Need Wake on LAN help or Alternative Solution

tagit446

Hi, I am using the latest pfsense and I am trying to find a way to wake a pc on my network from a remote location. The pc I want to wake is a windows 10 pro machine doubling as a Plex sever.

I will be going away on vacation in a few months and would like to have access to the movies on my Plex server but at the same time I do not want to leave my Plex server pc turned on for the whole week I am gone.

I have read that I can have the pc sleep and turn it on remotely using Wake-On-LAN. The pc will go back to sleep after it is inactive for a set amount of time.

The problem is that I do not know the best way or any way for that matter to send the WOL magic packets while away and on a network other than my own.

I know pfsense can do WOL which I have tested locally and does work but what about when I am away from home? I have also read that I should not setup pfsense in a way that allows access to the WAN from an outside network, so what are my options?

JKnott

I'd say the best way is to use ssh to reach your firewall and run WOL from there. It is possible to relay WOL, but I don't think you'd want to allow that over the 'net.

tagit446

@jknott said in Need Wake on LAN help or Alternative Solution:

I'd say the best way is to use ssh to reach your firewall and run WOL from there. It is possible to relay WOL, but I don't think you'd want to allow that over the 'net.

Thanks for the info jknott.

Is there a guide for setting up SSH?

I'll be honest, at this point I do not even know how to access pfsense from outside of my own network.

Also, I forgot to mention in my first post that I do have a FreeDNS (afraid.org) account but haven't set it up in pfsense yet and I also have a VPN account through ExpressVPN. Currently I am using the VPN on my whole network except the subnet which the plex server is on because the Plex Server is on my gaming pc and one of the games I play won't work with a VPN. I do however have pfsense setup so that I can easily turn the VPN on and off for said pc using 2 different firewall rules.

Also, is it possible to SSH in to pfsense using an iphone 6? If not I could use my laptop.

tagit446

I was able to setup SSH using Termius on my iphone6 and puttygen to create the keys.

I am not sure if it is a configuration error but I can log into pfsense console but not the webgui from my iphone.

Given this I do not see how I can send a WOL packet to my pc.

Please forgive my ignorance but is it possible to ssh into the webgui or just the console?

If just the console, how do I send the WOL packet to my pc?

NogBadTheBad

Set up a VPN on your pfSense router then do it from the web browser or via SSH.

You'll also need the VPN to access your plex server unless you port forward to it.

https://www.netgate.com/docs/pfsense/vpn/ipsec/configuring-an-ipsec-remote-access-mobile-vpn-using-ikev2-with-eap-mschapv2.html

[2.4.3-RELEASE][admin@pfsense]/root: /usr/local/bin/wol --help
Usage: /usr/local/bin/wol [OPTION] ... MAC-ADDRESS ...
Wake On LAN client - wakes up magic packet compliant machines.

    --help          display this help and exit
-V, --version       output version information and exit
-v, --verbose       verbose output
-w, --wait=NUM      wait NUM millisecs after sending
-h, --host=HOST     broadcast to this IP address or hostname
-i, --ipaddr=HOST   same as --host
-p, --port=NUM      broadcast to this UDP port
-f, --file=FILE     read addresses from file FILE ("-" reads from stdin)
    --passwd[=PASS] send SecureON password PASS (if no PASS is given, you
                    will be prompted for the password)

Each MAC-ADDRESS is written as x:x:x:x:x:x, where x is a hexadecimal number
between 0 and ff which represents one byte of the address, which is in
network byte order (big endian).

PASS is written as x-x-x-x-x-x, where x is a hexadecimal number between 0
and ff which represents one byte of the password.

Report bugs to <krennwallner@aon.at>
[2.4.3-RELEASE][admin@pfsense]/root: /usr/local/bin/wol -i 172.16.2.21 a8:20:66:10:fc:b7
Waking up a8:20:66:10:fc:b7...
[2.4.3-RELEASE][admin@pfsense]/root:

NogBadTheBad

@tagit446 said in Need Wake on LAN help or Alternative Solution:

Also, is it possible to SSH in to pfsense using an iphone 6? If not I could use my laptop.

Prompt from the Apple store will do it, but if you set up a VPN you could just connect via https.

JKnott

@nogbadthebad said in Need Wake on LAN help or Alternative Solution:

Prompt from the Apple store will do it, but if you set up a VPN you could just connect via https.

Why VPN or HTTPS, when SSH is all that's needed. PfSense already has SSH availalble. All he needs is a SSH client to connect to the fireall, a rule to let him in and then just issue the WOL command.

NogBadTheBad

The IP address where he’s connecting from may change, not all ISPs supply a fixed IP address.

Also if you don’t create a VPN that suggests that ssh and the service Plex is using is available on the WAN interface.

VPN is more secure.

It’s not just WOL that’s required even if that’s all that was asked by the OP.

JKnott

1. the address he's connecting from should be irrelevant. I often use SSH from various elsewhere.
2. SSH is already available, without having to do anything else. It's built into the FreeBSD that pfSense is based on.
3. All he has to do on pfSense is create a rule that lets it in. I currently have NAT set up to allow access to my main computer, but it could just as easily be set up to allow connection to pfSense.
4. You can configure SSH to use a private/public key pair for security, which is a lot harder to break than a password. Security would be similar to a VPN or HTTPS
5. All he needs to add is a SSH client. Linux comes with one and Windows users can use Putty. There are also SSH clients for Android and probably iOS. Given that MAC OS is also BSD based, it would have a built in client too.

Once he's at the command prompt, he simply issues the WOL command, though it's also possible to use SSH to connect and enter the command in one operation. SSH is by far the easiest operation, unless he already has a VPN available. In that case, simply run SSH through the tunnel and forget about the rule to allow it in from the Internet.

NogBadTheBad

Yes but he’s not going to be able to view his his plex content is he!

It’s the address he’s connecting from that’s the issue.

JKnott

@nogbadthebad said in Need Wake on LAN help or Alternative Solution:

Yes but he’s not going to be able to view his his plex content is he!

It’s the address he’s connecting from that’s the issue.

His question was about WOL, that is remotely starting a computer. Whatever happens after that is another matter.

tagit446

Hi JKnott & NoBadTheBad, thank you both for all of the info.

Sounds like there is a few different ways to go about this from your comments and I have to admit I am a bit confused on which would be the best way to go.

Let me try to clear up a few things from my end.

I do use PPPoE for my internet and yes from time to time my IP does change.

I do have a VPN account with ExpressVPN and used them to setup OpenVPN on my firewall.

I do have a dynamic DNS account with afraid.org (FreeDNS) but don't have it setup. I thought I might need it since my public IP can change.

After Jknott's first reply I did set up SSH using a private/public key and put an SSH client on my iPhone (Termius). I can access the pfsense console locally from the iphone but not the webGUI.

I still want to explore each of your solutions so maybe we can work through each one. I do need a working solution but I also would like to learn how to do each and then decide on what works best for me.

Concerning SSH, since I got this set up lets start there.

1. How do I SSH into the webGUI or is it not possible?
2. What URL do I use to access remotely from someone else's network, would it be my public IP?
3. If i cannot SSH into the webGUI, how do I issue a WOL command from the console?

JKnott

@tagit446 said in Need Wake on LAN help or Alternative Solution:

How do I SSH into the webGUI or is it not possible?

Depends on the operating system. On Linux and other Unix based OSs, very easy. You can use the ssh -X command to run a graphical interface app. Others, I couldn't say.

tagit446

@jknott said in Need Wake on LAN help or Alternative Solution:

@tagit446 said in Need Wake on LAN help or Alternative Solution:

How do I SSH into the webGUI or is it not possible?

Depends on the operating system. On Linux and other Unix based OSs, very easy. You can use the ssh -X command to run a graphical interface app. Others, I couldn't say.

I would be SSHing ing from either IOS 11 on an iPhone or from a windows 10 home laptop.

stephenw10

I would definitely setup a VPN here. Why would you not do that if you can? I use it all the time just for tunneling my traffic if I'm on some untrusted network somewhere.

SSH is always useful, especially if you setup an SSH proxy. Never tried that from iOS though.

Why not both?

Steve

NogBadTheBad

Have you thought how your going to access your plex content?

SammyWoo

@tagit446 This thing is oftenly referred to as WOW (Wake on WAN) if u need to Google it.

I just did it the "easy" way, port forward port 7 (if I recall correctly, not at home at the moment), I also forgot whether I port forwarded to the actual mask, or the broadcast mask (255.255.255.255), try both see which one works. Only caveat is, anybody can wake your box, but so what? let them, they can't do anything else, unless you let them right.

Now this is only the wake portion. How you actually access your box is a separate deal.

tagit446

Ok, so i'm still exploring everything that has been said but want to ask if the following would work.

First, as I mentioned before, I have a VPN account with ExpressVPN. Currently I am using OpenVPN via ExpressVPN setup on my entire pfsense network except for the PC in which my Plex Server is setup on. When I connect to the internet with this PC it goes through my ISP instead of the VPN. According to the remote access settings in Plex I should be able to access Plex remotely from out side of my network but I have not been able to verify it yet.

With that said, I also have a app from ExpressVPN installed on my iPhone so that I can tunnel my phone internet traffic through ExpressVPN regardless of who's internet I am using. I also have now setup Dynamic DNS on pfSense. So is this as simple as....

1. When using someone else's network, start my VPN app.
2. Connect to my pfSense firewall by going to the URL I got from Dynamic DNS host? For example, would going to http://mychoosenName.mooo.com take me to my pfsense's webgui login?
3. In pfSense, Send WOL to my Plex Server/PC.

If what I am asking could be working solution, is there anything else I would need to configure in pfSense to make this work or any security issues I should be aware of?

Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not.

SammyWoo

"Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not."

No you do not. U maybe able to use your smart phone cellular network...

SmartPhone -> cellular -> Internet -> YourISP -> YourBroadbandWAN.

tagit446

@sammywoo said in Need Wake on LAN help or Alternative Solution:

"Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not."

No you do not. U maybe able to use your smart phone cellular network...

SmartPhone -> cellular -> Internet -> YourISP -> YourBroadbandWAN.

Palm to face.. you are absolutely right lol. I've had my iPhone for 4 years and in that time I have never turned on the data as it has only one gig shared between myself and my wife's phone. Just always connected it to wifi and didn't give the cellular data a thought. I swear, sometimes I do a good job at embarrassing myself...