I’m thinking of switching a thinkpad laptop to a MacBook Air and offload my occasional programming projects to a desktop PC at home. If I need to work on the projects away from home, I’ll openvpn (tplink archer 55 router, fixed IP address) back in and WoL the desktop (Win 10) and remote into from the MacBook. Is this a realistic set up? Would it be secure enough? My biggest fear is someone hacking into my desktop through the VPN. Thanks so much for your input!!
Edit:
Thanks so much for all the input! Much appreciated!! I did some quick search about tail scale. Would I be right in saying that I won’t be to do WoL with tailscale (but possible with wire guard)?
Edit 2:
Thanks again for all the input!! I decided to keep the Thinkpad for now because Win 11 seems to be linking to my iOS device okay. Also set up a RaspPi server and installed etherwake. Lots of suggestions for Tailscale. I think I can make that work if I install Tailscale on rasp pi, use it to wake up the dev desktop, and then Tailscale into the desktop. A bit cumbersome but sounds like Tailscale is much easier to set up - possibly more secure too?? If I wanna get more hands on, I think I’ll set up OpenVPN on the router and VPN back in, either use TAP or the Pi server to do WoL and then remote desktop. Thanks again for all your help!!
Thanks so much for all the input! Much appreciated!! I did some quick search about tail scale. Would I be right in saying that I won’t be to do WoL with tailscale (but possible with wire guard)?
Another vote for taliscale is one of the best solutions for accessing a home network securely. I use it basically daily to access a home server, desktop, router and security camera system. Extremely easy to use and rock solid!
I run openwrt on my router and create ssh tunnels to local machines to whatever port I need. You can use pubkey auth for ssh, it thwarts login attemps.
I was trying to set up a wireguard server that could work with a DNS name instead of IP. I failed miserably. Then I came across Tailscale and felt ashamed that I even wasted time on trying to set up my own vpn server.
Tailscale uses Wireguard, which doesn’t support Layer 2 networking. Sadly I don’t think the OpenVPN in your router is running in Layer 2 mode either. Looking at the manual, it has its own subnet assigned, so that makes me believe it is running in Layer 3 mode.
Taking a look at the manual though, it looks like it supports IP & MAC Binding. I think that’s going to add a static entry in the router’s mac address table. Set that up, it will solve the layer 2 issue. Then you should be able to send the WoL packet over OpenVPN to the IP of the desktop (don’t use the broadcast address).
I don’t understand why folks are recommending Tailscale. You said your Win 10 box will be powered off (so tailscale won’t be connected). And tailscale can’t be used to send a WoL packet.
ETA: It looks like your router generates certificates/keys for OpenVPN. That’s the best scenario for security. Unless there is a flaw in your router someone would need to have the key in order to login. Just keep the router firmware updated and you should be fine.
Tailscale here for some home dev and family help (octogenarian support class) just works. Throw some ACLs in there and its easy peasy lots of trust on that platform but for my use case the risk vs outcome is low.