Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Initiating a WOL when router is behind a VPN?

    Scheduled Pinned Locked Moved OpenVPN
    wolddnsvpn
    19 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hansolo77 @Gertjan
      last edited by

      @gertjan said in Initiating a WOL when router is behind a VPN?:

      Or, as usual : add or change a ICMP firewall rule

      I'm so newb I don't even know what ICMP is.. so I think it's safer to just leave it alone. I'll check that Private answers to ping too.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @hansolo77
        last edited by

        @hansolo77

        @hansolo77 said in Initiating a WOL when router is behind a VPN?:

        I don't even know what ICMP is

        I'll make it easy for you. The answer is one click away 😊

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        H 1 Reply Last reply Reply Quote 0
        • H
          hansolo77 @Gertjan
          last edited by

          @gertjan That's incredibly unhelpful. :( I mean, OK, it's a protocol. Why would the suggestion be that I have to add or change an ICMP firewall rule, if this "verify a PC is on" function is built into pfSense already? I don't understand. If there is some other step I have to do, ON the firewall, to make a function ON the firewall work, that just doesn't make any sense. Sure, if I had to do something on the PC, that's different. Sorry I'm so lost.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @hansolo77
            last edited by Gertjan

            @hansolo77 said in Initiating a WOL when router is behind a VPN?:

            That's incredibly unhelpful

            I get it.
            I was just helping you with : "I don't even know what ICMP.

            Consider :

            99c6bca3-f21d-495b-8535-bd670b1d04fc-image.png

            How does the widget knows the device is off line ?
            Because it doesn't reply on pings = ICMP echo request packets.

            @hansolo77 said in Initiating a WOL when router is behind a VPN?:

            Is the widget broken when it comes to showing up/down or am I missing something else?

            Most probably not, as in that case you should see many posts here on this forum with the same observation.
            If the widget says : "down" then the ping requests send to your device doesn't come back with an answer because it doesn't want / can't answer, or it is off line.

            You should check the firewall of the Windows PC if it is enabled to reply on pings.

            @hansolo77 said in Initiating a WOL when router is behind a VPN?:

            but Windows 10 blocks pings

            This is not a standard behaviour at all : you changed the network settings of that PC, like adding software that changes its firewall ?

            If you can not pint that PC using pfSense > Diagnostics > Ping then your issue is with that PC.

            I presume you do not have a router between pfSense and that PC, just a cable or a switch.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            H 1 Reply Last reply Reply Quote 0
            • H
              hansolo77 @Gertjan
              last edited by hansolo77

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • H
                hansolo77
                last edited by hansolo77

                @gertjan
                I think I might have fixed the problem. At first, I had a suspicion that it might be because the network connection is complicated. This PC has 2 connections.. one is a 10gb NIC, the other is the motherboard's onboard 1gb. The 10gb doesn't allow WOL, so I also enabled the 1gb specifically for the WOL. I've had some trouble with the 1gb, in that Windows doesn't like it when I have both NICs using the same gateway. So I thought maybe that might have been the problem. When I got home today, I decided I would experiment with that to see if I could make it work. Before doing anything, I also decided to "start fresh" by rebooting all the systems, PC's, modem, router. Surprisingly, I think rebooting the pfSense router was all I had to do. The widget now shows the PC in question is UP. I will monitor this and see if it correctly reports DOWN when I get home from work tomorrow, and UP again when I wake it.

                Lol, guess I was wrong. Now it's stuck saying it's on all the time. ^_^ Why can't I be smarter than this. :(

                Going back to my original theory.. I think it's the way my 1gb network is setup. I can ping it from a command prompt on another computer. But if I use the the Ping from pfSense, it gives me 100% loss. If I ping the 10gb network, it comes back with 0% loss, and works with command prompt too. So the question now becomes, what's different between the 2 connections? Besides the IP address, they pretty much match EXCEPT for the fact that I have to leave the "Default Gateway" blank or Windows complains. If that's a requirement, I don't know how to get around it.

                Here is the breakdown of my network connections. 10g is an SFP+ Addon NIC running cat6 to the pfSense. 1g is on motherboard running cat5 to the pfSense. The 3rd NIC is setup but nothing is connected and it's disabled. They are using only IPv4 not IPv6. Also, this is after I tried putting a gateway address into the 1G.

                Name:	10G
Description:	Mellanox ConnectX-3 Ethernet Adapter
Physical address (MAC):	*REMOVED*
Status:	Operational
Maximum transmission unit:	1500
Link speed (Receive/Transmit):	10/10 (Gbps)
DHCP enabled:	No
IPv4 address:	10.27.27.202/24
Default gateway:	10.27.27.1
DNS servers:	10.27.27.1, 8.8.8.8
Network name:	Network
Network category:	Public
Connectivity (IPv4/IPv6):	Connected to Internet / Connected to unknown network

Name:	1G - Left
Description:	Intel(R) I211 Gigabit Network Connection
Physical address (MAC): *REMOVED*
Status:	Operational
Maximum transmission unit:	1500
Link speed (Receive/Transmit):	1000/1000 (Mbps)
DHCP enabled:	No
IPv4 address:	10.27.27.220/24
Default gateway:	10.27.27.1
DNS servers:	10.27.27.1, 8.8.8.8
Network name:	Network
Network category:	Public
Connectivity (IPv4/IPv6):	Connected to local network / Connected to unknown network

Name:	1G - Right
Description:	Intel(R) Ethernet Connection (2) I219-V
Physical address (MAC):	*REMOVED*
Status:	Not operational
Maximum transmission unit:	1500
IPv4 address:	169.254.254.13/16
Connectivity (IPv4/IPv6):	Disconnected
                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @hansolo77
                  last edited by

                  @hansolo77
                  Yeah, two gateways won't work well at all. But when you remove the gateway, you cannot communicate with the NIC from outside the subnet.
                  As a workaround you can masquerade the packets going to 10.27.27.220 by adding an outbound NAT rule on pfSense.

                  H 1 Reply Last reply Reply Quote 0
                  • H
                    hansolo77 @viragomann
                    last edited by

                    @viragomann said in Initiating a WOL when router is behind a VPN?:

                    @hansolo77
                    Yeah, two gateways won't work well at all. But when you remove the gateway, you cannot communicate with the NIC from outside the subnet.
                    As a workaround you can masquerade the packets going to 10.27.27.220 by adding an outbound NAT rule on pfSense.

                    Attempted to do that, but probably didn't do it right (it didn't work). This is what I made:

                    Untitled.jpg

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @hansolo77
                      last edited by

                      @hansolo77
                      The source has to match the origin source address of the packets. If it’s unknown or a dynamic public address select „any“.
                      „This firewall“ will make no sense at all. If pfSense itself talks to the device it uses the interface IP anyway.

                      The protocol has to match to the communication as well. ICMP is for pongs, but not for WOL.

                      Also consider to set the outbound NAT to hybrid mode to have the rule take effect.

                      H 1 Reply Last reply Reply Quote 0
                      • H
                        hansolo77 @viragomann
                        last edited by hansolo77

                        @viragomann
                        I see. This is all still ridiculously new to me. I will make adjustments.

                        Yeah still not working. I'm about to give up on this.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.