I am out of town for a couple of weeks and, as intended, my computer went to sleep. However, my remote software wouldn't connect and I had no way to send it a WOL signal. As such, I had to wait until someone was available to wake my system up.
Trying to avoid this situation in the future, and without having to keep my system awake 24/7, after I remoted in, I installed etherwake and luci-app-wol on my OpenWRT router, but this still does me little good when I am not on the local network. I have Dynamic DNS configured, so is there a simple way to configure a way to log into my router via WAN to send a WOL signal on the LAN without enabling WAN remote management? The only way I can think of is to build a secure page via httpd, but that is a lot of work for a simple WOL signal.
Besides disabling the sleep mode and especially while I am out of town, does anyone have a simple solution?
My apologies if I miscommunicated. I am not talking about a LAN remote connection. I am talking about a WAN remote connection.
While I am on the road and over WAN, I need to somehow have the router send a WOL to my system. I do not want to install/configure WAN remote management, but rather use the WAN interface only to activate a WOL signal.
You can add luci-app-wol which will give you WOL capability that you can point at your lan from the router itself (via the LuCI web interface).
I'd recommend using a VPN to connect to your router when you are away from home. Wireguard is perfect for this. Do not expose the LuCI web interface directly to the internet.
Configure a second instance of Dropbear SSH using only public/private key (not password) on a non-standard port, then open that port to wan. If you open port 22 it will get probed a lot.
Either a conventional VPN (Wireguard, OpenVPN) or direct SSH requires the ISP service to have a public IP and allow incoming connections. If that does not exist I suggest Zerotier.
The combination of road-warrior style VPN (e.g. wireguard) to remotely connect into your LAN and to use luci-app-wol from there is the way to go here. These days there are few justifications to use tunneling over ssh (it's possible, but more cumbersome and harder'different' to secure).
Another approach would be configuring the computer (BIOS) to full-on on AC-power, shutting it down manually and using e.g. a Tasmota based power plug (also via a road-warrior style VPN) to switch on/ off the mains power for this device.
It's also possible to set up a SSH account that has its "shell" a walled garden of a single command instead of bash. I have done this with picocom as the command so that a SSH session immediately opens a serial port.
It's possible (securely), ssh can do all of this (although I would favour openssh over dropbear, if this is wanted), but these days I would skip it in favour of a VPN any day of the week.
On the one hand wireguard is less obvious to the outside, less of an attack surface than ssh (as it doesn't react at all, without the correct key, while ssh is more chatty and therefore more of a beacon to launch brute-force attacks against) - on the other hand it's the better tool for the job, You get access to your LAN as if you were at home, with the click of a button (rather than tunneling through), security based on your routing/ firewall (zone-) decisions, etc. Again, ssh is secure and can be configured correctly, but most of the time a VPN is easier to do and easier to secure.