Need a way to reroute traffic through work internet

[Lauen]

Hi guys, I looked through a few pages of threads but couldn't find a fit for my problem. 

 

My job requires me to be available to log in to certain sites at almost all times, regardless of where I am. These sites are management sites for alarm systems in municipal buildings. Some of these sites are starting to get serious about security and as such are now whitelisting IPs and trying to keep that list as short as possible. My office is whitelisted, along with my higher ups office and the municipal building for whatever site it is. 

 

I now need a way to route internet traffic through the internet at my workplace (VPN?) which only my colleagues and I will have access to so we don't have to drive to the office to do small tasks if we are at another building. It can be a 4 hour drive to get back to the office. 

 

At the office we only have a few laptops for work and some real old desktops of questionable performance, and as you might suspect with municipal work, we don't have much of a budget either. I've heard of OpenVPN and WireGuard but those seem to require me to set up a Linux server, and I have minimal experience with that. We've tried just using TeamViewer but with old copper based internet that is too far from the nearest node to get past 20/2 megabit, TeamViewer was very slow and unresponsive, plus I have 3 other colleagues that will need access and TeamViewer's licenses are quite expensive. 

 

If I have to use OpenVPN or WireGuard, so be it. But I can't quite make sense of the setup so it would be great if anyone could clarify it for me. 

 

 

 

TL;DR: I need to reroute traffic from a few laptops through slow office internet, preferrably cheaply and simply. 

[Skiiwee29]

If your connected to your work VPN, then all your traffic will flow through that VPN. Your company IT should have VPN software available to you or what you should use to connect to there network and what requirements they have. 

[ixi_your_face]

If you're able and there's no wierd IT-related rubberstamping or red tape, OpenVPN would definetley be your best bet if you had to set one up yourself. I would look into if your orginisation already has a vpn service available to other users within the municipality and hook into that. Added benifit of if something goes wrong, it's not your fault.

 

Example:

 

my old work was for local government; we used their VPN solution (Cisco AnyConnect) when working from home to allow us to hook into our support infrastructure on-site.

[WereCatf]

2 minutes ago, Lauen said:

If I have to use OpenVPN or WireGuard, so be it. But I can't quite make sense of the setup so it would be great if anyone could clarify it for me

If you have minimal experience with Linux, it's not going to be an easy or short task to get you up to speed. Wireguard would be the best option, since it's the fastest, most efficient VPN-tech available at the moment, but you'd practically have to know your way around a Linux CLI.

 

What routers do you have at work, though? They may have an option for setting up a VPN-server and that'd possibly be the easiest way of doing it. At least that's where I'd start from. If that's not an option, lemme know.

[Naijin]

8 minutes ago, Lauen said:

Hi guys, I looked through a few pages of threads but couldn't find a fit for my problem. 

 

My job requires me to be available to log in to certain sites at almost all times, regardless of where I am. These sites are management sites for alarm systems in municipal buildings. Some of these sites are starting to get serious about security and as such are now whitelisting IPs and trying to keep that list as short as possible. My office is whitelisted, along with my higher ups office and the municipal building for whatever site it is. 

 

I now need a way to route internet traffic through the internet at my workplace (VPN?) which only my colleagues and I will have access to so we don't have to drive to the office to do small tasks if we are at another building. It can be a 4 hour drive to get back to the office. 

 

At the office we only have a few laptops for work and some real old desktops of questionable performance, and as you might suspect with municipal work, we don't have much of a budget either. I've heard of OpenVPN and WireGuard but those seem to require me to set up a Linux server, and I have minimal experience with that. We've tried just using TeamViewer but with old copper based internet that is too far from the nearest node to get past 20/2 megabit, TeamViewer was very slow and unresponsive, plus I have 3 other colleagues that will need access and TeamViewer's licenses are quite expensive. 

 

If I have to use OpenVPN or WireGuard, so be it. But I can't quite make sense of the setup so it would be great if anyone could clarify it for me. 

 

 

 

TL;DR: I need to reroute traffic from a few laptops through slow office internet, preferrably cheaply and simply. 

What kind of firewall does your office use? (if any) I used to work for an IT firm and we'd use Fortigates for our customers. They can use split tunneling for a VPN connection, so company traffic is routed to the company, other traffic is routed to home ISP. What would also be possible is a full VPN connection for all traffic, you can manually select policies for certain traffic based on destinations.

[ObsidianAura]

Who's in charge of the it infrastructure there? I use a watchguard firewall with SSL VPN which has been useful, but I also have a remote desktop server for staff to use.

Why not spin up a remote desktop server if you don't have one, in these trying times its probably going to become necessary anyway.

[Lauen]

7 minutes ago, Skiiwee29 said:

If your connected to your work VPN,

My company is an independent contractor working with the municipalities in our area. There's no "call IT" as we're just 5 dudes who know how to solder and connect wires better than the janitors. 

5 minutes ago, ixi_your_face said:

If you're able and there's no wierd IT-related rubberstamping or red tape, OpenVPN would definetley be your best bet if you had to set one up yourself. I would look into if your orginisation already has a vpn service available to other users within the municipality and hook into that. Added benifit of if something goes wrong, it's not your fault.

 

Example:

 

my old work was for local government; we used their VPN solution (Cisco AnyConnect) when working from home to allow us to hook into our support infrastructure on-site.

I have complete freedom in HOW I set it up, really. There's no IT department over me. 

5 minutes ago, WereCatf said:

If you have minimal experience with Linux, it's not going to be an easy or short task to get you up to speed. Wireguard would be the best option, since it's the fastest, most efficient VPN-tech available at the moment, but you'd practically have to know your way around a Linux CLI.

 

What routers do you have at work, though? They may have an option for setting up a VPN-server and that'd possibly be the easiest way of doing it. At least that's where I'd start from. If that's not an option, lemme know.

The router is a Zyxel 8702 according to the config page. the config page has nothing about VPNs on it. 

3 minutes ago, Naijin said:

What kind of firewall does your office use? (if any) I used to work for an IT firm and we'd use Fortigates for our customers. They can use split tunneling for a VPN connection, so company traffic is routed to the company, other traffic is routed to home ISP. What would also be possible is a full VPN connection for all traffic, you can manually select policies for certain traffic based on destinations.

Just a built in firewall in the Zyxel 8702 router and whatever Windows 10 calls a firewall. I'm hoping for something so simple on the client end it'll be like PIA / Nord, just click "on" and it's on. 

 

4 minutes ago, ObsidianAura said:

Who's in charge of the it infrastructure there? I use a watchguard firewall with SSL VPN which has been useful, but I also have a remote desktop server for staff to use.

Why not spin up a remote desktop server if you don't have one, in these trying times its probably going to become necessary anyway.

There's no IT department over me. We're independent and have to find solutions on our own.

 

 

If I have to, I will sit down and set up a Linux based server, I just wanna know if I absolutely have to or not. and if I have to, how do I do it? 

[WereCatf]

4 minutes ago, Lauen said:

the Zyxel 8702 router

Oof, that's a pretty awful box. Looks like you'll need to set up a separate VPN-server, yes, though there are about a billion different ways of going about that. Do you have some budget defined? One option would be to just buy an appliance that'd offer VPN-service.

[Lauen]

2 minutes ago, WereCatf said:

Oof, that's a pretty awful box. Looks like you'll need to set up a separate VPN-server, yes, though there are about a billion different ways of going about that. Do you have some budget defined? One option would be to just buy an appliance that'd offer VPN-service.

I don't have a defined budget but as long as it's not in the hundreds of dollars range we could do it. If there's an option to just BUY a VPN service that lets me configure it to send traffic through the office internet without having to install a Linux server, that'd be great. Otherwise, WireGuard seems to be free aside from the labor of setting it up. 

[WereCatf]

3 minutes ago, Lauen said:

I don't have a defined budget but as long as it's not in the hundreds of dollars range we could do it. If there's an option to just BUY a VPN service that lets me configure it to send traffic through the office internet without having to install a Linux server, that'd be great. Otherwise, WireGuard seems to be free aside from the labor of setting it up. 

I'm a DIY kind of a person, all of my servers and the services I run (including both OpenVPN and Wireguard) are all set up by me, so I don't have any off-the-shelf hardware in mind I could recommend, but now that we have some idea of your budget, the other commenters may be able to recommend something. I know there are such options, I just haven't needed any personally, so I don't know any specifics.