I will soon be living in SE Asia but still working for American companies.
My planned network would look something like this:
SE Asia ISP/HOTEL WIFI or WAN ~> Beryl (OpenVPN - Proton VPN USA Server) ~> My Wired/WIFI Laptop forced to use Cisco AnyConnect 4.9 client to connect to corporate network
- Will the Cisco AnyConnect client on my laptop connected to the Beryl be forced to go thought the USA Proton VPN thus giving me a USA IP address origination? Basically, will connecting to the corporate network over my Beryl possibly reveal my SE Asia IP / location?
Internet kill switch will be enabled on the Beryl
- Can I setup a policy so my Kids wifi devices go straight out bypassing the OpenVPN?
I am assuming no, since I will be using the internet kill switch. Do I absolutely need the internet kill switch to achieve question #1 or would some routing policy work instead.
Thank you (khob khun krab)
I would not use a public VPN service if I was trying to fool an American company who has a IT department. There are lists of IP addresses that originate from public VPN companies which your IT department may have access to. I would use my own VPN running from a VPS cloud account (Google, Oracle, DreamHost, …) or better yet, find a friend or family member who will let you put a GL iNet system at their place and use it as a VPN. I am doing this using a AR300M at a relative’s house so my work/banking/government/… traffic looks like it is coming from a US based home IP address no matter where I am in the world.
On your questions:
#1 All your traffic should look like it is coming from Proton VPN. They should not be able to tell that you are coming in from an Asia IP address, but they may notice that your connection is not direct, by looking at number of hops or mtu size.
#2 You may be able to setup a bypass for your kids WIFI devices from the OpenVPN, but this is something I have not done on a GL iNet router. If I was worried about security for your American company, I would use a dedicated GL iNet router for my work and purchase a second router for the family, and setup two different WIFI networks in your hotel, using one only for work and one for everything else.
VPN policy will work regardless the kill switch. So your scenario for your kids should be OK.
As you are using double VPN, i.e. your AnyConnect tunnel will protect you from the public vpn, so it is OK to use.
But as @eric said, it is always better to use a private VPN if you have.
@eric I had not even considered a private VPN. Its a great idea, and I will set one up. Just need to figure out how to report WAN IP address changes at the family members home. Thank you for your reply. I agree on the dedicated router as well for the family / smart devices.
@alzhao Thank you, a private VPN seems like an excellent thing to have. I assume the Beryl router can email via smtp if it detects WAN IP changes VPN status etc?
Setup a DDNS service. It is the easiest. You can easily do that in luci.
Yes it can if you install necessary software package. We use email to forward sms in our 4G products.
Can you please tell me how did tou use gl inet system as a vpn?
Well, double posting isn’t useful.
But the idea is that if a US location is allowing logins only from US IP addresses, you want to appear as if you are coming from a US IP. So you put your router in a US location with internet access out.
Then you setup that router as an OpenVPN server, with an address that you can reach. From your local connection, you make a connection to the OpenVPN server, and then from your local connection, you connect to the US company.
Or, you could do the same using a VPN service with a US connection.
Better yet, you could tell your employer what you want to do and avoid fudging it.
Hi, I seem to be in a similar situation here so I was just wondering if you worked it out? Which method did you use? And has your employer figured it out that you’re using a vpn? tyty
How can I override geolocation from the router by VPN? Because when I install VPN on my glinet router, it changes only IP and IP location. I can’t turn off my work laptop geolocation nor I can’t install the VPN app on my laptop. How can I adjust the overriding geo-location with VPN service from the direct router?
Well, your laptop does not have any geolocation or IP address exposed to the outside world as such. All your laptop can connect to is your router and it is only your router IP that is exposed to the world wide web.
Thank you for explaining well. Do you mean the company can’t locate the laptop location outside of my home, if I connected to my home IP? Because I see in Windows 11 there is a location function that I can locate myself on Chrome and other required places. Even though I turned off location features from the right side features in Windows 11, I still see IT admin can manage this section.
There are many ways to track your location. Bluetooth or WIFI can give your location away, so you need to turn all radios off on your PC, which may not be possible if you don’t have full admin privileges.
Your phone may give away your location even if you are using a VPN on your PC. If you log into Google or Microsoft on both your phone and your PC, then your they will look at your phone location.
It is possible to hide, but it’s not easy or fool proof.
If your company manages the laptop (ie, they have remote login and unknown security software installed) it becomes much more difficult to mask your location.
I think you would need to physically disable, that is disconnect, the wifi and bluetooth on your laptop if possible. You would also always want these features turned off. You’d likely have to google repair manuals for your laptop to get an idea if this is possible and then bring your work laptop into a computer repair shop with the specific request of disconnecting various antennas and the components as much as possible.
Geolocation will often work by scanning nearby wifi networks and bluetooth signals. For example, googling quickly reveals: HOW APPLE IS TRACKING MY iPHONE! - YouTube
You’d then need to connect to the internet via an ethernet adapter plugged into a usb port on your computer.
With wifi and bluetooth disabled, and then a VPN setup (connected) at the router level, not at the computer level, I think that would largely be sufficient. But if you’re trying to hide your location from an employer, failure is not an option. You’d want multiple backup VPN servers.
I’m not sure what else I might be overlooking.
I’ve disabled all location features on work iPhone. Everything EXCEPT find my iPhone is disabled. Yet when I change time zones, work iPhone updates the time zone.
Setting time zones is controlled by administrator. But I have disabled location permission for time zones.
Any ideas how and why iPhone is grabbing location