Im very new to networking so I cant really get my head around how it works.
I have a Unify network with a synology nas with a few Docker applications I want to access remotely sometimes.
I use a unify router with teleport on my phone to connect to my home network remotely and this works good enough for me.
Now I want to do the same thing on my work laptop. But the problem is I cant install anything.
Is there a way to create a site-to-site VPN to my unify network with only the browser or something?
P.S. My worklaptop also has FortiClient VPN installed but I dont think I can enter my personal vpn network there.
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I might be mistaken, but you don’t wed a Site-2-Site VPN
A personal VPN e.g. WireGuard to your controller will be totally fine. Configure it, so it does not route all your traffic through the VPN then you should have exactly what you want.
Not going to happen. You might be able to get it working by putting a travel router with OpenVPN upstream of the laptop and running it on there but that would mean the firewall on the laptop was allowing network access on untrustworthy networks so is something they should close down on you.
What’s the reason to VPN your work laptop to your home network?
My ignorant knowledge of work laptops is I assume they’re tracking everything I do, so VPNing to my home or accessing my personal files sounds opposite to what I’d want to do.
Yes, this sounds like what i need. Sorry if I mixed up the terminology. I tried wireguard and it doesn’t look to difficult to setup. But it requires an installation on my laptop that is not possible.
I want to access my home applications such as home assistant, sonarr, radar.
There are other ways to make those applications available to the outside world but a vpn is the easiest as you dont need to open all kind of ports per application.
Yeah you really shouldn’t do this, you are looking to bypass your orgs security and are possibly opening a breach vector for your org. Depending on where you work of course. In my current organization use of org owned equipment to access non org related things is against the AUP and very actionable. This would for sure shown up in most SIEM tools. You wouldn’t even make it that far where I am as DarkTrace would lock your machine down. Best to leave work stuff on work computers and personal stuff on personal computers.
Just look at the recent Disney breach, caused by an employee playing BeamNG on their work laptop.
If you’re unable to install anything on the company laptop and you don’t want to open ports then look at Cloudflare Zero Trust. You can set up individual sub-domains per application (ie sonarr.myhome.network) without opening up ports on your router.
Obviously they are publicly accessible but you can set up an auth layer on top which you can set to only send an access code to your email address.
You need to own a domain name and go and set up each application in Cloudflare but it’s pretty easy and gives you remote access to that app.
This is beyond my regular expertise now, so please view this a theory crafting.
Your controller can also do different VPN services.
Windows has build in VPN, I would assume that there is a way to configure a VPN profile using the windows build in tool.
Something, Something, „L2TP“ if I recall correctly.
But I assume this is not an easy to setup solution.
Maybe speak with your IT Team if you are allowed to use OpenVPN or WireGuard.
Maybe there is also an option to use FortiClient to connect to your home network aswell, but I have not enough expertise on that topic.
Best of luck, but you company might have a problem with that aswell, as it inherits the risk of you putting company data on your personal storage server. But when you are allowed to connected massively storage devices like external harddrives that’s probably not their primary concern.
Even if WireGuard is installed for OP, there are some workarounds needed to work on a user account. Because WG installs a network adapter on connect and that is usually forbidden for non admins.