Remote user connect via local IP

[Stomatopoda]

I work for a small company and have been acting as IT support since I’m the only one nerdy enough who knows how to set up a printer or back up a computer. However, I have been asked to figure to out how to do something much harder than that. We have a couple remote employees we use for certain low-level administrative tasks like data entry. A couple of the online services they need to use are not allowing them to log in since they’re logging in from an IP address that is outside a specified range (e.g. 75 miles) from our office. I have been asked to find a way for them to login from an IP close to our office.

I have considered the idea of a VPN but I can’t seem to find a service provider that uses servers in Northern Virginia where our office is located. I was thinking about setting up our own VPN server in our office and having the remote employees to connect to it.

Is this best option? If so, what’s the best way to do it? Can I set up the VPN server on a different sub-net so that it’s separate from our office network? I am looking for cheapest most secure option.

 

[Neur0nauT]

You would probably not be able to use a third party VPN service (since they allocate dynamic IP addresses via HTTP) unless this is logging onto a workstation within the company building, then using online services from that desktop alone.

Most broadband routers will have built in functionality to setup a teleworker VPN. The easiest and most common way would be PPTP VPN with a Pre-shared-key. Once the VPN credentials and config have been set up on the router. Your external employees can join your work domain via Windows VPN, and have access to shared files or folders on that domain.

What sort of router and model does your company use? If it is not suitable, it might be worth investing in one that can suit this purpose.

 

[boosted1g]

Yes having your own local VPN server would be the best way to go, this way you are not reliant on other companies hardware.

You can use a VPN router or setup a server to be the VPN server. Either way you at minimum want to have a router or hardware firewall with SPI.

Most decent routers can be flashed to DD-WRT with supports PPTP firewall out of the box and would be a decent option.

You will need to either have a static IP from your ISP or will have to use a DDNS (dynamic dns) service to keep track of your changing dynamic IP address. I use duckdns.org but dyndns is the one of the most common.

 

[Stomatopoda]

Thanks for reply! Do you happen to know of a good step by step guide on how to set this up?

Also, once connected through the VPN will the remote worker have the same outside IP address has our office? In other words, will remote worker be able to use the online services that are restricting access based on IP location? They need to have an outside IP address close our office.

The router we have is one listed at the linke below:

http://www.officedepot.com/a/products/338262/Netgear-RangeMax-WNR1000-Wireless-Router/

You would probably not be able to use a third party VPN service (since they allocate dynamic IP addresses via HTTP) unless this is logging onto a workstation within the company building, then using online services from that desktop alone.

Most broadband routers will have built in functionality to setup a teleworker VPN. The easiest and most common way would be PPTP VPN with a Pre-shared-key. Once the VPN credentials and config have been set up on the router. Your external employees can join your work domain via Windows VPN, and have access to shared files or folders on that domain.

What sort of router and model does your company use? If it is not suitable, it might be worth investing in one that can suit this purpose.

 

[boosted1g]

Your outside worker will have an IP from your office network.

The outside worker initiates a VPN connection to your office, at this point all of his internet traffic is routed through your office. so if he goes to google.com he is sending a request for google.com to your office router, and the office router then goes out to the internet gets the data for the webpage and sends it back to the worker.

We cant give you a writeup on how to setup VPN because we do not know what router you have, which will have model specific instructions.

Your best option would be to flash your router to DD-WRT (or buy one capable of being flashed to it) and then you can setup a PPTP VPN server very easily and there are good write-ups on this. If your company does not have a static IP address (constant) then you will either have to purchase that option from your ISP or pay a small monthly fee for a dynamic dns service that keeps track of the changing IP address you have from your ISP.