Remote work from abroad
Closedbrupala Posted messages 111932 Registration date Status Membre Last intervention -
Hello,
I am an independent computer engineer (I am not an employee, I have my own company). I have long been looking for a fully remote job and I just found one. I am thrilled, I will be able to leave the Paris region and work near the sea in Portugal, Cyprus, Dubai, Brazil... It's going to be great.
Actually, no, not so much! I learned that I am only allowed to connect from France 
.
Hence the big question: I know nothing about VPNs, I just know that it can hide the location from which I work and make it seem like I'm in France, allowing me to connect to the network of the company I work for (a big account). I am one of their subcontractors.
Is that true? I connect via SSH (Putty), HTTPS, FTP, and I use Outlook for emails (remind me if there are others).
Can I connect to my client's network from Peru using a VPN? Are there any drawbacks besides the potential slowdown?
Note that our subcontracting contract does not have any clauses regarding remote work.
Please enlighten me.
Best regards
9 réponses
Hello,
a distant nat you mean then...
The VPN is what you use to connect to the company, I suppose.
After that,
to see why the client would limit access to their VPN to "French" addresses, it's completely ridiculous.
If it's essential, rather than using a commercial VPN, I advise you to rent a server in France and set up your own distant nat on it, you'll have better control.
And there you go....
But goodness, how annoying those line breaks are!!
Thank you for your response, but I didn't understand. Does what you call NAT allow me not to be detected if I work from abroad? Will I be able to use ssh to connect to a Linux machine at my client's?
Thank you
A NAT modifies your source IP address (in principle) in order to present another one to the machine you are connecting to, in case it filters it based on criteria that are not always clever.
Yes, SSH goes through a remote NAT, but it depends on the filtering policy of the server in question.
But still, SSH is a better alternative to a VPN and it has the advantage of being free; however, it does not change your IP address (either V4 or V6) by itself, that's not its purpose, just to encrypt the exchanged data.
None,
I told you to set up a personal server (VPS) in France.
For example:
https://www.scaleway.com/en/vps-signup/
https://www.ovhcloud.com/fr/vps/
It could also be with AWS (Amazon), Microsoft Azure, or Google Cloud, but it will be more complicated to get a French IP address with them.
You can also set up a small server at a friend's place :-)
And:
https://korben.info/comment-installer-le-vpn-wireguard-facilement.html
Hello,
Thank you for all this information. Do I need to install the WireGuard VPN on the VPS?
Could you please indicate all the elements that will be on this network? From the NAT, how do I create a link with my own PC? I'm a bit lost.
I'm in the same situation as Lemerz. I'm allowed to work from my personal PC, I've installed the company VPN on it. I work via a VDI (virtual desktop provided by my employer). I use VMware to connect to it.
You need to install WireGuard on the server and generate everything that needs to be generated, such as keys and tunnel addresses. You also need to install it on your client PC and retrieve the information from the generated conf files on the server to connect.
Get a basic VPS with Debian or Ubuntu and PiVPN, it’s pretty simple, the script is efficient and easily configures both IPv4 and IPv6.
PS,
You would have been better off continuing in the discussion you opened next to this one rather than in this one.
Hello,
I'm returning to this discussion because there is new information.
Just a reminder that I am a freelance IT consultant, and I have secured a contract with a major client who has agreed that I can work remotely.
I would like to be able to work from anywhere in the world, so I can combine business with pleasure, but I need to maintain a French IP address because my client does not accept connections from outside France with their VPN.
The new development is that the client has provided me with a laptop on which the applications I need are installed. So I need to use this laptop instead of my own.
Correct me if I'm wrong, but it seems to me that I have two solutions:
- configure a proxy in my browsers (Firefox, Edge, Chrome, ...). This solution is not possible because I do not have the necessary rights for this laptop.
- install a VPN. I am allowed to make installations, I can try it, but I fear there may be automatic scans on what is installed on the client's laptops. Therefore, I prefer to avoid it if possible.
Are there any other solutions?
Thank you
Hello,
The optimal solution would be for your client to provide their own VPN to their remote workers without applying any fake geo-blocking...
There is a third solution: connect the company's laptop to a router that will route the traffic to another gateway, the remote NAT (accessible through the VPN link). This involves no configuration on the company's laptop.
The router in question can be:
- A semi-professional router: Mikrotik, Ubiquiti, TP-Link Omada, ...
- A professional router: Cisco, Juniper, ...
- Any machine running:
- A software router: pfSense, OPNsense, VyOS, ...
- A Linux distribution
- Or even Windows
- This machine can be any computer, including a refurbished thin client (Optiplex MFF, Elitedesk, ...), a Raspberry Pi, or even a virtual machine on your personal computer.
Among these options, I recommend a Mikrotik.
If you don't want to buy additional hardware, then a VM on your personal computer.
Hello,
I'm in the same situation as Lemerz. I’m allowed to work from my personal PC, and I have the company VPN installed on it. I work through a VDI (virtual desktop provided by my employer). I use VMware to connect to it. I would like to use the VPS solution, but I'm not really sure how to go about it? Could you please show me all the elements that will be on this network? Starting from the NAT, how do I create a link with my own PC? I'm a bit lost?
Thank you for your response.
I'm not very good with networking and the lower layers, at what point in this setup does my IP address change to the target IP address;
If you have any links that show how the router and NAT work, feel free to share.
Thank you
The "logical" topology is quite simple:
- The VPN client is connected to two private networks, its LAN and the VPN, and in each of them, there is a gateway to the Internet. Its routing table is such that all its traffic to the Internet is routed through the VPN side gateway, except for the traffic destined for the public IP of the VPN server, which must go through the LAN interface (there has to be a real connection at some point...)
- The VPN server acts as a router between a private network (VPN) and the Internet. When it receives an IP packet from the VPN network to the Internet, it forwards it to its Internet interface and substitutes the source of the IP packet (a private IP in the VPN network) with its public IP. It is at this level that the public IP of the VPN server is lent to the VPN client through a NAT rule (snat / masquerade). This is exactly what your local router does (at least in IPv4).
In the "logical" explanation above, I do not detail the "physical" implementation by which the VPN server and the VPN client can communicate over the VPN network as if it were a real network. To understand precisely how the different hosts belonging to the VPN network can communicate as if they were on the same network, one must understand the concepts of routing, encapsulation, and that a network interface can be virtual (managed by software). From this perspective, a VPN functions like a 4in4 or GRE tunnel.
Hello
Be careful when following the advice you've just received..
I'm not talking about the technical side, which seems perfectly valid, but rather about the moral and legal orientation of those remarks...
The prohibition on connecting from outside France is certainly related to the insurance contracts of the said company. Trying to circumvent the security measures and going against the instructions and prohibitions that have been given to you could lead to the termination of the contract or even legal action....
So, at your own risk...
.
Best regards,
Jordane
Thank you for these details, I will educate myself on these topics and follow your recommendations.
Regarding the legal considerations, there is no clause in our contract that prevents me from using a VPN or working from outside of France. Furthermore, I have never been told that doing so is prohibited or that it doesn't work from abroad. I know it doesn't work because a colleague tried to connect from his vacation spot, unsuccessfully. But nothing has been communicated.
On the other hand, as a business owner in France, it is normal for me to want to show a French IP address instead of displaying one from a different country every two days; that would not be professional. Therefore, I have nothing to be ashamed of as long as I have not received official communication from my client that it is forbidden to connect from abroad.
Sincerely
Hello, I'm posting this message even though the post is a bit dated; it could help a lot of people as I was in the same situation. There is a solution called Nomadeos (nomadeos.com) that allows you to keep your home IP address no matter where you go. It's better than a standard VPN because it's undetectable.
Hi,
so it's a VPN server that you're setting up at home, I haven't looked into it, but I guess there's some configuration to do in the box, which isn't necessarily easy. Just so you know, Freeboxes have a VPN server that allows you to bypass that.
Edith;
actually, I checked how it works on their site, it works more like a connected device: the VPN server and the app need to connect to a website where they establish a link, that can't be very fast.
The advantage is that there is no subscription.... for now.
As for being undetectable, no, by measuring packet transit times, it's easy to see that there are kilometers added, proving once again that geolocation by IP address is nonsense.