How can I use my Mac at work from home (not using terminal/ssh)?

For Dave from Greenhaven, I still think TailScale.com would be the least hassle. It would deal with the NAT router issues (shared IP address), would encrypt traffic between the 2 Macs, and make it simple to just use built-in macOS Screen Sharing.

I get the impression that Dave from Greenhaven works in a small business, or has his own small business, and does not work for a Fortune 500 company. So setting up a VPN server at work would be a big hassle. That is why TailScale.com would be ideal for Dave, as it would give him the benefits of a VPN, without the hassle of setting up his own VPN server.

On a personal note, I do work for a Fortune 500 company, and we have to use the Cisco AnyConnect VPN client to access work. Before I started working from home full time, I would the same things Luis does. My work Mac had a corporate IT assigned fixed IP address with a corporate assigned domain name.

I would use Cisco AnyConnect to connect to work, then Finder -> Go (menu) -> Connect to server-> vnc://corporate.assigned.domain.name

But I do not think Dave has that luxury, and has to be his own IT guy.

The other approach, if Dave can ssh into his work Mac, is to set up a VNC tunnel.

ssh -L 59022:localhost:5900 address.that.connects.work.mac

Then Finder -> Go (menu) -> Connect to server-> vnc://localhost:59022

The fun part is making the ssh connection.

For my Macs at home and when connecting to my Mom’s Mac, I have to configure my home router to port forward a high numbered port to the inside the house Mac’s ssh port 22. Then I can use an ssh tunnel

ssh -p high-numbered-port -L 59022:localhost:5900 home.router.ip.address

And the Connect to server -> vnc://localhost:5900

to make life easier, get a free dynamic DNS name from No-IP.com, but that then requires running software in the destination Mac to to keep the dynamic DNS name up to date if the ISP assigned IP address changes.

All in all, TailScale.com is much easier to setup and operate for a small business or user that needs to “Phone Home” while away.

One other way: Share your screen using Messages on Mac - Apple Support This works, but expects a user to approve the sharing request. Whether somebody can approve the session?

As an alternative to the ARD product (which does screen sharing and much more), the built-in screen sharing client works:

Share the screen of another Mac - Apple Support

(Once initially launched, I usually drag that app icon into the Dock to make it easier to get at for next time.)

The difficulty with ARD and Screen Sharing is establishing the path into the target system, as firewalls will block this access. This usually means a VPN into the target firewall or punched all through into the target Mac. If you don’t VPN, be very careful with which remote hosts can access VNC/ARD/screensharing, as the riffraff routinely poke at that port.

ssh used to be able to kickstart to trigger an ARD session, but that support was removed in macOS 12, and the only way available now is via MDM:

… Use MDM to enable Remote Management in macOS - Apple Support

… Enable remote management for Remote Desktop - Apple Support

Here are some threads with replies of mine with some remote-access-related configuration info:

… how do I setup ARD to work across the int… - Apple Community

… What is needed in terms of network protoc… - Apple Community

… Apple Remote Desktop Over WAN - Apple Community

As for a completely different approach, iCloud Files and Documents allows multiple Macs to be configured for sharing the same files. This isn’t screen sharing, it’s file sharing via iCloud.

I do all that without any third party software, or even Apple Remote Desktop.

NOTE: My workplace has a real VPN. Macs have VPN support built-in. There is no reason to use those pesky "public VPN"!

1) I asked the IT department to assign a fixed (local) IP to my own mac.

2) In my work Mac, I turned on Screen Sharing in System Settings->General->Sharing

3) From home, I connect to the work VPN. (at this point, I am virtually on my workplace network; that is, it is as if I my home mac were connected to an ethernet plug in my office)

4) I connect to my work mac: it can be done either by using the Screen Sharing application (built-in to every mac), or by entering the remote connection URL in Safari:

vnc://your.workmac.ip.address

• actually, I can use a name instead of the URL, because I manually added an entry to /etc/hosts in my home mac:

vnc://mymacname

Your work network would need to be configured to allow you to connect into it. That would normally be done with a VPN (a real one, not the bogus privacy scam ones advertised all over claiming to protect you from evil trackers).

Your work network should have a hardware preventing access to the network from the internet. Basically you have to poke a hole in that firewall. There are secure and unsecure ways to do that. A VPN is one secure way to do that. You should not provide access to devices on that network because if you can access it, everyone else has access, too. It might be harder for them to get into, but there is a vector.

TeamViewer or ARD would require being allowed into the work network, also.

ARD requires a paid component. The client is built into macOS, but the management computer needs to be running the paid ARD software.

Dave from Greenhaven wrote:

…We have a couple of people that like to work remotely so I'm hoping to set up point to point remote access. Yes, we use NordVPN as our paid VPN.

First-few-hops VPNs protect agains a problem that largely hasn’t existed for a decade or so, and too often badly, and too often with privacy and security concerns.

This case would usually involve an end-to-end VPN and not a first-few-hops VPN app, and the end-to-end VPN works rather differently from how the first-few-hops VPN apps work.

An IPSec/L2TP VPN client is built in, among other choices.

I am going to suggest TailScale.com

A copy running on your home Mac, and a copy running on your work Mac.

TailScale.com will make both Macs think they are on the same local area network, and you will be able to use macOS Screen sharing.

NordVPN is ilk are not a VPN. They are just scams using fear, uncertainty, and doubt to get you to give them money or your information. They do use obfuscation to anonymize your Internet activity to the rest of the world.

The VPN we are talking about is a piece of hardware that isolates your internal network from the rest of the world, but allows certain users to get in to the network and use it as if they are connected to it directly Inside the network

Embedded VPN servers are my preference for small configurations, such as those from Zyxel with the USG series, or otherwise. Various of these can tie into dynamic DNS services, as well. I’d not typically choose Cisco gear here, as they’re not in the same market.

But this also gets back to remote screen-sharing services also being a reasonable approach, too. They deal with this stuff.

I'm talking about the computer you are using to connect to the others. ARD is a management tool.

Yes, we use NordVPN as our paid VPN.

NordVPN isn't a real VPN. It is a collection scheme for all of your browsing history.