Update: the question is, my work doesn’t require me to use a private VPN when working. So will it be necessary for me to use a vpn when traveling overseas and not get caught?
Your post appears to be a very commonly asked question or thread here relating to VPNs and/or hiding your location. Please check out the VPN Wiki for common answers to these common questions. You can also find other recent posts related to this topic here
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
I work in cybersecurity. It’s a basic function of ms azure / office 365 to track the IPs that users login from. It’s the same with company vpn connections. If the connecting IP address is in another country, we get alerted and investigate with the manager of the user. Usually employees need permission in order to work from another country, so if they don’t have permission and don’t use a private vpn to pretend they’re still in country, they can get in trouble.
Ofc every single time. Its not about tracking. Its about maintaining security by passing all traffic via the company’s infrastructure. Its the no.1 rule you learn on the 1st day at the company. You dont ever every do anything when turning on the laptop before connecting to the VPN.
I don’t think it’s the thought that one is being tracked. It may be just a (sensible?) safety precaution or a hard requirement.
- You may not be actually allowed to work from the country they are in, To hide that, you may use a VPN.
- You may want to ensure that the admin that runs the wifi in the café you work from cannot see anything, even if you have an unencrypted connection (nowadays very seldom the case).
- Your work may force you to use a VPN, e.g., to get into the internal network.
- Data protection laws may be relevant for work with certain clients, requiring you to use a VPN to the country of the client.
- Probably lot’s more reasons.
Your company uses cloud only apps or that’s all your job requires, nothing on premises that needs a secure tunnel back to the office/datacenters. Those apps also know where you’re connecting from. The question is how much do they care. Will the information be at their fingertips? Yes.
When I’m travelling, I don’t NEED to use a VPN for all of my clients - I’m a consultant (so I am my own employer) and most of my clients are multinational in nature anyway, and I’m always upfront with them that I’ll be traveling and working for X period.
Having said that, I route all my traffic through my travel router to my router at home via WireGuard as a matter of habit, because a) it removes the need to remember which clients have geo-sensitive systems and b) it obfuscates all of my traffic that otherwise might be at the mercy of whatever ISP / hotel WiFi provider I’m using at the time.
Even if you’re not hiding what you’re doing, you should be using a VPN when travelling.
Did you setup the network? No? So do you know who’s sniffing packets on it? If you’re staying in an AirBnb and hotel, do you know who stayed there before (and had access to the network)? What might they have left?
Makes sense. Thank you.
And if they use a residential ip (dual router setup) with wireguard, how hard is it?
I guess I worded my post wrong. I was asking why people who do DN need to use a VPN. My work doesn’t require me to use a private VPN, so if I travel, would I be able to get away without needing a VPN?
or they are worried about advanced persistent threats actors that could sneak in with you
The short answer is you can still be discovered the longer answer is with examples such as defense companies, certain government entities, FAANG, companies that actively monitor MTU packet size and traffic patterns may still discover it, at the end of the day it comes down to good opsec for yourself and understanding the configuration, limitations and what it is you require.
However many places are also don’t ask, don’t tell it depends on if it is currently under attack by ATP’s or if it’s merely tax if latter they rarely care or look for tell tale signs.
Similar if your setup includes a USB device with a identifier code that is plugged in to a corporate device on your home internet where you remote in to your router and then to the device that is plugged in you can get discovered basically how they caught this guy “How a North Korean Fake IT Worker Tried to Infiltrate Us (knowbe4.com)” (albeit the full scenario sounds like a marketing ploy)
Does your employer allow you to work from anywhere in the world?
Many people are only allowed to work remote from their country. A VPN allows them to potentially mitigate the risk of getting caught if they choose to work abroad without informing their employer.
If you are asking if it is possible to work remote from abroad without using a VPN, of course it is. It is just much less secure, even if your employer is OK with you working abroad.
Interesting. Could you expand on how they can find you via MTU packet size? What if you set the size at each point, could that prevent it? Also, ever thought about doing an AMA here lol?
Yes, 3 months per calendar year. But I’m going to be overseas for 7 months.
To answer in simple terms, WireGuard traffic behaves like WireGuard traffic and therefore is different then traffic that would not pass through your WireGuard endpoint, (relay) and WireGuard server.
There is no obfuscation by default in WireGuard as it was never prioritized it is a packet header matching if you look at it at the bone.
Are there options to obfuscate or methods to mix things up if there was a use case for it? For sure.
AstroRelay (can convert WG traffic to other protocols)
UDP2RAW (WG to UDP making it look like normal UDP)
ShadowSocks
GetOutline
TunSafe…
Now are you fully safe after you have done the obfuscation above? Short answer is no, long answer is you can still be discovered if whoever is employing deep packet inspection which is also common for certain employers.
I might do an AMA in the future!
In that case, if you don’t use a VPN, it’s going to be trivially easy for them to know that you have exceeded your allotted three months.
A benefit to using a VPN the entire time would be that they would have a more difficult time knowing when you entered and left the country, especially if you use the VPN starting immediately in your country and continued to use it indefinitely definitely.
How to use a VPN and what you need to do to make yourself as secure as possible as most commonly discussed thing on this sub, I would recommend using the search function to thousands of thousands of comments discuss this scenario.