Anyone have any experience using WG tunnel with Netskope clients on the work laptop?
Can you still obfuscate location if connected via ethernet through a WG tunnel back to the home location?
work laptop with Netskope client -- eth – Beryl WG (Remote location) — WG Flint (Home Location) – Internet
Thanks
Hi,
From an IP address perspective, yes—your current setup allows the remote server to see only your Home Location IP address.
However, we’re not sure whether Netskope running on your laptop might use other methods to detect and report your location to the remote server.
We recommend disabling features such as Wi-Fi, Bluetooth, GNSS, and cellular (if available) on your laptop to avoid potential location leakage.
(We’re not experts in Netskope, so it may be helpful to wait for others to share their experiences as well.)
Thank you Will.
I’ve tested this with my Slate running GL-AXT1800 v4.8.3 and it works, meaning the netskope tunnel from the client laptop is running inside my Wireguard tunnel back to my Flint1. DNS shows the server side location currently. So that is good 
I have yet to travel back to Europe and try this from EU to US.
There is some concern that the netskope tunnel might try to apply latency based logic, which may cause it to choose an exit closer to home, which would then pop out in the EU…. of course, that would be a bad thing.
Will keep you posted in case it helps others here.
Thanks
From a routing perspective, Netskope won’t be able to see the local servers as ‘closer’ as you are forcing your traffic over a VPN that comes out in the US, so the latency back to EU again would be worse. As long as traffic is forced down the VPN it has no way to see the other locations as ‘closer’.
To Wills point, the network side of this is not really the concern here. More that there are other metrics that Netskope may be able to use from the computer itself, like timezone, wifi neighbours etc that determine the laptops physical location outside of where the IP address is ‘located’.
At the end of the day geolocation data for IP addressing is just manual records an ISP created against their IP space to say where it is, it is not a reliable indicator of location as this could be totally made up information. Any software that cares about locations will be looking deeper than this to something that actually is properly location based where possible from the hardware itself. If Netskope does this or not someone else may be able to answer.
Yes, good point and thank you.
I think turning off WiFi is a big one but I’ve never turned off Bluetooth before over the years of travel and been ok. I don’t think that MS Authenticator on the cellphone is using location services.
So many threat vectors 