Remote Work: How Global Corporations Do It vs. Our Smarter Approach

Since remote work became a global standard, transitioning from the office to the home environment has brought massive challenges. Whether you are an agency, an architectural studio, or a software firm, you face two main problems: data security and productivity.

When large corporations tackle this, they throw immense amounts of money at it. They buy bulky enterprise hardware, pay hundreds of euros monthly for various VPN licenses, and keep office computers running 24/7.

We decided to approach things differently. We wanted an infrastructure that offers corporate-level security, zero monthly license costs, and a smart ecological approach where hardware runs only when genuinely needed.

Global Standards vs. Our Ecosystem

Before we dive into the technical details, here is a clear comparison between the market "standard" and the closed ecosystem we implemented:

Step 1: The Brain of the Operation - Hardware and pfSense

A standard consumer router cannot handle complex firewall rules or advanced VPN encryption. That’s why we acquired a Mini PC with two LAN ports (one for WAN, one for LAN). We installed Microsoft Hyper-V (a hypervisor) on it to run virtual machines. (A great free alternative to this is Proxmox).

Our primary virtual machine is pfSense – the world’s most powerful open-source firewall router. It controls all incoming and outgoing traffic. Alongside it, we spun up a VM for Docker (needed for Step 3). This consolidated everything onto a single, affordable device.

Step 2: Secure Entry - WireGuard and Tailscale

To safely access office files from home, a VPN is required. We installed WireGuard within pfSense. Unlike older protocols, WireGuard is incredibly fast because it relies on modern cryptography. The setup requires generating key pairs for the router and the user's laptop.

Tailscale (or ZeroTier) is an even simpler alternative. It uses WireGuard under the hood but completely removes the need for manual port forwarding or DDNS. You install the app, log in via a Google or Microsoft account, and computers communicate as if they are in the same room.

Step 3: Ending Resource Waste - Docker and UpSnap

Leaving office computers on 24/7 is a huge waste of energy. In our setup, all computers go into "Sleep" mode. To wake them up remotely, we utilized the Docker platform on our Mini PC to host UpSnap.

UpSnap is a sleek web application accessible through our VPN. It shows which computers are online or asleep, displays their local IP address, and allows us to send a Magic Packet (Wake-On-LAN) to wake a sleeping PC with a single click.

Step 4: Direct Connection - Microsoft RDP

Since WireGuard places us directly inside our local network, we bypass commercial remote desktop software entirely. We use the free, built-in Remote Desktop Connection (RDP) in Windows.

By simply typing the IP address found in UpSnap and entering our standard office Windows password, we get our office desktop in full resolution with virtually zero latency.

System Drawbacks and Room for Improvement

1. Single Point of Failure: Our entire network relies on one Mini PC. If it fails, the office loses internet and remote access. Solution: Keep a cheap backup router on hand to plug in during emergencies.

2. Manual Onboarding: Setting up pure WireGuard for new employees is slower than just logging into a corporate app. Solution: Moving entirely to Tailscale would automate this process.

3. Dynamic IP Issues: We don't have a static IP from our ISP, so we use a free DDNS service from no-ip.com. The downside is it requires manual email confirmation once a month to keep the domain active. Solution: Pay for a premium DDNS, buy a static IP, or switch to Tailscale which doesn't care about public IP addresses.