Need Wake on LAN help or Alternative Solution
-
Yes but he’s not going to be able to view his his plex content is he!
It’s the address he’s connecting from that’s the issue.
-
@nogbadthebad said in Need Wake on LAN help or Alternative Solution:
Yes but he’s not going to be able to view his his plex content is he!
It’s the address he’s connecting from that’s the issue.
His question was about WOL, that is remotely starting a computer. Whatever happens after that is another matter.
-
Hi JKnott & NoBadTheBad, thank you both for all of the info.
Sounds like there is a few different ways to go about this from your comments and I have to admit I am a bit confused on which would be the best way to go.
Let me try to clear up a few things from my end.
I do use PPPoE for my internet and yes from time to time my IP does change.
I do have a VPN account with ExpressVPN and used them to setup OpenVPN on my firewall.
I do have a dynamic DNS account with afraid.org (FreeDNS) but don't have it setup. I thought I might need it since my public IP can change.
After Jknott's first reply I did set up SSH using a private/public key and put an SSH client on my iPhone (Termius). I can access the pfsense console locally from the iphone but not the webGUI.
I still want to explore each of your solutions so maybe we can work through each one. I do need a working solution but I also would like to learn how to do each and then decide on what works best for me.
Concerning SSH, since I got this set up lets start there.
- How do I SSH into the webGUI or is it not possible?
- What URL do I use to access remotely from someone else's network, would it be my public IP?
- If i cannot SSH into the webGUI, how do I issue a WOL command from the console?
-
@tagit446 said in Need Wake on LAN help or Alternative Solution:
How do I SSH into the webGUI or is it not possible?
Depends on the operating system. On Linux and other Unix based OSs, very easy. You can use the ssh -X command to run a graphical interface app. Others, I couldn't say.
-
@jknott said in Need Wake on LAN help or Alternative Solution:
@tagit446 said in Need Wake on LAN help or Alternative Solution:
How do I SSH into the webGUI or is it not possible?
Depends on the operating system. On Linux and other Unix based OSs, very easy. You can use the ssh -X command to run a graphical interface app. Others, I couldn't say.
I would be SSHing ing from either IOS 11 on an iPhone or from a windows 10 home laptop.
-
I would definitely setup a VPN here. Why would you not do that if you can? I use it all the time just for tunneling my traffic if I'm on some untrusted network somewhere.
SSH is always useful, especially if you setup an SSH proxy. Never tried that from iOS though.
Why not both?
Steve
-
Have you thought how your going to access your plex content?
-
@tagit446 This thing is oftenly referred to as WOW (Wake on WAN) if u need to Google it.
I just did it the "easy" way, port forward port 7 (if I recall correctly, not at home at the moment), I also forgot whether I port forwarded to the actual mask, or the broadcast mask (255.255.255.255), try both see which one works. Only caveat is, anybody can wake your box, but so what? let them, they can't do anything else, unless you let them right.
Now this is only the wake portion. How you actually access your box is a separate deal.
-
Ok, so i'm still exploring everything that has been said but want to ask if the following would work.
First, as I mentioned before, I have a VPN account with ExpressVPN. Currently I am using OpenVPN via ExpressVPN setup on my entire pfsense network except for the PC in which my Plex Server is setup on. When I connect to the internet with this PC it goes through my ISP instead of the VPN. According to the remote access settings in Plex I should be able to access Plex remotely from out side of my network but I have not been able to verify it yet.
With that said, I also have a app from ExpressVPN installed on my iPhone so that I can tunnel my phone internet traffic through ExpressVPN regardless of who's internet I am using. I also have now setup Dynamic DNS on pfSense. So is this as simple as....
- When using someone else's network, start my VPN app.
- Connect to my pfSense firewall by going to the URL I got from Dynamic DNS host? For example, would going to http://mychoosenName.mooo.com take me to my pfsense's webgui login?
- In pfSense, Send WOL to my Plex Server/PC.
If what I am asking could be working solution, is there anything else I would need to configure in pfSense to make this work or any security issues I should be aware of?
Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not.
-
"Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not."
No you do not. U maybe able to use your smart phone cellular network...
SmartPhone -> cellular -> Internet -> YourISP -> YourBroadbandWAN.
-
@sammywoo said in Need Wake on LAN help or Alternative Solution:
"Kinda sucks I need to travel somewhere and use someone else's network to test if it would work or not."
No you do not. U maybe able to use your smart phone cellular network...
SmartPhone -> cellular -> Internet -> YourISP -> YourBroadbandWAN.
Palm to face.. you are absolutely right lol. I've had my iPhone for 4 years and in that time I have never turned on the data as it has only one gig shared between myself and my wife's phone. Just always connected it to wifi and didn't give the cellular data a thought. I swear, sometimes I do a good job at embarrassing myself...
-
Rather than connecting to ExpressVPN from your phone/laptop and then coming back into your pfSense box outside the tunnel it would be better to setup a VPN server on the pfSense box itself and just connect directly to it.
Shorter route. Less (or no) NAT. End to end inside the VPN.
You would then connect to your plex server as though you're local. No need to port froward anything to it opening potential security holes.
Steve
-
@tagit446 said in Need Wake on LAN help or Alternative Solution:
Kinda sucks I need to travel somewhere and use someone else’s network to test if it would work or not.
What sort of Internet connection do you have? I have a cable modem with 2 ports. I normally just use one of them to connect my firewall, but I occasionally use the 2nd for testing. Of course, as someone else mentioned, you can tether to your cell phone.
-
@stephenw10 said in Need Wake on LAN help or Alternative Solution:
Rather than connecting to ExpressVPN from your phone/laptop and then coming back into your pfSense box outside the tunnel it would be better to setup a VPN server on the pfSense box itself and just connect directly to it.
Shorter route. Less (or no) NAT. End to end inside the VPN.
You would then connect to your plex server as though you're local. No need to port froward anything to it opening potential security holes.
Steve
I just set this up following a Lawrence Systems video (https://www.youtube.com/watch?v=7rQ-Tgt3L18) .
In the VPN > OpenVPN > Servers > Tunnel Settings it allowed me to add my LAN1 network which is where my Plex server resides. I tested the connection locally from my iphone to my plex server and it works. I haven't tried it remotely using my iphone's cellular data due to poor connection signal at the moment. Cellular is poor at home and only works sometimes.
So I am wondering, will this connection let me access the pfsense webGUI by default or would I need to edit the setting to allow this. I only need remote access to the pfsense webGUI to issue the WOL to the plex server. If I need to edit the settings, what exactly would I need to do?
I am also wondering if my public IP was to change, would it effect the VPN connection?
If it would effect the connection, I do have a Dynamic DNS account setup but I am unsure how I would make it work with the VPN.
@jknott said in Need Wake on LAN help or Alternative Solution:
@tagit446 said in Need Wake on LAN help or Alternative Solution:
Kinda sucks I need to travel somewhere and use someone else’s network to test if it would work or not.
What sort of Internet connection do you have? I have a cable modem with 2 ports. I normally just use one of them to connect my firewall, but I occasionally use the 2nd for testing. Of course, as someone else mentioned, you can tether to your cell phone.
ADSL+, ISP > 4 port DSL Modem > pfSense > Local network with 2 unmanaged switches & 1 WiFi access point.
-
It will allow you access the webgui via the LAN IP as long as you have firewall rules to allow it. By default the wizard adds an allow all rule.
As long as the OpenVPN client is using your DynDNS address to access the server it will be updated automatically if your WAN IP changes. If you used the OpenVPN client exporter it has an option for choosing how the client does that,
Host Name Resolution. By default it will just use the interface IP but if you have a dyndns address configured it will be selectable there.Steve
-
@stephenw10 said in Need Wake on LAN help or Alternative Solution:
It will allow you access the webgui via the LAN IP as long as you have firewall rules to allow it. By default the wizard adds an allow all rule.
As long as the OpenVPN client is using your DynDNS address to access the server it will be updated automatically if your WAN IP changes. If you used the OpenVPN client exporter it has an option for choosing how the client does that,
Host Name Resolution. By default it will just use the interface IP but if you have a dyndns address configured it will be selectable there.Steve
Thanks for the info Steve
I think I have this setup correctly and works from a windows 10 desktop and appears to be working on my iphone6 IOS 11.4 except for a couple of issues.
I used the client export tool in pfsense and for the iphone I choose the "OpenVPN Connect (IOS/Android)" download. This created one file and I then added the file into itunes by dropping it into OpenVPN folder. After this OpenVPN connect recognized the file and imported it in. After signing in it appeared to connect but at the same time it looks like there might be some issues.
- On the iphone while in OpenVPN Connect, if I click on "Certs" I get a message saying "No certificates are present in the keychain. Note: PKCS#12 files need to end with '.ovpn12', instead of '.p12' or '.pfx', for proper importing (check FAQ)" I tried looking on the web but found nothing useful on this error.
- On the iphone, both safari and duck duck go give me this error about "This connection is not private". For this I figured I needed to manually trust the OpenVPN certificate but when I go into the trust settings there is no certificate to trust.
-
O'Boy, I'm not sure what happened but I rebooted pfSense and now I can not access pfSense webgui.
UPDATE: The reboot caused my public IP to change. It took a little bit for dynamic dns to update my IP. I can now log in to pfSense. I tried to delete this post but it said I didn't have the right privileges.
-
Hi Everyone, Happy Fourth of July !!
So I finally went to a location were I got good cell service and tested my OpenVPN connection to my pfSense firewall.
The result, OpenVPN connected however I could not reach my firewall webgui by ip address or by using my dynamic DNS address.
I noted the time I did the test and compared it to my firewall logs when I got home. I do not know what my cellular IP address is but it does look like the firewall may have blocked my access with "Default deny rule IPv4 (1000000103)". I'm pretty certain it was blocking my cell IP though because the IP being blocked resolved to Sprint many times at the same time I was testing and then stopped hitting the firewall when I was done testing.
So now I am very confused as to why my OpenVPN client was able to connect but my cell IP was being blocked at the same time not allowing me to get to the webgui. Any ideas?
PS, I could also access my plex sever without issue but that is not surprising because I am keeping my port forwards up until I can get OpenVPN sorted.
[EDIT]: Tested Plex connection before starting OpenVPN Client. Also, if it helps the deny rule I mentioned above all had a TCP-S Flag.
-
The OpenVPN client will only be configured to route traffic for the internal subnet so you would have to access the firewall webgui using the internal IP address. The LAN IP I believe here.
The dyndns url will resolve to the WAN IP which should not be accessible. Either publicly or across the VPN.Steve
-
@stephenw10 said in Need Wake on LAN help or Alternative Solution:
The OpenVPN client will only be configured to route traffic for the internal subnet so you would have to access the firewall webgui using the internal IP address. The LAN IP I believe here.
The dyndns url will resolve to the WAN IP which should not be accessible. Either publicly or across the VPN.Steve
Sorry for the late reply but this was very helpful, thank you. I actually reconfigured my firewall rules and DNS following "This Guide". The only difference is that I am using ExpressVPN on all subnets, not using DNS Forwarder and not using Vlans. I also setup my OpenVPN by using "This Guide" which is by the same author and builds off his baseline config which I linked to above.
After using these two guides and adjusting for my network environment I tested remotely from my iphone.
I was able to successfully connect to my pfSense OpenVPN server and also able to access my pfSense webGUI using the IP(192.168.40.1) which I created in OpenVPN :) I have not tested yet but I should now be able to send the WOL command to my Plex Server.
Now I am trying to setup my laptop to do the same. So far I have the OpenVPN client setup on it . I only have my home network setup on this laptop so for now I can only test locally on it.
I have found using my laptop I can connect to my local network through the OpenVPN client but cannot access my Plex Server while connected. At least not completely. On the laptop with the OpenVPN client connected, using chrome I navigate to 192.168.10.10:32400/web/index.html (my local plex server) it will bring up a Plex error saying "Plex is not reachable - Make sure your server has an internet connection and any firewalls or other programs are set to allow access."
I actually find this error kind of odd because the above address takes me to a Plex Error.
stephenw10, you mentioned I would not need any port forwards to access my Plex Server when using OpenVPN. Welp, I still have my port forwards in place and can access Plex on my local devices when NOT connected using the OpenVPN client but I cannot access Plex while connected to the OpenVPN client. I must be doing something wrong but I am not sure what.
If anything obvious in what I have written stands out as a possible problem please let me know.
In the mean time I am wondering, in order to reach my Plex Server do I also need the OpenVPN client installed and running on my Plex Server as well or is the OpenVPN client only needed on the devices used to remotely access my network?
One thing I see that may be an issue is that when trying to access Plex on the laptop (connected to OpenVPN), is that the firewall log shows "LAN1 | LAN1: Default reject IPv4 (1531020574) | Source - 192.168.10.10:61446 | Destination - 192.168.10.255:32414 | UDP" and "LAN1 | LAN1: Default reject IPv4 (1531020574) | Source - 192.168.10.10:61445 | Destination - 192.168.10.255:32412 | UDP". The source IP is my plex server with an unknown port and the destination I am unsure of (broadcast address?) and port is close to my Plex port (Plex port is set to 32400).
[UPDATE] - I think I may know what the issue is here but I am unsure how to fix it. When the laptop OpenVPN Client is running the laptop looses internet access. I believe the laptop is connecting to my Plex Server but then the laptop also needs internet to login to Plex. So I think my question now is how can I have internet while the OpenVPN client is running.
