VPN with RDP access automatically

Hello, how could a script design with the following parameters:

wakeup a PC and then RDP on it. The latter is not a problem but I don’t know how to do the wakeup. Which parameters would I have to take to get to the wakeonlan menu of the ipfire without assigning admin rights or is there a tool that I can integrate into the openvpn?

Hi @anwin,

run the command /usr/local/bin/launch-ether-wake $M $I
where $M is the mac address of the computer to be woken and $I is the interface name for the network that the computer is connected to - green0 for the green network.

This is the same as pressing the lightbulb on the Wake On Lan page.

Hello Adolf,
Thanks
how do I package this in an openvpn from windows?

#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto udp
tun-mtu 1500
remote xxxxx.dyndns.org 1194
pkcs12 xxxxx.p12
cipher AES-256-CBC
auth SHA256
tls-auth ta.key
verb 3
remote-cert-tls server
verify-x509-name ipfire.localdomain name
mssfix
auth-nocache
–pull-filter ignore redirect-gateway
explicit-exit-notify 1
inactive 300 [10737418240]
ping-restart 0

The clients come from a Windows notebook

The way I do it is to login to the Openvpn tunnel with my road warrior notebook, which connects me to the green network and then open a browser on the laptop and access the IPfire WUI and start the computer on the Wake On Lan page.

If you have to do it via Openvpn then it is not on the client but the server that you would need to create a script that will run when you start the Openvpn tunnel from your road warrior laptop. I am not sure where that script should be placed but Erik Kapfer (@ummeegge) is very knowledgeable on Openvpn and should be able to help on that. That script would then be called when the Openvpn tunnel is started.

Good morning,
i would script such things from your client after the tunnel has been established. As Adolf has been written, you can trigger the magic packet via SSH on IPFire (launch-ether-wake) from your OpenVPN client machine. If you use Windows, this should meanwhile be possible --> https://www.linuxbabe.com/linux-server/ssh-windows , i do not use Windows at all but as far i can see it should be possible to run bash commands in a batch file --> https://www.quora.com/How-do-I-run-a-Linux-command-bash-in-CMD’s-batch-files-using-Windows-file-system-for-Linux so it should be possible to make the three steps also on Windows machines to

  1. Start the OpenVPN connection (give a sleep of e.g. 5)
  2. Open a SSH connection and execute etherwake for the appropriate interface and MAC address like Adolf mentioned it.
  3. Start VNC.

This here --> https://community.spiceworks.com/how_to/77019-bat-file-to-start-openvpn-and-open-an-rdp-session might be an idea, beneath some other checks which are in there to manage the last two points.

It is currently not possible to execute two or more scripts via OpenVPN server and --client-connect
–> https://lists.ipfire.org/pipermail/development/2020-October/008407.html but we work on that.

Best,

Erik

Thanks to everyone for the tips. My idea is to make the dial-in including Start RDP as easy as possible. So far there was only dial-in with VPN and drive transfer, but there are applications where the VPN connection is simply too slow and RDP is better there. Letting the machines run through at work is not an option and wakeonlan then requires another program for those users who work exclusively with Windows. Well I hope I get some tips implemented, thanks again to everyone

Hi,
as far as i understand you correct, you want only to RDP into your machine without OpenVPN cause it is too slow ? If so i would strongly advice you to not do it like this. Without a reliable encryption you serve your security on a silver platter for someone else.

If you can SSH to IPFire there is no need for another program since IPFire provides then Wakeonlan and you simply execute it from remote…

But may i misunderstood your intend.

Best,

Erik

nein, ich mache grundsätzlich erst openvpn und danach RDP.
Das Ziel wäre dies: openvpn->wol->rdp
alles in einer cmd die ich aus openvpn aufrufen kann
ssh ist zu kompliziert für normal user

geht das nicht mache ich auf keinen Fall rdp ohne openvpn

no, I basically do openvpn first and then RDP.
The goal would be this: openvpn-> wol-> rdp
everything in a cmd that I can call from openvpn
ssh is too complicated for normal users

that doesn’t work, I definitely don’t do rdp without openvpn

Have seen this is a long term DP --> Openvpn->wol auto :wink: .
OK, a script should include all logic (knowledge) so there should be no further complications there for the users but OK, another downside might be that SSH access to the machine implies also root access. Creating another user with a lowered privileged etherwake might be an idea.

But the complication is then on your side to set it up.

May there are other ideas for that.

Best,

Erik