I do all my work on a VM which I login to using my company laptop.
My employer has restricted “VM/Teams Login portal” access to Canada only, but after setting up (GL INET+Wireguard Server in Canada) I was able to access and login on iPhone in a different country.
I am now planning to setup a GL Inet router as a wireguard client in the different country, so that I am able to work from a different country, while my employer thinks I am in Canada. There are no VPN restrictions/blocks legally in the different country.
On my employer laptop, the employer has enabled “windows location services” with message “some settings are controlled by administrator”.
My question is after I connect work laptop to WireGuard Client GL INet router using LAN and turn off Wifi (turning off so that Microsoft location services is not able to detect location Read Windows location service and privacy)
Can my laptop or microsoft location services still “know” the IP of the main router that my GL INet router is connected to?
Is there any other way that my employer know my location (my laptop does not have GPS) IF I am connected to wireguard server in Canada securely using GL INet router as a Wireguard Client?
There are many ways to leak information. Microsoft, Google, Apple and other 3rd party security software keeps changing and getting better. A few things to look at. First, on your travel router, how are you planning on connecting it to the router where you will be staying. Very often I have to turn off my VPN and DNS settings on my travel router to connect it to the router at the place I am staying, which gives away my IP location until I can get my VPN turned back on. Will you carry a separate system to do the initial connection?
Do you share any accounts between your phone and your PC. Unless your phones stays in Airplane mode the whole time with all radios off, while you travel, it knows where you are by the location of the cell towers and by WiFi access points, including the ones you don’t log into. I have given up on hiding from Google, as I use an Android phone with the same Google account as I use on my PC, and Google seems to be using my phone as my location for both devices. Do you use Microsoft OneDrive, Office or any other Microsoft app on both your phone and work PC?
There is a huge amount of work going into Bluetooth Location Services. Just look at all the people using Apple’s AirTags, so along with turning off WiFi, you probably don’t want to run Bluetooth.
Can you get away with this? Maybe, but is it worth loosing a job for?
Thanks for your reply and advice, Eric. One of my parents is not well actually in India, and they need me.
If I was caught working in India, they will first give me a warning and call be back.
If I still don’t comply they will move me to a different department with a lesser salary.
I plan to use “VPN Kill switch” which kills internet connection if VPN is not present. Also I plan to install two servers and two clients. Would this help me solve the problem …?
I will make sure Bluetooth is off as well, thanks for the tip.
Teams, zoom and outlook are the only apps common between work PC and my iPhone. But looks like none of them have access to cell towers or nearby access points.
I enabled the tunnel to my Wireguard server as soon as I came to India, and many people frequently travel without any tunnel enabled, on the phone.
Now, I can
Either send my phone back to Canada with someone to my home (going thru the access points and cell towers) and keep it on charger for always. And buy a minimal personal phone here.
or
Just remove the work account from phone and continue to use it personally.
Which one is better in your opinion?
Also, I am just enabling wireguard server and wireguard client, not updating DNS addresses in particular.
Why do you need to often turn off VPN and what kind of DNS settings do you change?
Multiple people have reported that Microsoft teams and Office 365 for business both use location services and people have been busted for traveling outside of their area using them.
On the phone, and the same goes for your computer, if you really need to hide, I would recommend having a personal phone and a personal computer, that you use for setting up your router, and for all non work activities. Only use your work phone and work PC for work. Some people have posted that on their work phone they use a USB to Ethernet adapter, so they can use their work phone without Bluetooth or WiFi, and leave all radios off, but I have not tried this.
For me, I use my own PC so I can turn off locations services and I don’t have to worry about 3rd party tracking apps. Having a US IP address makes banking, buying stuff, streaming, and dealing with US Government agencies much easier for me if they think I’m in the US. As my job does not depend on it, I don’t need to be perfectly hidden.
Using a kill switch is a must, and having a backup VPN server is a good idea. My physical VPN server is a GL-AR300m at my family’s house in the US, and my backup VPN servers are on US based cloud VPSes. Most of the time I’m using the cloud server VPN so I don’t have to run streaming data through my family’s router, but for the important things like banking and any US Government sites, I use the physical VPN so I have a US home IP address.
On turning off VPN and DNS options: If the place I am staying requires me to log into a captive portal, having VPN on any of the DNS options turned on can get in the way of the captive portal. I leave my VPN off to test that I can get to a remote site before I bring up the VPN client to reach my VPN servers. On DNS, in your Wireguard client config, I would put in the address of a DNS server that is located in Canada.
Thank you for your help again. I am buying a new phone and found “Duo” and “Microsoft Authenticator” being used in the current phone.
Although it will require a call to the IT Help desk, I will get them moved to the new phone.
I feel like I might miss some context, but I have a “main router” that is exclusively for work and no one will connect to. So my work laptop only stays connected to travel router via VPN, and that VPN is expected to be always ON.
The way I am connecting is that I am using a work laptop to connect to a work VPN. I have always used both for work only while I was in US.
While I was in aircraft, I switched off laptop wifi and never turned back on.
I see… I use an iPhone and the apple account is very different from Microsoft account I use to login to the VDI. There is no trace of that account on my work machine, I have never used it.
Okay… I am not entirely sure if I need to set the DNS server, considering that the config generated by my Wireguard Server at home already contains the DNS Addresses and When I search for “What is my ISP”, the link shows me the ISP of my home router. Should these suffice to ensure DNS working okay?
I want to understand what you mean here. The process of connecting new travel router to WAN of main router and then “enabling” the VPN and Kill guard right?
After which I will just connect the LAN of travel router to ethernet of the work computer… correct?
If you are using the iPad to connect to work, be it your VM or anything to do with your work MS Team account or any MS work account, then I would not want the iPad to connect via WiFi.
The best rule is to keep your work systems fully isolated from WiFi, Bluetooth and cellular. The less systems that you use to access any of your work accounts, the easier it will be to secure these systems, and you will be less likely to leak your location data.
Makes Sense. What solution do you use for phone calls?
We need to use “enter phone number and connect thu that” option of zoom and teams to be able to take calls.
I have a windows laptop provided by work. I’m not an administrator on the machine. Location services is turned ON. I can’t turn it off, but I can turn off Wi-Fi & Bluetooth radios. Can the laptop location services still use Wi-Fi & Bluetooth to determine location even when radios are off.
You reduce the risk considerably by turning off Bluetooth and WIFI, but depending on what applications your management loaded on your PC, it is not fool proof, unless your Bluetooth and WIFI have a physical switch, which is not common anymore.
Remember that whatever you turn off by software can be turned on by software. This is why there is a sticky note over my camera
It’s okay. I have high demand skills and can take the risk. They already got me once. I think they may have got me from work phone. I kept cell radio running for few mins. Even though I had updated all the privacy settings to disable location (including Find my IPhone). It still updated the timezone for few seconds I turned on cellular radio. Damn Apple.
Now I’m gonna use Ethernet to lightning adapter and forward calls.
