Working Remotely Using Beryl Masking Location


I will soon be living in SE Asia but still working for American companies.

My planned network would look something like this:

SE Asia ISP/HOTEL WIFI or WAN ~> Beryl (OpenVPN - Proton VPN USA Server) ~> My Wired/WIFI Laptop forced to use Cisco AnyConnect 4.9 client to connect to corporate network

  1. Will the Cisco AnyConnect client on my laptop connected to the Beryl be forced to go thought the USA Proton VPN thus giving me a USA IP address origination? Basically, will connecting to the corporate network over my Beryl possibly reveal my SE Asia IP / location?

Internet kill switch will be enabled on the Beryl

  1. Can I setup a policy so my Kids wifi devices go straight out bypassing the OpenVPN?
    I am assuming no, since I will be using the internet kill switch. Do I absolutely need the internet kill switch to achieve question #1 or would some routing policy work instead.

Thank you (khob khun krab)

1 Like

I would not use a public VPN service if I was trying to fool an American company who has a IT department. There are lists of IP addresses that originate from public VPN companies which your IT department may have access to. I would use my own VPN running from a VPS cloud account (Google, Oracle, DreamHost, …) or better yet, find a friend or family member who will let you put a GL iNet system at their place and use it as a VPN. I am doing this using a AR300M at a relative’s house so my work/banking/government/… traffic looks like it is coming from a US based home IP address no matter where I am in the world.

On your questions:
#1 All your traffic should look like it is coming from Proton VPN. They should not be able to tell that you are coming in from an Asia IP address, but they may notice that your connection is not direct, by looking at number of hops or mtu size.
#2 You may be able to setup a bypass for your kids WIFI devices from the OpenVPN, but this is something I have not done on a GL iNet router. If I was worried about security for your American company, I would use a dedicated GL iNet router for my work and purchase a second router for the family, and setup two different WIFI networks in your hotel, using one only for work and one for everything else.


VPN policy will work regardless the kill switch. So your scenario for your kids should be OK.

As you are using double VPN, i.e. your AnyConnect tunnel will protect you from the public vpn, so it is OK to use.

But as @eric said, it is always better to use a private VPN if you have.

@eric I had not even considered a private VPN. Its a great idea, and I will set one up. Just need to figure out how to report WAN IP address changes at the family members home. Thank you for your reply. I agree on the dedicated router as well for the family / smart devices.

@alzhao Thank you, a private VPN seems like an excellent thing to have. I assume the Beryl router can email via smtp if it detects WAN IP changes VPN status etc?

Setup a DDNS service. It is the easiest. You can easily do that in luci.

1 Like

Yes it can if you install necessary software package. We use email to forward sms in our 4G products.

Can you please tell me how did tou use gl inet system as a vpn?

Well, double posting isn’t useful.

But the idea is that if a US location is allowing logins only from US IP addresses, you want to appear as if you are coming from a US IP. So you put your router in a US location with internet access out.

Then you setup that router as an OpenVPN server, with an address that you can reach. From your local connection, you make a connection to the OpenVPN server, and then from your local connection, you connect to the US company.

Or, you could do the same using a VPN service with a US connection.

Better yet, you could tell your employer what you want to do and avoid fudging it.

Hi, I seem to be in a similar situation here so I was just wondering if you worked it out? Which method did you use? And has your employer figured it out that you’re using a vpn? tyty