Just want to caveat this by stating I know very little about server management and connection, so any replies please try keep it simple!
I am a remote worker and we have company VPN, for some reason this specific area of the business can’t give me access to their server via our VPN, only local IP - they are requesting that I contact my ISP and request that I get a static IP address, other areas of the business can give access via VPN I believe.
I have a few questions:
Is this safe?
Why does my IP change?
Why wouldn’t they be able to connect via VPN IP range?
What else should I be asking?
Yeah, that’s dumb. Static IPs in residential connections are rare, or expensive (or both). That sounds like the business unit needs to adjust their practices
i’ve seen this a bunch of times over the years for some vendors. if you need access to perform a specific task then we need a static IP and the network guys create a firewall rule to connect from that firewall and only to specific internal IP’s
need to ask your ISP for a business account with static IP or work out a deal where your IP changes and if it does change they have to change their FW rule each time
I can’t fathom why your company wants to connect you this way, as there are better and probably more secure ways. Do they want you to install and run a specific application? They could use one that sets up its own “secure” connection. It could also be a web application with a public-facing URL accessed through a secure browser connection rather than an internal server behind a VPN (generally called a company intranet). Maybe it’s an application that your company buys/rents from a third party, and that is the only option. In any case, they control access by adding a static IP to a list of known clients.
I’m not sure where you live or who your ISP is, but when I was in a similar situation in the US and a mid-Atlantic state, I had to open a business account at my residence to get a static IP. There were no options to get a static IP on a residential account. In addition, I had a residential account that I used for streaming, gaming, and our landline telephone. The residential account was $60/month, and the business account was $125/month for the same speed and services. Having a static IP was more than double the price. At least in the US, I would not expect an ISP to give you a static IP for free.
Also, the business account had a two-year contract (with early termination fees) to get service. If that is the case with your ISP, you want your company on the hook for that contract, not yourself. If you decide to take another job or your company terminates you, you don’t want to be saddled with that service. If they need a static IP, they shouldn’t hesitate to pay.
They should be able to connect you to a VPN to one of their local offices, then connect a VPN from that office to the server. It would then be their own static IP connecting to the server.
If you employer requires that you have a static IP then they should be the ones that to provide you with a business level internet connection that provides a static IP. Most residential internet connections use a dynamic IP (one that is assigned randomly and changes on occasion). If your employer is trying to create a firewall rule they should be able to create one that allows access from the pool of IP’s issued by your VPN connection.
Maybe this isn’t supported by most VPN servers, but I wonder if instead of permitting the client by hard IP address you could define the rule based on a DNS name, then use a DDNs client on the client to update the dns name with the clients ip as it changes.
I say this as static IPs are about 10x the cost of what you’d pay for client DDNS.
No consumer internet service provider is going to provide you a static IP it’s basically non-existent. You can get one on a business plan but it’s an additional charge. Furthermore many have pretty short DHCP leases so that addresses rotate, it improves privacy. Ask the company if they can do rDNS lookups for their security and setup dynamic DNS on your end.
Will your company accept a DNS name instead of an IP? You can run DuckDNS and set a hostname for your home that will automatically adjust with whatever IP you get assigned.
I can’t think of any reason a user would need a static IP at home. Either they don’t know what they’re doing, or they’re up to something shady. Static IPs are mostly for business accounts, not residential. So there will likely be a substantial fee to get one. I would escalate this up the chain and ask for details on why it’s needed, then ask if they’re willing to pay for it.
They can still use your current IP, it will just change at some point (mine usually changes when I lose power). DDNS is also an option, and will likely be much cheaper. If your ISP uses CGNAT, then I’m not sure if DDNS will work. I’m not as familiar with that.
This is not good business practice. Your network administrators are able to give you a static IP on your VPN. There is absolutely no reason why you should need a static IP from your ISP (which will cost you money, if its even possible).