r/AskTechnology • u/jimmiejoejohnson • 10h ago
If I tunnel a travel router to my home router using a VPN then go abroad, will my employer know I am abroad?
Not sure if this is reliable, it's just what I found searching online. I was looking at a travel router that can be tunneled to my home router in the US to prevent my employer from recognizing that I am abroad while logged into their laptop, and shows my home address as the IP.
I can't download any software on my work laptop so I imagine the travel router will need to have a VPN, and my plan is to use it via ethernet only with wifi turned off on the laptop.
Anyone know if this is reliable? And does the VPN have to be on the travel router in this case (since I can't add one to my work laptop)?
4
u/Particular_Camel_631 3h ago
There are good reasons why your employer might need to know you are working abroad.
Tax, insurance, data sovereignty etc.
Plus you will be committing gross negligence, which (in the uk at least) means instant dismissal without notice.
Only an idiot would try this. Or someone who wanted to leave and didn’t mind getting terrible references.
2
u/DakuShinobi 10h ago
I've seen it done this way. It does work but I'm not sure if there is a sneak way to detect it.
2
u/LividLife5541 10h ago
um, safe to assume that just about anything these days is being surveilled by your employer so I would not do anything stupid.
1
u/shayonpal 10h ago
I can tell you what I do. Not sure if it will fit your use case since I don’t know your stack.
I have a Mac Mini server at home, connected to a UPS, and connected to a Tailscale network.
When I remote into my Mini using the Tailscale VPN, everything I access is accessed from my home network’s public IP. Which network/machine I’m using to log into my Mini doesn’t matter.
I don’t have an employer, so I don’t have your problem. But if I did, I think my current setup would still have worked.
1
u/Keljian52 9h ago
I mean, a unifi cloud gateway ultra is much less expensive than that, and can act as a wireguard server.
1
0
u/shayonpal 9h ago
Not sure what you mean by expenses. I pay zero dollars for this set up, except the computer itself, which I had anyway.
2
u/heehoX 8h ago
I guess he means cheaper than a Mac as an exit node. I also switched to that for about 2 months now since I already have the unifi router anyway. I'm still running both since I also use tailscale to access my selfhosted Github runners.
1
u/shayonpal 7h ago
As I’d mentioned in my original comment, I had no idea about OP’s stack. Also, they could also set up Tailscale on whatever computer they have.
1
u/GunterJanek 9h ago
Look at GL.inet travel routers because they offer models with VPN capabilities including wireguard and openvpn. Obviously you'll need to have a device on your network to act as the server and connect to which will add to the complexity depending on the route that you go.
1
u/jimmiejoejohnson 9h ago
Will look into it, thanks!
1
u/HappyDutchMan 5h ago
Please mind that your laptop and or phone might be location aware and that your employer might notice that it is in a different location/ Like changing time zone etc.
1
u/Tim-Fu 4h ago
Can’t believe I had to scroll down so far to read this! This exactly, your best bet is to leave the laptop at home so its location is there and then something like https://www.aurga.com to connect to it..
1
u/threespire 9h ago
What’s your company’s policy for working outside of the domestic country, ie the US for you?
Asking this to ascertain the benefit/risk factors in the first instance.
What’s your rationale for working abroad? Digital nomad life? Something else?
1
u/skylinesora 9h ago
None of what you're asking matters. OP is doing this to get around travel restrictions.
1
u/jimmiejoejohnson 9h ago
There is no policy technically, which is odd, because they fired someone for working abroad.
I work in consulting and am just on their laptop and servers. I could care less where I work, since my paperwork specified literally nothing about having to be in the US to work for them.
However, seems IT treats me like a permanent employee in terms of restrictions and what not. So I am concerned that if someone else got let go, then I must be careful.
2
2
u/Virtual-Neck637 4h ago
Just because you don't understand why, doesn't mean there isn't a good reason why. You're risking getting fired, or even charged with a crime. Might be worth finding out, no?
1
u/_maple_panda 6h ago
Huge difference between travel restrictions being “working outside the country is an ITAR violation” and “I’d like to be on vacation a day longer than I got time off for”…
1
1
u/skylinesora 9h ago
It's reliable but hopefully you have somebody home to troubleshoot if anything goes down.
Regarding getting caught, it would be difficult. The only way would be if your company was anal enough to track latency but then again, crappy internet can be an excuse.
You'd want to make sure your phone never connects to anything work related except when it's behind your VPN.
1
u/smokingcrater 8h ago
Lots of mdm software includes location. WIn 11 location services is pretty bad but it will easily pull the country, which in turn gets reported to intune.
1
u/skylinesora 2h ago
That’s if you have a managed phone.
1
u/Budget_Putt8393 11m ago
MDM does computers too.
Computers often have GPS, which can feed location services. If your laptop has a cell connection module they can pull location even if the module is not connected/used.
1
u/skylinesora 8m ago
Computers having GPS is normally the exception and not the norm. Same with a cell phone connection.
1
u/Miserable_Smoke 9h ago
You'll want to have a VPN set up on your router at home, then VPN the travel router to that. Any connection to the travel router will look like it's coming from home.
1
u/PoolMotosBowling 9h ago
If you understand IP routing and VPNs, it will work perfectly. They won't know.
Do they have a rule that you have to come from the one exact IP?? Seems weird they would know that. Did you give them your homes public IP when you started?
1
u/jimmiejoejohnson 9h ago
I don't know IP routings that well but use VPN extensively on non-work devices. I did not give them home IP when I started and there was never a rule that I had to be on their local network to work. I am a consultant and just log in and do my job. Not even an employee but I hear they are cracking down.
If you don't mind, can you take a look at this and let me know if it'll do the trick?
1
u/PoolMotosBowling 9h ago
"I'm a consultant, I don't work at the same location every day"
No rule?? What are they cracking down on??
1
u/jimmiejoejohnson 8h ago
I think they just gave the terminated employee a reason to not work remote. This is the premise of my question to be honest. Trying to protect myself.
1
1
u/Templar1980 7h ago
Why not just use a standard VPN on the router into your country of choice? The geolocation of your IP would look like home country much simpler than configuring your own.
1
1
u/Jin-Bru 6h ago
Why bother with the tunnels and all the challenges that brings? I work from all over the world but I'm always at my desk.
I use remote desktop to reach back to my office computer and log onto work from there. My work machine has all tools and configs for my clients. It's just more convenient.
It just means leaving my computer on 24x7. I could use wake on lan but my comp is on 24x7 anyway.
If you insist on VPN then as long as you can configure the default route and you have a device that can route properly you can build it. Probably best to have a small Linux VM to act as the NAT gateway and add some IPTables rules to masquerade for you.
1
u/BornToReboot 6h ago
It’s possible, but there are few things to consider.
If your company uses conditional access policies with geographic restrictions, the moment you turn on your computer, the apps will start connecting to the internet. This activity is automatically flagged and visible to the IT team.
Even if your internet disconnects or you experience any kind of network-related failure, the IT team can still detect and identify it.
Better keep your laptop home and remote access to it .
1
u/SlinkyAvenger 4h ago
That's the reason for the travel router, to be the only known wifi network to the computer and keep the VPN tunnel transparent to it. IT can detect and identify what exactly?
Also any IT team monitoring for geolocation is not going to allow a fucking remote access tool on their machine, plus it'd produce access logs on the machine itself.
You're new to this, aren't you?
1
u/BornToReboot 1h ago edited 1h ago
I’m actually referring to Microsoft 365 and Entra Conditional Access policies. The organization in question might be using the Microsoft 365 platform, and if that is the case, the logs should definitely be available. They would capture details in situations like a network failure and subsequent reconnection, especially if Outlook or Teams were running in the background. This only applies if the user had previously connected to a local Wi-Fi network or OP enabled Wifi Auto connect.
1
u/Much-Huckleberry5725 6h ago
Set up a ubiquiti cloud gateway at your house. Then setup a WireGuard server on it. Get a GL travel router and set it to use the WireGuard server as a VPN.
Bonus if you get a static ip for your house.
1
1
u/Sufficient-Ocelot-79 3h ago
I have a router that has a built in VPN, I can connect to it from anywhere and it will say I'm at home. I'm not sure why you need the travel router, to me that seems like it's just adding in another step in the connection that is going to slow everything down
1
u/AardvarkIll6079 1h ago
You know if your employer isn’t setup for people working outside the US (tax wise) you’re committing fraud, right? You’d be fired…or worse…if caught.
1
u/Budget_Putt8393 7m ago
MDM software often reports location info, this can include GPS if the laptop has a cell modem, even if the cell connection is not active/used.
MDM can report active RDP sessions. I would have an IP KVM so you look like a physical keyboard and mouse.
9
u/getoutmining 10h ago
I'm not IT but I would leave the laptop at home and remote into it.