home? Is there a way to get every device in the house to be proxied with one sign in from one device, or is that dreaming?

Here a Gyro Gearloose's idea how to make it work when you are not a home.

Modern smartphones are able to share your Internet connection to other devices via Bluetooth or WiFi. What you could do is:

  • Establish a connection to the Internet with a smartphone
  • Connect it to a VPN or proxy services
  • Share this tunnelled connection through bluetooth (in case your connecting via WiFi AP) or WiFi (if you have an ethernet connection)

For an ethernet connection you will need an adapter and not all smartphones support it though.

If you wanna go pro, you could buy a Raspberry Pi and two Wifi dongles and set it as an access point. Then you can share WiFi or Ethernet connections always via WiFi.