How to Use a Self-Hosted VPN for Remote Work and Global Exploration


Remote work has surged since the COVID-19 pandemic, giving rise to the "digital nomad". Many have recognized that for certain roles, physically going to the office may not be necessary and could even be less productive than working from home. Some have also realized they don't need to stay home every single day. For these individuals, the traditional 12 to 30 days of annual leave may not suffice. So, why not mix things up and work from a new location, whether it's a different area or an entirely new country?

Why a self-hosted VPN?

Most companies have I.T. departments that monitor elements like IP addresses and, consequently, your location. This monitoring is primarily to detect and fend off foreign intruders. However, your work location shouldn't be anyone's business. What truly matters (and what your boss should care about) is that the work gets done. A VPN (Virtual Private Network) can help you appear to be somewhere you're not. However, you shouldn't use just any VPN — you need to self-host your own VPN at home. If your I.T. department is sophisticated, they might have software that detects commercial VPN providers like NordVPN or SurfShark by checking a list of known IP addresses. This justifies the need for your own VPN to prevent potential snooping on your internet traffic. Another reason to host your own VPN is to appear as if you're working from home. You could also host the server at a nearby family member's house to achieve faster internet speeds.

How?

We will use a travel router with a built-in VPN feature (in my case, Tailscale) between your device and the local coffee shop or hotel's internet router. We will also use Tailscale at home to host our own VPN server or "exit node".

The connection would look like this:

<Work PC> ←→ <Travel Router with VPN> ←→ <Internet Overseas> ←→ <Home Server VPN> ←→ <Internet from Home>

Technically, Tailscale isn't a VPN, but an overlay network that routes internet traffic through our home IP address.

A brief technical description of Tailscale: Tailscale is Wireguard with additional features. It's user-friendly for non-networking individuals and offers a fool-proof method, especially if your home ISP uses CGNAT (e.g., PCCW/HKBN), which wouldn't allow a bare VPN to work. Also, the client user interface is more robust than the community-built Wireguard.

NOTE: If your work laptop uses Zscaler or Cisco Umbrella, for example, you might experience reduced internet speed and increased latency.

Before proceeding with the technical implementation, a disclaimer: I'm not responsible for any problems you or your company may encounter, including but not limited to termination of employment due to policy violation, failure to comply with tax laws, or protection of customer data.

Equipment needed:

  • Home Server: Raspberry Pi 4B or 5. Alternatively, you can use an Apple TV to host an exit node! (Cost: under 100USD)
  • Travel router: GL.iNet Beryl AX
  • Misc: Thunderbolt and/or USB-C Ethernet adapter for laptop (if required), 2–3 ethernet cables of varying lengths. One cable for Home Server <-> Home Router LAN, one for Laptop <-> Travel router LAN, and an optional 10ft cable for Travel router WAN <-> Local network router (at your hotel)
  • (Optional) Portable battery for powering your travel router when a wall outlet isn't accessible.

A travel router is needed because we can't install third-party software, including a VPN client, on our work machine. We'll connect the work computer to the travel router like a regular Wi-Fi network, and the router will direct everything to our VPN server. Think of the travel router as a repeater that takes your Airbnb/hotel Wi-Fi network and rebroadcasts it to your device. We'll only use a wired Ethernet connection from the laptop to the travel router, never Wi-Fi, as this can expose our location.

Stay tuned for the next blog post on the detailed setup procedure!


網誌: 洞察力
James Huang 2024年1月12日
分享這個貼文
標籤
Your home(lab) away from home