I have a 3 unit Eero 6 Pro system at home due to the size of the house. I also own a business and have a 3 unit Eero 6 Pro system there as well. We have 7 computers at the business that connect to a central Windows server that runs my point of sale system as well as some other business related stuff. Some of these are wireless connections, some are wired, I don’t think that detail matters but want to be thorough.
The problem arises from my personal preference for Apple products. All my computers at the business are windows machines as the point of sale software and several other things we utilize do not have Mac support and can be run on windows only. I have a Mac Studio on my desk at the business that I can easily remote in to one of the Windows machines and utilize the software when needed, because it is on the same network. However I cannot remote in from home without a VPN to connect as if I am on my localized network at the business. I would like to be able to do this from my MacBook
This is where my question comes in. Can I use an Eero + subscription VPN to remote in from my home network to my business network and if so how would I go about doing that step by step like I have no idea what I’m talking about? As you can see from this text I have an idea of what needs to be done but I don’t really understand what or how any of these things work. Most of this knowledge is coming from the last week’s worth of google-fu trying to figure it out on my own.
I tried to post this earlier, but it doesn’t seem to be here, so apologies if this is a duplicate.
While it might be possible to do this just using and Eero+ subscription, you’d have to set up the Dynamic DNS, IP reservations, and Port Forwarding to do so, which seems like more than what you’d be comfortable doing.
A more straightforward solution would be to use Tailscale to create a VPN connection between your MacBook and your work network. Here’s a rough outline as to how I would suggest you proceed. (You can also work through https://tailscale.com/kb/1017/install if you prefer to go it on your own.)
- Create your account for Tailscale https://login.tailscale.com/start
- Install Tailscale on your Mac Studio and your MacBook.
- Turn on Tailscale and setup an Exit Node on your Mac Studio - https://tailscale.com/kb/1408/quick-guide-exit-nodes?tab=macos
- Turn on Tailscale and set your MacBook to use the Exit Node you just set up - https://tailscale.com/kb/1408/quick-guide-exit-nodes?tab=macos
At this point, you should be able to use your MacBook to do all of the Remote Desktop connections to your work machines because the network connection of the laptop is being routed to your MacStudio.
You can run Tailscale on both Macs all the time without any issues, however you may want to only turn on the “Use an Exit Node” feature on your MacBook when you want the connection to be coming to/from your office network.
I use Tailscale as a VPN. Tailscale is installed on the home computer and all the computers you want to remote into. Tailscale assigns an IP address for each computer it is installed on.
I use NoMachine on my home Mac to connect to my office computers (iMac and MacBook Pro) over Tailscale. It is possible after remoting in to one computer to then use that computer to access other computers in the office, sort of like double-remote access. I do not use an exit note.
You can use WireGuaed server, or just use Tailscale which uses WireGuard but does a lot of the VPN setup work automatically.
Do you care about privacy and security on all your devices all the time or only on a single personal device and only when you’re connecting to work resources?
There is a lot to consider. Not all VPNs are created equal. All “free” VPN clients and services are highly suspect from a cybersecurity standpoint. All commercial VPNs that you pay for that are actively hosted and managed by others are similarly suspect. The devil is in the details and some offerings available are just security theater. A robust option is a self-hosted VPN (just one of many essential tools in your cybersecurity toolbox) but the learning curve is steep and the potential for missteps that critically endanger your cybersecurity capabilities is significant. All SSL-VPN protocols are suspect. You should be looking at IPSec VPN.
Ideally you’d setup a IPSec VPN configured and managed through a proper enterprise grade firewall at the business end and install a VPN client application on your work issued device (laptop/ phone). Ideally you would endeavor to protect both your work network and your personal network. I recommend using a zero trust access model with everything encrypted all the time. But this is likely way beyond your level of expertise. Hiring a professional IT integrator to help you is likely cost prohibitive. So at the very least, separate your firewall capabilities from your wireless network access capabilities by getting your Eero WiFi mesh network access points behind a proper firewall, even if it’s prosumer grade like a Firewalla Gold. Do this for both your office and your home network.
In a nutshell, Eero is not designed to serve as a VPN server or client. Even with the Eero+ subscription, there is not the capability to set this up using Eero. Eero will allow VPN traffic to pass through the device but there is work to be done in order to do so appropriately and securely. If not done correctly, you can inadvertently open your network (or both networks) to the Internet and compromise.
There are other networking products that would allow you to setup point-to-point (P2P) VPNs between sites along with specific rules to protect both your home and work networks appropriately. I’m sure there are also third-party VPN products that allow pseudo-P2P by using an Internet-based connection point along with software installed in both devices in your home and office. Doing this negates the need to open ports on your Eero networks and potential risk.
Thank you for the info. I will look in to it right away. I tried setting up port forwarding for the computer I will be removing in to, to be able to circumnavigate some of the finer issues, but my business Eero is in bridge mode and you cannot do port forwarding and bridge mode at the same time. I don’t know what bridge mode is or why it is in that mode but I can tell you when I changed it, it broke the connection of every machine in the shop to my server and printers and all kinds of other stuff.
I understood 17% of that.