VPN vs Cloud Computers for connecting to home from Thailand

[tgw]

3 hours ago, WaveHunter said:

Can you go into further detail about what you meant when you said "setting up VPN access to the friend's home router seems simpler and doesn't require their computer to be on."?

 

I've come to the same conclusion that a VPN the way I'm using it now is not a solution for one main reason: While a VPN will mask my Thai IP address, it will not mask details about my actual laptop.

 

I was kind of shocked to run an IP check while using the VPN and find out that details about my laptop were not being masked at all:  This is what was included when I ran an IP check while using Nord VPN set to a USA location:

 

If this information is not being masked than any website I try to connect to can easily see the discrepancy between my operating system and Chrome browser settings for time and location and that of the VPN server, so I think that would be a major red-flag.

 

I am looking into using a cloud computer set up (virtual machine) since it would have its' own operating system (Windows 10) that would be in the same USA location as its' IP address, and maybe that would be the solution since my own laptop would not be visible in any way at all.  With that setup you only interact with is using your mouse and keyboard through a remote desktop connection from your laptop.

 

I was surprised to learn that it only takes 10 minutes to set one up and the cost can be as low as $10 USD per month!  The company I was looking into is called Paperspace.com

 

Aside from possibly solving my dilemma, it's also a pretty cool solution for a lot of other things since you can configure in ways where you can have a "virtual" Windows 10 computer with as much RAM, computing power, and storage space as you want!

 

However, the one thing I would still be concerned with using such a set up is that it probably also uses a "data center" IP address, and not a residential IP address, so that's why I'm still interested in your idea and want to know more about it.

 

I have family and friend back in the USA, so what you suggest is intriguing.  I think what you are suggesting is that somehow I could connect through their internet IP, but I'm not really sure how someone would feel comfortable allowing me to do that, especially if it might degrade their performance or be a security issue for them.

 

Anyway, I would be VERY interested to learn more about what you have in mind.

okay, so it's simple really.

 

the person in the USA must use a router that supports VPN. For example an ASUS, there are many brands and models which support this.

https://www.asus.com/support/FAQ/1008713/

that turns the ASUS router effectively into a VPN server.

 

dynamic domain service such as dyndns can be used to make the router reachable through a public URL such as "yourdomain.dyndns.com".

 

after that, you need to install the VPN client on your computer, for example OpenVPN.

 

after you connect over OpenVPN, your computer will appear on the internet using the private US home IP address.

 

regarding security issues, every instance that gives external access has the risk of being compromised.

the risk is limited however, especially if the router is not configured to give LAN access to the VPN client, but only shares the internet access, which is, I believe, the default configuration. check the router to be sure, delete any Open VPN -> LAN static routes if present.

so, if friends & family do not consider you to be a potential security risk, I see no reason to not give you Open VPN access.

 

performance-wise, I think there won't be much of an impact, except maybe on very weak routers with very weak internet connection/bandwidth. Your own bandwidth will be limited by your Thai international routing anyway, so the resulting 15-20 mbits should IMO be handled easily by the router.

 

some providers choose to block Open VPN ports. to circumvent such a port block, you can set the OpenVPN port to 443, both on client and router, which should work if your friend/family does not already run software using that port with that dyndns address. 443 is the standard port for exncrypted HTTP traffic, so no network provider can block it if they want to keep the internet running.

 

[WaveHunter]

6 minutes ago, tgw said:

okay, so it's simple really.

 

the person in the USA must use a router that supports VPN. For example an ASUS, there are many brands and models which support this.

https://www.asus.com/support/FAQ/1008713/

that turns the ASUS router effectively into a VPN server.

 

dynamic domain service such as dyndns can be used to make the router reachable through a public URL such as "yourdomain.dyndns.com".

 

after that, you need to install the VPN client on your computer, for example OpenVPN.

 

after you connect over OpenVPN, your computer will appear on the internet using the private US home IP address.

 

regarding security issues, every instance that gives external access has the risk of being compromised.

the risk is limited however, especially if the router is not configured to give LAN access to the VPN client, but only shares the internet access, which is, I believe, the default configuration. check the router to be sure, delete any Open VPN -> LAN static routes if present.

so, if friends & family do not consider you to be a potential security risk, I see no reason to not give you Open VPN access.

 

performance-wise, I think there won't be much of an impact, except maybe on very weak routers with very weak internet connection/bandwidth. Your own bandwidth will be limited by your Thai international routing anyway, so the resulting 15-20 mbits should IMO be handled easily by the router.

 

some providers choose to block Open VPN ports. to circumvent such a port block, you can set the OpenVPN port to 443, both on client and router, which should work if your friend/family does not already run software using that port with that dyndns address. 443 is the standard port for exncrypted HTTP traffic, so no network provider can block it if they want to keep the internet running.

 

Is there a way to do this without using VPN on either side?  What I mean is that I often here about people being able to connect remotely to their home computers when travelling, or is that only for retrieving data?

 

Just to be clear, I need to be able to actually manipulate the internet browser on their computer, and I just worry that most people, even friends are not going to like the idea of me doing that with their computer, or having to reconfigure their computer for that purpose.  I mean, these are not IT type people.

Edited December 20, 2022 by WaveHunter

[tgw]

4 minutes ago, WaveHunter said:

Is there a way to do this without using VPN on either side?

in theory, there is.

both routers could use an IP-to-IP protocol that does not use encryption, for example GRE or another IP tunnel protocol.

 

in practice however, I'm pretty sure no consumer-grade router firmware supports this, because nobody wants to run unencrypted traffic over public IP routing.

I don't know if custom router firmware such as tomato or DD-WRT support it. In any case, you would then have to overwrite firmware on both routers to test it.

I wouldn't be able to assist, because I've never done that, and I also advise you against it.

 

 

[NORDO]

Im using Proton VPN with my own or dedicated IP.   I have a choice of over 100 Countries and States/Provinces to connect through.   Some sights lock u out when using it, but some make it easier to disguise your in Thailand, when the site thinks your in your western home country.

 

The rotating dedicated IP attracted me to Proton.

[WaveHunter]

26 minutes ago, NORDO said:

Im using Proton VPN with my own or dedicated IP.   I have a choice of over 100 Countries and States/Provinces to connect through.   Some sights lock u out when using it, but some make it easier to disguise your in Thailand, when the site thinks your in your western home country.

 

The rotating dedicated IP attracted me to Proton.

The problem however is that your computer and internet browser settings are not masked with VPN so a lot of sites in the US like banks, credit card companies, online platforms like Amazon and eBay, and most big social media sites like Instagram and Facebook can easily detect the mismatch between your computer time/location data and that of the VPN server, which creates a red-flag and then you're faced with numerous ID verification steps each time you try to log in.

 

How bad is it getting?

It wasn't a problem until this last year when sites like those started ramping up the ID verification crapola so that now it is getting completely ridiculous, and way over the top!

 

Last week, for example, I got locked out of my Instagram account.  After they put me through email verification, and then text verification, they then locked my account, and emailed me instructing me to click on a link in the email which sent me another 4 digit code, and told me to write that down on a piece of paper, hold it up to my face making sure that my hand was visible while holding the piece of paper and make a selfie of myself and then upload it to them.

 

I mean is that really over the top or what !@#$% ?

 

And the worst part of it is, they then said they could not verify my identity and that my account was being banned, and that I could take no further action to appeal their decision.  And all of this just because I logged in from Thailand, using my VPN that was directed to a US VPN server.

Edited December 20, 2022 by WaveHunter

[NORDO]

2 minutes ago, WaveHunter said:

The problem however is that your computer and internet browser settings are not masked with VPN so a lot of sites in the US like banks, credit card companies, online platforms like Amazon and eBay, and most big social media sites like Instagram and Facebook can easily detect the mismatch between your computer time/location data and that of the VPN server, which creates a red-flag and then you're faced with numerous ID verification steps each time you try to log in.

I like the verification steps and many of the financial institutions are already using them.  I just use a vyke wifi number and they text me a code.  Takes seconds.    It happens whether I using VPN or not.  Most Gov agencies are already using the ID verification steps.   Facebook is the only real issue Ive run into and given the big "FIVE EYES", I can't understand why someone would post their real name, photos and personal data on social media.  Likewise with Ebay and Bezo.

[WaveHunter]

17 minutes ago, NORDO said:

I like the verification steps and many of the financial institutions are already using them.  I just use a vyke wifi number and they text me a code.  Takes seconds.    It happens whether I using VPN or not.  Most Gov agencies are already using the ID verification steps.   Facebook is the only real issue Ive run into and given the big "FIVE EYES", I can't understand why someone would post their real name, photos and personal data on social media.  Likewise with Ebay and Bezo.

Actually all the major US websites like banks, online platforms, and social media are slowly starting to adopt authenticator apps which is a much better means of ID verification and it's the wave of the future but they are being very slow to adopt it, and until they do, ID verification, especially when you have a SE Asian IP address is just going to get more and more invasive, and more ridiculous.

 

I mean getting locked out of my Instagram account and having it deleted without any way to appeal it was the final straw for me since that actually affects my business.

Edited December 20, 2022 by WaveHunter

[NORDO]

1 minute ago, WaveHunter said:

Actually all the major US websites like banks, online platforms, and social media are slowly starting to adopt authenticator apps which is a much better means of ID verification and it's the wave of the future but they are being very slow to adopt it, and until they do, ID verification, especially when you have a SE Asian IP address is just going to get more and more invasive, and more rediculous.

Yes, I agree.  Im able to by-passs most, BUT NOT ALL, by select a western home country IP on my VPN.

However as you mentioned, on Social media , Bezo and Ebay it won't work.

[WaveHunter]

4 minutes ago, NORDO said:

Yes, I agree.  Im able to by-passs most, BUT NOT ALL, by select a western home country IP on my VPN.

However as you mentioned, on Social media , Bezo and Ebay it won't work.

The thing is, it just keeps getting worse every day.  Last year it was just a minor nuisance, but today it is a real problem because sites like eBay and Amazon, and ALL of the major online social media platforms make it almost impossible to get live help.  All you get are robot replies, if even that, and when you actually get your social media account locked with no way to get back in, THAT is a major issue for many people like me who rely on it for business reasons.

[NORDO]

1 minute ago, WaveHunter said:

The thing is, it just keeps getting worse every day.  Last year it was just a minor nuisance, but today it is a real problem because sites like eBay and Amazon, and ALL of the major online social media platforms make it almost impossible to get live help.  All you get are robot replies, if even that, and when you actually get your social media account locked with no way to get back in, THAT is a major issue for many people like me who rely on it for business reasons.

Most certainly, I just retired from the travel industry and very aware of that.  Especially daunting when u work remote or from home.

[tgw]

any VPN vendor solution runs the risk of getting recognized by websites you visit, because multiple services maintain lists of known VPN server IP address pools. 

setting up a private router for VPN is the safest approach.

[WaveHunter]

21 hours ago, tgw said:

any VPN vendor solution runs the risk of getting recognized by websites you visit, because multiple services maintain lists of known VPN server IP address pools. 

setting up a private router for VPN is the safest approach.

Yeah, Overall VPN seem to be a pretty ineffective solution, except it allows me to receive USA  streaming on my TV, but that seems to be the only real benefit to VPN.  I hope the "cloud computer" idea is a better solution. 

 

Edited December 21, 2022 by WaveHunter

[WaveHunter]

22 hours ago, tgw said:

in theory, there is.

both routers could use an IP-to-IP protocol that does not use encryption, for example GRE or another IP tunnel protocol.

 

in practice however, I'm pretty sure no consumer-grade router firmware supports this, because nobody wants to run unencrypted traffic over public IP routing.

I don't know if custom router firmware such as tomato or DD-WRT support it. In any case, you would then have to overwrite firmware on both routers to test it.

I wouldn't be able to assist, because I've never done that, and I also advise you against it.

 

 

It really sounds like you know what you're talking about (as so many others who've replied also sound) but friends and family back in the USA are not that tech-oriented, and I think they would sort of freak out if I asked them to do something like this.  I think I'm placing my hopes in setting up a cloud computer and see if that works.

[WaveHunter]

Just a note for anyone following this thread, I decided my best bet was to use TeamVIewer, so I want to thank those that suggested that.  I am buying an inexpensive laptop for my sister who lives back home in the USA and has internet services with a residential IP Address and she will connect it to her internet wi-fi. 

 

That way I can remotely connect to it from here in Thailand with TeamViewer software anytime I want, and when I use that laptop's browser to connect with different websites that have been red-flagging me due to a Thailand IP address or the VPN data center IP address, it will simply be as though I were sitting right at the USA laptop and I should have no more red-flag requests for ID verifications, and all of the other nonsense that's been happening. 

 

I mean unlike all the other options I explored, with this one BOTH the laptop itself as well as the IP address will both be located in the USA, and the IP address will be the standard "residential IP" like everyone else has for their home set up.  No red flags should be raised ( I think). 

 

Can anyone tell me why this may not work?  Keeping my fingers crossed that it works but it really sounds like it should.

Edited December 24, 2022 by WaveHunter

[fdsa]

2 hours ago, WaveHunter said:

Just a note for anyone following this thread, I decided my best bet was to use TeamVIewer, so I want to thank those that suggested that.  I am buying an inexpensive laptop for my sister who lives back home in the USA and has internet services with a residential IP Address and she will connect it to her internet wi-fi. 

 

That way I can remotely connect to it from here in Thailand with TeamViewer software anytime I want, and when I use that laptop's browser to connect with different websites that have been red-flagging me due to a Thailand IP address or the VPN data center IP address, it will simply be as though I were sitting right at the USA laptop and I should have no more red-flag requests for ID verifications, and all of the other nonsense that's been happening. 

 

I mean unlike all the other options I explored, with this one BOTH the laptop itself as well as the IP address will both be located in the USA, and the IP address will be the standard "residential IP" like everyone else has for their home set up.  No red flags should be raised ( I think). 

 

Can anyone tell me why this may not work?  Keeping my fingers crossed that it works but it really sounds like it should.

yes, this should work, but there are some nuances:

- as far as I remember a free Teamviewer license has a time limit, so you will have to reconnect every 30-60 minutes.

- the Teamviewer ID (login) might change, especially if laptop reboots or IP address changes. So you might need to contact your sister and ask her to check and tell you the new ID/login.

- if you will have to run some software other than the browser then this software will see that you use Teamviewer and will flag/blacklist you.

 

 

[digbeth]

1 hour ago, fdsa said:

 

- the Teamviewer ID (login) might change, especially if laptop reboots or IP address changes. So you might need to contact your sister and ask her to check and tell you the new ID/login.

- if you will have to run some software other than the browser then this software will see that you use Teamviewer and will flag/blacklist you.

 

 

If you're signed in to teamviewer, you don't need to keep track of the ID, the computer should show up when you log in and you can connect right away.

 

good banking app should detect that remote access as it looks exactly like a scammer compromising your system and impersonating you, hopefully accessing the Bank's website just through the browser should be okay

[WaveHunter]

On 12/24/2022 at 9:38 PM, digbeth said:

...good banking app should detect that remote access as it looks exactly like a scammer compromising your system and impersonating you, hopefully accessing the Bank's website just through the browser should be okay

I'm not sure what you mean.  If I am accessing a laptop computer that I have set up at my sister's house in the states, and only using the Chromes browser on that laptop through a remote connection to it, how would that be detected by a website I would be logging into.  I mean, there are no footprints back to me in Thailand if I use teamViewer to connect, are there?

[WaveHunter]

On 12/20/2022 at 5:27 PM, tgw said:

any VPN vendor solution runs the risk of getting recognized by websites you visit, because multiple services maintain lists of known VPN server IP address pools. 

setting up a private router for VPN is the safest approach.

That's the whole reason I am abandoning the idea of VPN.  Connecting remotely to a laptop that is physically based in the US using TeamViewer to do it, and then using THAT US-based laptop's browser to connect to websites, seems like a perfect solution, wouldn't you think?

Edited December 30, 2022 by WaveHunter

[digbeth]

34 minutes ago, WaveHunter said:

I'm not sure what you mean.  If I am accessing a laptop computer that I have set up at my sister's house in the states, and only using the Chromes browser on that laptop through a remote connection to it, how would that be detected by a website I would be logging into.  I mean, there are no footprints back to me in Thailand if I use teamViewer to connect, are there?

It will work for now, some people are already doing this 

the website can look what other program is running on the same computer, 

 

there are call centre scam that people were called and ask to install remote access software such as teamviewer and the scammer in india will access your bank account on your computer, for banks that guard against this could ask you to install protection software that will looks for this or use the bank's own app that will detect if it's being run on computer that has remote access 

 

If banks are proactive in protecting their user they could disallow remote access while using the online banking, some already do when using their app

[eisfeld]

20 minutes ago, digbeth said:

the website can look what other program is running on the same computer

A website can't do that. That would be an insane privacy issue.

[Jingthing]

1 hour ago, WaveHunter said:

That's the whole reason I am abandoning the idea of VPN.  Connecting remotely to a laptop that is physically based in the US using TeamViewer to do it, and then using THAT US-based laptop's browser to connect to websites, seems like a perfect solution, wouldn't you think?

It is but its a burden on the host person. There will be technical glitches from time to time.

[tgw]

1 hour ago, WaveHunter said:

That's the whole reason I am abandoning the idea of VPN.  Connecting remotely to a laptop that is physically based in the US using TeamViewer to do it, and then using THAT US-based laptop's browser to connect to websites, seems like a perfect solution, wouldn't you think?

I would still prefer a home router configured as a VPN server, because it wouldn't require a remote laptop to be switched on.

you could of course switch the laptop on if it's connected to the router by using "wake on LAN" function, but this requires to login on the remote router anyway.

and even an "always on" laptop will need to be updated, rebooted, etc. also anyone near the laptop will be able to see what's on screen, and able to install any software.

 

Edited December 30, 2022 by tgw

[Jingthing]

5 minutes ago, tgw said:

I would still prefer a home router configured as a VPN server, because it wouldn't require a remote laptop to be switched on.

you could of course switch the laptop on if it's connected to the router by using "wake on LAN" function, but this requires to login on the remote router anyway.

and even an "always on" laptop will need to be updated, rebooted, etc. also anyone near the laptop will be able to see what's on screen, and able to install any software.

 

Doesn't have to be a laptop.

My host computer is a cheap box without a monitor using Linux.

I power it on by logging into my host's network.

Linux is much easier than windows on updates.

Edited December 30, 2022 by Jingthing

[tgw]

14 minutes ago, Jingthing said:

Doesn't have to be a laptop.

My host computer is a cheap box without a monitor using Linux.

I power it on by logging into my host's network.

Linux is much easier than windows on updates.

okay, still, anyone can plug a monitor in.

[Jingthing]

4 minutes ago, tgw said:

okay, still, anyone can plug a monitor in.

Yes of course but it's much cheaper than a laptop.

[gamb00ler]

1 hour ago, Jingthing said:

Doesn't have to be a laptop.

My host computer is a cheap box without a monitor using Linux.

I power it on by logging into my host's network.

Linux is much easier than windows on updates.

I'm thinking I'll use a Raspberry Pi if I go this route.  It has enough horsepower for such a simple task, is very light on power consumption and can handle most everything a full Linux installation can do.

[fdsa]

58 minutes ago, gamb00ler said:

I'm thinking I'll use a Raspberry Pi if I go this route.  It has enough horsepower for such a simple task, is very light on power consumption and can handle most everything a full Linux installation can do.

It doesn't have enough horsepower for the modern Web such as Facebook or Instagram.

For simple websites such as online banking it should be Ok though.

[WaveHunter]

2 hours ago, Jingthing said:

It is but its a burden on the host person. There will be technical glitches from time to time.

I am planning to set this up on a separate laptop that I will purchase for this purpose at the host location (my sister's house in the US).  Can you elaborate on what you mean by "burden on host person"?

[WaveHunter]

3 hours ago, tgw said:

I would still prefer a home router configured as a VPN server, because it wouldn't require a remote laptop to be switched on.

you could of course switch the laptop on if it's connected to the router by using "wake on LAN" function, but this requires to login on the remote router anyway.

and even an "always on" laptop will need to be updated, rebooted, etc. also anyone near the laptop will be able to see what's on screen, and able to install any software.

 

I'm not sure I understand.  Firstly, I want to use a separate laptop so my sister isn't burdened with sharing her computer when I need to connect.  Also I don;t want to do anything unusual to her router that might compromise her speed of give her any technical issues to deal with.  What would be the drawbacks of of doing it the way I described, orver the way you are talking about?

 

[WaveHunter]

3 hours ago, digbeth said:

It will work for now, some people are already doing this 

the website can look what other program is running on the same computer, 

 

there are call centre scam that people were called and ask to install remote access software such as teamviewer and the scammer in india will access your bank account on your computer, for banks that guard against this could ask you to install protection software that will looks for this or use the bank's own app that will detect if it's being run on computer that has remote access 

 

If banks are proactive in protecting their user they could disallow remote access while using the online banking, some already do when using their app

I don't think you understand what I want to do.  I am buying a laptop off of eBay and shipping to my sister.  It is a brand new laptop with no apps other than Chrome which she will install.  It will be connected to her wi-fi and in sleep mode except when I log on to it.  I only intend to connect to it from here in Thailand ONLY to use the Chromes browser to connect to websites that are giving me red-flag issues from here in Thailand.

 

For all intents and purposes, it will be no different than if I were sitting in her house using it when I remotely access it from here in Thailand.  I mean, a website I am connecting to in this manner is not going to be able to detect any difference as a result of me connecting remotely to my own US based computer.

 

Isn't that correct...or am I missing something?