I have rented shared office space. So what we get are couple of ethernet jacks in the office that are managed by the service. So each jack will get their own IP address and are completely isolated from each other. If I add my NAS to a plug next to me that will of course will not show up. Because otherwise that would show up on everyone’s computers.
First thing I thought was to plug these to a switch. But that did not help at all. The issue still is that the devices are separated by their IP addresses and seem like under separate subnets.
Then, I thought to connect my Cisco Meraki router and build my own subnet. No good. The router wouldn’t even connect to the cloud as the UDP ports it needs are blocked by our provider. Even bought second more conventional router and that also did not work.
So then I ordered a static IP address as I imagined this would act more like ordinary network. No help, as all it does is it gives one static IP just for me but same rules still apply, this is a shared internet connection.
Now, I am able to register the devices using the MAC address to the network by their service portal. So I am theoretically able to connect things like NASes with no browser access for the captive authentication.
But this still does nothing for me because all IPs are isolated. Printing for example means me unplugging temporarely from internet and connect p2p to the printer temporarely.
I don’t know what options I have, hope I can at least cancel the static IP contract so I don’t have to forever pay 100 dollars for month for it.
Getting VPN configured is something I just give up entirely, I no longer believe it can be done.
Still I will need to access the files on my NAS somehow, wondering if there would be a way to create another p2p network from my windows machine to it somehow.
Any ideas what to do?
Ordering business IT support is totally beyond my budget here as it is insane expensive. I don’t feel like paying the share office holders any more money for already expensive service.
Can you confirm, you meant business IT service by a service provided by the space provider?
If that isn’t the case, you could try to ask if you could make it worked out. But I cannot say about the company you are working with, if they will make that work for you…
But it is always worth it to at least give it a shot.
I mean, I would have assumed they would have said as much if it is a seperate solution. That wouldn’t waste your time, when you actually have to check it.
I wouldn’t call that support, but getting your stuff working. If you cannot even setup your own LAN behind a router, I cannot really say what would be the solution.
You will have to either try to actually get an understanding what they can and cannot do, and based on that decide if you can work there. Since if you spend your time on setting things that should be relativly plug & play, it is up to you what you want to do.
Yes, true. I got their document as PDF. Would you mind taking a look at that?
It must be that I am the one who doesn’t understand actually how to set everything up.
They said that the static IP is piped into one of the RJ45 terminals.
My PC does seem to get the static IP on the WAN side automatically when I plug it into this dedicated pipe.
Their document states
“Type of Service: Office network with private IP and shared bandwidth” Assigned network: 192.168.51.0
So this is true, my computer does get this as the IP address
192.168.51.2 and the WAN side IP matches what they say.
“Below you can see the mappings between the Public facing IP (WAN) and the Internal Private IP:s (LAN)”
All LAN IP addresses
WAN IP address: XXX.XXX.XXX.XXX
Static IP for manually configured devices like printer
Seeing that I get IP address from DHCP server like this 192.168.51.2
Generally speaking, usually, can I just plug in another router with default automatic settings (with getting IP from DHCP) and I will get another NAT?
What seems to happen in my case, the little it even worked, was that I still got the captive portal messages showing up in my machines and at the end the machine was blocked (internet) LED turned off.
“For routers, firewall, and switches, the MAC address of the port connected to IWG switch needs to be registered, and not the
MAC address found on the sticker of the device.”
But I there is no way for me to find out my router’s port MAC address, it only has a device MAC address I guess?
i’d use a router and NAT from the single IP you get from the office provider into a local subnet and treat it like a home connection
if port forwarding isn’t an option (or they use CGNAT themselves) then i’d use a wireguard into a local shared server somewhere and tunnel the internet over that
Great points about VPS. I think I might be able to setup this at home.
Generally speaking what are your thoughts on security on these places? If I was just to plug my machine to the pipe they provide.
I feel static IP will definitely not improve security aspect…
Thanks for the reply.
Yep, this is the plan. So far I have tried Cisco Meraki Go and this did not work. Even when I registered it’s WAN Mac address it did not obtain the assigned IP automatically, also wasn’t able to connect to Cisco cloud as that is cloud managed router, said about blocked UDP ports.
I also bought cheap Japanese router just to test it. The poor thing was confused and went on a kind of reboot loop. Could be a bad unit.
I could bring my known good router from home and test with this, I know it’s settings througly.
I have QNap NAS and I have use it’s VPN before, super useful and nice. This could be a good solution actually.
“For routers, firewall, and switches, the MAC address of the port connected to IWG switch needs to be registered, and not the
MAC address found on the sticker of the device.”
Sorry but I have yet to see a router which had it’s port MAC address different from the sticker. Feeling too low end user…
I think you ordered the wrong thing. Ordering a dedicated IP probably means you don’t get NAT, or you have the option to not use NAT, and you get an externally-reachable IPv4(?) address.
Having a separate VLAN is probably what you want. From the phrasing, it’s unclear to me if that’s a pay-for option, or just another option you can select freely. It shouldn’t cost them anything extra(just reconfigure the switch), and what they’re currently providing might be just a safer default(full isolation).
Ask them about it and your specific problem. If it’s an additional service they offer it would be kind of rude if they won’t answer you before they up-sell you(This seems like a very basic thing for any office situation).
If all you want to do is make some printer available over the internet, you could use SSH forwarding and jump hosts in a way that only requires the ability for outgoing SSH connections from your corporate network.
That being said, there is absolutely no reason why a VPN or separate router shouldn’t work.
Would you mind sharing a few more details on your failed attempts?