I keep running into an issue where I’m manually adding an IP to a server, or getting some third party to whitelist some IP I use.
I’d like to find a solution that gives me access to the same static IP nowhere I am. My first guess is that I should request a static IP and a create a tunnel to our network hardware. I’m at small (tiny) shop and don’t really have the time or resources to manage something, and would prefer to throw my bosses money at my problem.
Any suggestions for an alternative? A Proxy or VPN service that everyone loves?
Can you not get a static IP from your ISP? or are you looking for a mobile solution?
If you’re mobile, some VPN services can give you a static IP. You could also get a virtual server instance (try www.linode.com) and setup a VPN server on it.
Just get a static IP from your office ISP and set up a VPN server. You can either use your firewall itself (depending what you have), or a server behind it (Windows, Linux, Mac, doesn’t matter. They all have native VPN server options). The setup and management would be extremely minimal.
Install an agent on the server you need available and on your laptop. These agents connect to your wormhole virtual network (we call it “hub”) and they’ll see each other in a 100.64.0.0/24 network. You’ll be able to connect to your remote server always with the same IP, regardless of where you are or where the server is.
No need to open firewall ports or configure anything else. It just works.
For home I am now using Google DNS with a dynamic a record and softether for vpn. I used to use DuckDNS and softether.
For work I suggest getting a static ip from your provider, then whatever vpn is available. I like softether, but my Watchguard’s include several options for mobile vpn.
Can you use a dynamic dns service and access the server the allocated host name instead? My router will update the ip automatically with all the major dynamic dns services.
I would also recommend a linode type hosted VM whonwill give you a static public IP in the cloud. This ‘jumpbox’ method is very common and scales well with the business as you can add additional engineers to that box without having to ask customers to open more IPs. It also goes down well with security auditors as you have a machine dedicated to customer management that you can lock down, keep well patched etc. Not sure about Linode, but with the likes of AWS or Azure you could have a 2FA logon to a Windows a remote Desktop Server, again upping the security without really inconveniencing you.
Here I was typing a response about yet another fly-by-night VPN operator squatting on IP space, then I actually ran whois 100.64.0.0 and got a nice bit of context:
NetRange: 100.64.0.0 - 100.127.255.255
CIDR: 100.64.0.0/10
NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
NetHandle: NET-100-64-0-0-1
Parent: NET100 (NET-100-0-0-0-0)
NetType: IANA Special Use
OriginAS:
Organization: Internet Assigned Numbers Authority (IANA)
RegDate: 2012-03-13
Updated: 2016-04-11
Comment: This block is used as Shared Address Space. Traffic from these addresses does not come from IANA. IANA has simply reserved these numbers in its database and does not use or operate them. We are not the source of activity you may see on logs or in e-mail records. Please refer to http://www.iana.org/abuse/
Comment:
Comment: Shared Address Space can only be used in Service Provider networks or on routing equipment that is able to do address translation across router interfaces when addresses are identical on two different interfaces.
Comment:
Comment: This block was assigned by the IETF in the Best Current Practice document,
Comment: RFC 6598 which can be found at:
Comment: http://tools.ietf.org/html/rfc6598
Using designated IP space for its intended use.
Good on you sir/madam… Good on you.
Eh, I’m open to getting a cheap server, but it is just a matter of configuration time. All technical stuff goes through me, and the more time at a terminal, the less time elsewhere, really. So I’m trying to buy services that I don’t have to think about, or that I can hand off when I get some extra help.