How to get a static IP if I am not a business

I work remotely and recently I have to connect (ssh) to a server that uses IP tables for security. That’s when I discovered my ISP (Bell) changes my IP very often. My current solution is to call IT and ask them to update my IP address, but this has become quite frustrating for the department responsible for doing the work. There are now longer delays before the update simply because the work pace for the department has increased, and someone has to find the time.

Bell will not assign me a static IP unless I am a business. My searches show answers from people hosting websites for their businesses, which is not my case at all. Is there a way I can get a static IP without switching my ISP?

It seems like a VPN is needed.

The real solution would be a bastion host at your office that you can log into using their remote access methods. From there, you could use the office connection, which is likely to have a static external IP.

Have you tried talking to your IT department to ask for a better solution? It seems you’re caught in an XY problem.

Your IT team is not very competent. Just tell them directly.

No business requires static IPs for remote workers. What are you actually doing?

You could get a business internet account at home and pay extra for (1) business-class support; and (2) static IP. Or your company could implement a better method for allowing access to their server, such as a WireGuard VPN or other VPN protocol.

Your company should have a VPN that manages this. Connecting over an insecure network is a serious problem.

I posted this a few days ago: https://www.reddit.com/r/HomeNetworking/s/2jTcd4W41J

You can rent a virtual server at providers like DigitalOcean, Linode, etc., which will have a static IP. Install WireGuard on it and on your home PC. That way, you have a static IP. You are essentially tunneling through a VPN, with a static IP at the exit node. It costs only a few dollars a month (around $5).

This is a technical workaround for a simple problem.

To bypass my carrier-grade NAT and constantly changing IPs for my domains across multiple ISPs, I rent a VPS with a static IP, set up OpenVPN on it, create an IPsec tunnel between it and my home router, and route specific traffic through this tunnel to maintain a static IP.

To simplify setup (since not all routers support this), you can install OpenVPN and connect from your laptop to the VPS, then SSH from there. This setup provides a static IP independent of your home network.

Your employer is unreasonable. They shouldn’t rely solely on IP whitelisting. You could set up a VPS on AWS or similar and tunnel your traffic through it, ensuring your IP remains constant.

Your company is doing it wrong, but probably you can’t change their policy. Just know you work under some poorly managed policies.

This attitude from your IT department is lazy and dangerous. Static IP whitelists are no more secure than DHCP IPs, and may even be less secure.

I see posts like this often today. It’s likely a symptom of an outdated or poorly managed remote access policy.

that uses IP tables for security

Seriously?

Tell me the name of the company so I never do business with them.

Tell your IT department to adopt software solutions. VPNs, domain-based access controls, OAuth, etc. There are many options that don’t require IP whitelisting. What if you’re traveling?

Would dynamic DNS work? ddns

My searches show answers from people hosting websites for their business, which isn’t my case at all

If hosting websites for a business, use external hosting services like GoDaddy, AWS, or Azure.

For office connections, VPN is the usual method, so a dynamic home IP isn’t necessary.

Not certain about your specific case or needs.

Many ISPs do not provide static IPs to residential users. Use DYNDNS or similar services.

You could also ask your IT to configure port knocking on the server you’re SSHing into.

iptables could be configured to dynamically add your new IP after receiving connection attempts on predefined ports in order.

Your IT team should either set up a VPN or provide a router with SD-WAN connection back to their network.

Try DDNS. It has worked for me.