Hello! My brother just called and mentioned that his wife’s job told her she’s now going to need a static IP for security reasons and to enable remote work and access to the company server or something. It’s a small company, with fewer than 100 employees.
The issue is that Comcast doesn’t offer static IPs for residential accounts, and upgrading to a business account with a static IP is quite expensive. I don’t know much about static IPs myself, so I wasn’t sure what advice to give him. I’m hoping to get some guidance here on the best route to take. Is a static IP really necessary for working from home, or are there other options? Why would her company require it if it means she’d have to pay more for her internet service just to work from home? Like aren’t there better options out there?
Any advice on alternatives and or how to set something up would be greatly appreciated.
Thanks!
Edit: More context
So I guess while they may have 100 or so employees the actual office only has like 5 or so people in it and its a rather small place. So with that info I think that’s all that would actially be needing to connect to the server/ doing WFH.
there is no sensible reason that a company would require an employee to have a static IP address
>fewer than 100 employees
this smacks of an immature IT department that’s doing something ridiculous like adding employee IP addresses to an allow filter on their firewalls somewhere.
as another poster mentioned, they should be using a sensible VPN solution with appropriate AAA to control access to resourecs on the company network.
You got answers about this being dumb. That’s correct, but to give a real solution, and it’ll be a tech deep dive…
Rent a virtual server somewhere. Digital Ocean, Linode, etc. It’ll have a static IP. Install Wireguard on it and your home work PC. Voila, ‘you’ have a static IP. You’re basically just tunneling through a VPN, but it’s got a static IP at the exit node. It’s also only a few bucks a month ($5 I think).
Again, this is dumb, but it’s the technical solution to a dumb problem.
Thanks, All, I too thought this was all a little odd, and my first thought was there needs to be someone else to talk to for help. I also was like my Aunt works for 3M and she just clicks a button on her computer to connect to a VPN and boom she can remote work from anywhere.
Static IP is totally and 100% not needed. This is an issue of the company being stupid.
The usual method is to set up a VPN with some kind of public key cryptography. Then your sister in law fires up the VPN and connects to the companies network proving her identity through the crypto keys.
Can you imagine how stupid it’d be for a university with 20,000 employees and 50,000 students to make all of them have static IPS in order to access resources on campus? It’s just dumb
The company should be able to set up a VPN, instead of forcing a static IP.
Static IPS are only like 10 bucks more usually. But who knows with Comcast.
Go back at her company for them to pay for the static IP.
While this is pretty dumb requirement, why not spin up a small vps, and leverage its static ip? You could configure a vpn split-tunnel and company gets their static ip.
You can get a VPN with a static IP. She just needs to have the VPN on when connecting to the work network.
One advantage of getting a business connection from your ISP is that you’ll have a service level agreement. As residential, your Internet can go out at various times, and too bad, but with an SLA they are contractually obligated to meet stated uptimes.
Here is a suggestion, it’s not a tech problem, it’s conversation between her and her manager, to understand the issues on both sides and come up with a solution, the employer maybe happy to pay the difference or something. don’t over engineer a solution where it’s not needed, it’s ok to say no I don’t know
My wife just ran into that. Her employer was doing access approvals based on IP. Since our ISP doesn’t change the IP often it was no issue. Untill she was traveling and wanted to log in on the road at the hotel or mobile tethering. They figured out here was no practical way to make that kind of arrangement with every IP needing approval. Much less keeping the shared connection secure.
Somehow they got a VPN operating. Now when they go to meetings they can still work too.
Just a thought, what if you paid some sort of cloud hosting provider and used a vpn like wireguard to hook into that? Set it up so that it looks like her computer is connected directly into it?
Here is what I mean.
Her laptop connects to the cloud hosting provider via vpn (wireguard). Cloud hosting provider has the static ip. Work checks that and goes “ok cool”. You would still need to pay the provider but would probably be cheaper than getting a static ip.
The comments on here about static IP addresses being a poor choice for IT security are valid, but at the end of the day they don’t help your brother’s wife much.
I would suggest she pushes the problem back on the employer. Simply state that the only way to get a static IP is to upgrade to a business plan, and ask that they pay the extra cost.
If they say no, the only options may be to suck up the cost, change ISP (if you can) or start going to the office full time.
It may be that everyone gives the same feedback, then the IT department chooses to abandon thr static IP approach.
They can buy a VPN and pay extra for the static IP option. I know Astril does this as a standard feature, my old VPN did too. This won’t work if they also require them to log in via a company provided VPN.
For others calling this dumb… don’t worry. It may or may not be, depending on what else they are doing, but that’s not a helpful answer. The question wasn’t “roast my relative’s wifes’ company’s network”. Yikes. Y’all trying to grandstand make it a pain in the ass to ask questions everywhere.
Eh, just get a cheap ass cloud VM with a static IP (make it IPv6 for funsies). Then install wireguard on said cloud VM, connect to it from home and you’re done.
If the corpo laptop you’re using doesn’t let you run wireguard, you can get a raspberry pi (or a router) that can run wireguard for you. You can also set it up so that your work laptop’s internal (NAT) IP address’ route to the Interwebs goes through the Wireguard tunnel.