SuicideFuel any ITcels proficient with networking? I need help

[svgmn1]

Ok, I'm asking for your help because my situation feels pretty limited or constrained

For the small company I work for, we have a time attendance logging device connected to their wifi router by an ethernet cable, however this device doesn't have web access or wifi (brutal #1)

The device is managed by it's software, installed on a laptop that must be connected to the same network (brutal #2)

What I want however is make it accessible from other/outside networks, so what I did try was port forwarding and assigned a static IP for this shitty time attendance logging device, however because I live in a sandnigger mid east shithole (brutal #3) I forgot the fact that even if I disable all the networks route dhcp for every point, all the way to the ubiquities nanostation - since we're still on wireless/ptp over the air internet (brutal #4) and forwarded the port/ip of the attendance device, it would be meaningless because all the ISPs here don't provide a real,fixed and public WAN IP due to the use of carrier NAT (brutal #5) so my public IP/network will always be managed by the isp or different and seperated from my companies private network/ip (brutal #6) so port forwarding by the router's configuration page/os is kind of useless here.


My question is: provided the situation and that the router is working 24/7 with internet access with the attendance device in its network, is there any practical and free way that can forward the device to outside networks over the internet besides having to leave a computer working in the company open all the time and having to remote access it to it or pay bux for some service?

 

[Paladin]

I read this as "incel tears cels"

 

[svgmn1]

I read this as "incel tears cels"

information technology is anti incel confirmed

 

[nazianime]

Tailscale It’s free for 5 devices it’s vpn software using the wire guard protocol.

Would be easier if you could directly install tailscale on the attendance device but since it’s stupid you need your router/firewall to do all the work. So the attendance machine has its own fixed local ip you assigned, if your firewall/router supports tailscale then you can install it and add what you want pathways you want advertised (only the attendance machine ip) so tail scale can only access a specific device ip or else the whole network will be open to the outside person.

Then the exterior person needs only to have tailscale installed and the software for the attendence machine. But you need to create two accounts in the tailscale ui, one for admin (you) with all management permissions and one for the exterior person (only has attendance machine access).

Also if the connection is between two offices of the same company you can do site to site and make the network “one” just make sure they are on different ip ranges or else you are going to get conflicts when you try and access a remote machine and it reverts to a local machine with the same ip.

Also if you want to be an ass kisser and your boss has cameras it’s a good way to have remote access from home so you can always watch the business cams even after hours. Without an extra payed service. If you have a local dvr setup and not a cloud like nest or whatever e garbage cloud shit there is. Really works for anything using the network, servers, machines, sensors that monitor stuff, printers

 

[svgmn1]

Tailscale It’s free for 5 devices it’s vpn software using the wire guard protocol.

Would be easier if you could directly install tailscale on the attendance device but since it’s stupid you need your router/firewall to do all the work. So the attendance machine has its own fixed local ip you assigned, if your firewall/router supports tailscale then you can install it and add what you want pathways you want advertised (only the attendance machine ip) so tail scale can only access a specific device ip or else the whole network will be open to the outside person.

Then the exterior person needs only to have tailscale installed and the software for the attendence machine. But you need to create two accounts in the tailscale ui, one for admin (you) with all management permissions and one for the exterior person (only has attendance machine access).

Also if the connection is between two offices of the same company you can do site to site and make the network “one” just make sure they are on different ip ranges or else you are going to get conflicts when you try and access a remote machine and it reverts to a local machine with the same ip.

thank you for the response
tailscale means a laptop because the attendance logging device doesn't support software installation and doesn't even have web access. if the wifi router or the attendance machine could install apps this would've been much easier.
I'm contemplating about flashing openwrt on the wifi router for that reason too since they have an old xiaomi ac router, but that would be too much work and personally I never did it but watched someone do it before.

Also if you want to be an ass kisser and your boss has cameras it’s a good way to have remote access from home so you can always watch the business cams even after hours. Without an extra payed service. If you have a local dvr setup and not a cloud like nest or whatever e garbage cloud shit there is. Really works for anything using the network, servers, machines, sensors that monitor stuff, printers

They do have a dvr and cameras setup by someone else since I only work on printers and the attendance as well as office/desk tasks, you're telling me there's a way to access the network by dvr? I'm not knowledgeable when it comes to surveillance cameras, if there is it might be a practical solution.

 

[nazianime]

thank you for the response
tailscale means a laptop because the attendance logging device doesn't support software installation and doesn't even have web access. if the router or the attendance machine could install apps this would've been much easier.
I'm contemplating about flashing openwrt on the router for that reason too since they have an old xiaomi ac router, but that would be too much work

How about since the attendance machine needs a laptop on the same network with the software running to even work. Turning that laptop into an RDP server and get chrome installed with a remote access plugin?

Only downfall is it’s more prone to being unreliable if you run 100% unattended access. As in you need to be logged in to windows and chrome needs to be running, computer cannot be asleep.


View: https://youtu.be/H6ab8UGr4E4


Really depends on how you want to tackle the problem.

Either you
A. Have a computer available that has installed the attendance machine software on the same network as the attendance machine and running a remote access software. Rustdesk is free and allows unattended access. Only downside is if someone turn off the computer you loose access or if an update bricks it you loose access. Also the final user needs rustdesk installed to view the remote machine.


B. You run tailscale so you can tunnel into the network and bypass all NAT. But on the user end they need tailscale installed and running and also have the software needed for the attendance machine. But it is more reliable as long as the attendance machine is powered and the network is up it works.

 

[svgmn1]

How about since the attendance machine needs a laptop on the same network with the software running to even work. Turning that laptop into an RDP server and get chrome installed with a remote access plugin?

Only downfall is it’s more prone to being unreliable if you run 100% unattended access. As in you need to be logged in to windows and chrome needs to be running, computer cannot be asleep.


View: https://youtu.be/H6ab8UGr4E4


Really depends on how you want to tackle the problem.

Either you
A. Have a computer available that has installed the attendance machine software on the same network as the attendance machine and running a remote access software. Rustdesk is free and allows unattended access. Only downside is if someone turn off the computer you loose access or if an update bricks it you loose access.


B. You run tailscale so you can tunnel into the network and bypass all NAT. But on the user end they need tailscale installed and running and also have the software needed for the attendance machine. But it is more reliable as long as the attendance machine is powered and the network is up it works.

Thanks for the response again
Neither because we take all the laptops home after work and all laptops are assigned for employees.

But I know now that the only way through is flashing openwrt for running tailscale on the wifi router all the time.
tailscale is simple and I used it before but I'm hesistant about openwrt, I will have to explain to them that this process is useless unless they want to spend few money on an additional computer/laptop for remote access because I'm likely not risking something I didn't experiment on before, especially knowing that the wifi network I setup for this place consists of multiple wifi routers of different vendors some of them bridged to the main xiaomi router.

on the flip side for this coin I could really use this chance to learn openwrt and won't be hesitant about flashing it in the future

 

[nazianime]

Thanks for the response again
Neither because we take all the laptops home after work and all laptops are assigned for employees.

But I know now that the only way through is flashing openwrt for running tailscale on the wifi router all the time.
tailscale is simple and I used it before but I'm hesistant about openwrt, I will have to explain to them that this process is useless unless they want to spend few money on an additional computer/laptop for remote access because I'm likely not risking something I didn't experiment on before, especially knowing that the wifi network I setup for this place consists of multiple wifi routers of different vendors some of them bridged to the main xiaomi router.

on the flip side for this coin I could really use this chance to learn openwrt and won't be hesitant about flashing it in the future

I have done small business networking and I can say is they can’t expect and give you a couple rocks and make something usable of it. At one point you need to invest money.

But if you want cheap pc, look into thin clients. Some can still run windows 10/11 ltsb and are fast because they don’t have the bloat regular windows has. I installed windows 10 ltsb into a quad core with 8gb ram and an 128gb ssd and it ran as good as modern pc. Yea it’s not going to play games but it just runs a industrial machine so it works fine. If you got old printers too that use usb only it can double as a print server for a shared printer.

I stated the same way you did with dwwrt and then moved to pfsense and opsense. With omada/ ubiquiti.

I mean if you really want to get into advanced stuff you can also try to get a pc with 12-16 gb ram and a 6 core processor and install proxmox. Then you can setup a opsense/ pf sense vm for the firewall/ routing and a windows vm to handle the attendance machine software and just allow rdp access.

 

[svgmn1]

I have done small business networking and I can say is they can’t expect and give you a couple rocks and make something usable of it. At one point you need to invest money.

But if you want cheap pc, look into thin clients. Some can still run windows 10/11 ltsb and are fast because they don’t have the bloat regular windows has. I installed windows 10 ltsb into a quad core with 8gb ram and an 128gb ssd and it ran as good as modern pc. Yea it’s not going to play games but it just runs a industrial machine so it works fine. If you got old printers too that use usb only it can double as a print server for a shared printer.

I stated the same way you did with dwwrt and then moved to pfsense and opsense. With omada/ ubiquiti.

I mean if you really want to get into advanced stuff you can also try to get a pc with 12-16 gb ram and a 6 core processor and install proxmox. Then you can setup a opsense/ pf sense vm for the firewall/ routing and a windows vm to handle the attendance machine software and just allow rdp access.

tailscale solved it
Also turns out that flashing openwrt was harder than I expected

Turns out the process of flashing openwrt on these propietary home wifi routers literally involves exploiting niche cves in their firmwares then sshing into them to flash the kernel. it was quite messy and risky because any wrong move could mean bricking the chink router

luckily things sailed smooth with copypasting and now I can access the router from a foreign network safely