So, my friend has a fully-remote job, but his employer only allows him to work within the state the company is based in. He is planning to move outside of that state, but isn’t prepared to quit his job yet.
To evade detection from IT, this friend wants to set up some sort of VPN tunnel to leave with a relative within the original state, to route the traffic from his work laptop (which is locked down via JAMF software) through. The family he’s leaving this setup with isn’t tech savvy, and wouldn’t be able to troubleshoot anything beyond powercycling a device or plugging in an ethernet cable.
What would he need to do to set up such a tunnel, ideally with remote access to adjust settings/troubleshoot, and how does he ensure that his work laptop never exposes an out-of-state IP to his employer?
Apologies, mods, if this post falls under Rule 3 for “professional” help.


Raspberrypi with pivpn. Put it right next to the router. Can possibly be powered by the routers usb port as well. Connect with ssh to administer. Easy as pie.
For always staying on the vpn: Get a pfsense router and configure it to always connect to the vpn and route all traffic through it.