My company’s official policy is that I am not allowed to take my work hardware outside of the country. I do not work on anything highly secure, but it is simply a company wide blanket policy.
I’ve been WFH from the start of COVID. I was wondering if using a double VPN could hide my location if I want to work outside the country briefly.
Here’s my imagined set up.
Use a “travel router” configured to VPN into my home from elsewhere.
Connect to the travel router with my work laptop, which then uses its software VPN client to connect to my company VPN.
I’m hoping that my work won’t know that I am outside the country. They would think I’m connecting to their VPN from my home, since that’s where my travel router would be VPN’ing to.
Is my understanding accurate?
Can my work still identify that I am outside the country?
Are there any other solutions for what I want to do (work from outside of the country) that could be better recommended?
Edit:
I have an Ubiquity UDM-SE running a wireguard server at home. While traveling, I connect back home from my travel router, a GL-iNet Beryl AX, which is capable of connecting to another wifi network (phone hotspot, password protected network, etc). Apparently it is possible to also connect to networks with login portals by taking a few more steps as a workaround, but I haven’t been able to do that yet. I just have used my phone hotspot in those situations till now. My work laptop then uses Cisco any connect or Palo Alto global protect VPN to connect to the work network, prior to which it shows my home IP as its IP. I have location services turned off, as well as wifi and Bluetooth turned off. I connect to the travel router from my work laptop using Ethernet.
My company’s official policy is that I am not allowed to take my work hardware outside of the country.
While a VPN has a great many good uses, and otherwise uses, violating company policy might be a bad idea for a variety of reasons, including confidentiality of your company users, leaking customer private information, etc.
So with that said, even as somebody who owns a VPN provider myself, I generally don’t recommend people use a VPN to violate their company work policy on company hardware. Those generally exist for good reasons and those reasons often protect the privacy of everyday people like you and me.
Yes, that would not than likely work, though if someone really wanted to, they could use a trace route on your laptop to potentially find out that you’re not in the country
However, yes, the routing would go as you described
But most importantly, as someone who works in this sector, don’t do it. The policies are in place to protect you and the company, if you go somewhere and lose your laptop, you’re fucked
It will probably work but there are ways you could be exposed is it worth your job? Another alternative is to leave the PC at home and remote into it if you’re allowed RDP, obviously securely access another machine on your network and RDP from that or else you’ll be spotted as away.
All in all seems an awful lot of trouble to go to to maybe a lose a job.
Worst case: you will lose your job. Why not discuss this with your manager/HR. I’m sure they would understand if you have a genuine reason to work remotely.
When you connect to the company network, what is involved in the device compliance check? Check that to ensure that no other location services are checked as well.
If you connect to a VPN, there’s a quick test you can do to see if it’s working. Ipleak.org and ipleak.net offer free tools for verifying your IP address, DNS requests and WebRTC information (basically, everything a VPN covers up). Connect to your VPN, run the tests on one or both sites and verify that the information is different. As long as it is, your VPN is working as it should.
Hey did you figure out a solution to this? I’m looking to address the same thing. My work uses Cisco Anyconnect and I was looking at Gi. Net Travel routers to do the VPN from my location to home? Please PM me if not comfortable publicly posting? Thanks
I suppose I could disable WiFi/GPS/Cell/any other chips on the laptop using device manager. I guess I was wondering if from the work laptop’s perspective I would just be connecting from my home since it shouldn’t have any reason to think otherwise.
Latency and other advanced software analytics isn’t something I can control though I suppose.
Company would know I’m RDP’ing to my work laptop consistently so that would raise suspicions. Plus if my computer ever turned off or had some kind up update/weird issue I wouldn’t be able to resolve it remotely.
I have discussed before. They had looked into the official policy and got back to me saying I’m not allowed to take company hardware outside the country, but without a full detailed reason why, but stating it may be due to taxes.
What do you mean? My work VPN for example would be Cisco AnyConnect/Palo alto GlobalProtect. My goal is so that there is no reason to think that I am connecting from outside of the country. My actual location should not be revealed to my work. They should think I’m connecting to their VPN from home.