How to make sure my VPN server restarts after a power outage?

[BosseSwede]

(I don't know if this is the right sub-forum, but I could not find anyone better. Please move me to the correct forum if it does not belong here.)

I am in the process of upgrading the hardware for my OpenVPN server on my LAN.
Right now it is an Ubuntu Server 24.04.1 LTS running on a Lenovo IdeaCenter mini-tower.
It is connected to an UPS, which also feeds the Fiber box, the ASUS Router, a Synology NAS and my LAN switches. So as long as the fiber service is OK I have a network that is up even when the incoming power to my house is seeing an outage.
But there is a problem here:
When the outage is longer than about an hour then the UPS battery runs low and it sends an alert command to the NAS and it relays it out on the LAN so other devices can take proper action too. That action is an orderly shutdown and my VPN server is one of the devices following that.
And here is the problem:
When power returns the Lenovo does not start again, someone has to push the power button on the front of the Lenovo....

Other devices on the LAN do start up properly, like the ASUS router and all of the RPi devices etc. Just not the VPN server, which maakes it an impossible situation since home access is through this.

Now when switching to newer hardware I am going to use an ASUS NUC 13 ANH device with Intel i7 CPU and I intend to move the VPN server disk partitions over to the NUC SSD disk so the exact same server will be running software-wise.

In doing so I checked the power settings on the ASUS website for resume after power loss and found that there is a wording passage I do not really fully understand:

With these settings, intentionally shutting down the system will result in the system staying powered down.

Does this mean that if the server receives the UPS message and shuts down because of that it will no longer restart after the power returns?
Id so how can I make it work except by disconnecting from the UPS?
I really want my network to be accessible via VPN 24/7 when power is available.

 

[bbunge]

You have discovered the same issue I have with my NVR (Debian 12). When the UPS shuts down the server it stays down. I can send a Wake on LAN packet that restarts the server but sometimes it does not work.
One solution would be to use the Asus router for the OpenVPN server.
Another would be to not use a UPS on the OpenVPN server but set the BIOS power to start the device when the power resumes. Using a SSD minimizes the risk of data loss. I do this with an old Dell Optiplex running Windows 11 and Boinc.

 

[ColinTaylor]

In doing so I checked the power settings on the ASUS website for resume after power loss and found that there is a wording passage I do not really fully understand:

Does this mean that if the server receives the UPS message and shuts down because of that it will no longer restart after the power returns?

I don't know about that specific NUC, but that option (Power On) usually means that if there is a power failure - even if the device was cleanly shut down - it will power on once the power is restored. The message is just telling you that option is not applicable in normal day to day use.

However, I have found that the power has to be removed for sufficient time for any residual current in the PSU to have drained away for it to be detected as a power failure. So unplugging the mains for say 20 seconds will not cause it to power back on, whereas unplugging it for 5 minutes would. You'll have to test this for yourself though.

 

[BosseSwede]

However, I have found that the power has to be removed for sufficient time for any residual current in the PSU to have drained away for it to be detected as a power failure. So unplugging the mains for say 20 seconds will not cause it to power back on, whereas unplugging it for 5 minutes would. You'll have to test this for yourself though.

Sigh....

So I have two options:
1) Keep the VPN server on the UPS
In this case the final shutdown will mean that when power resumes it will probably not start because it did an orderly shutdown to the off state...
So this needs a human to enter the home and push the power button...

Or find a way to remotely start it, which then requires me to have a secondary VPN server running on a RaspberryPi (which always starts on power application) so I can connect back home.
Then I could for instance use a Shelly plug on the power outlet feeding the server and do a remote OFF-ON power cycle, but if the NUC still thinks it was properly shut down then maybe it will not start anyway?

I have tried "wake on lan" earlier but I have never gotten it to work on the Lenovo hardware at least...
For the NUC ASUS says this.

Is this applicable for me and how can I make it run?
Is it possible to have another device on my network send the WakeOnLan to the VPN server when it starts up (maybe after failing to ping the server for instance)?

2) Power the VPN server directly from mains
This will then use the BIOS setting "start on resume power" and get the system up.
But then it will not shut down cleanly when the power is removed of course...
And even short power outages means a disruption of the server tasks....

Geography
I have two homes:
- my main home where the VPN server is located (it does lots of other things too, not just VPN)
- my summer home 100 km away.
Both have fiber Internet and the two LAN:s are interconnected via OpenVP.
The ASUS router at the summer home connects to my home LAN via the VPN server I am just discussing here.
Then the devices on both locations have access to each other.

History
In August 2024 there was a power outage at home that lasted for a couple of hours when I was at the summer home and the VPN server did not come on line afterwards.
So I had to phone a neighbor to enter my main home and locate the power button and push it....
This is what I am trying to avoid when I now am replacing the server hardware...

VPN is supposed to always run when there is power available....

 

[ColinTaylor]

You say that the router comes back online after the power outage so why not run a "backup" VPN server on that (which I think you did previously). You could then connect to your LAN via that and issue a WoL, either from the router's webUI or from a command line.

 

[BosseSwede]

I have an ASUS RT-AX86U PRO Router at home, but I am not aware of any WebUI on that router which would enable me sending a WoL command. Where can I find that?
Concerning a secondary VPN channel I have not used the home router for that, instead the home router port forwards VPN traffic to my Ubuntu Server which is the VPN server too. And that is where the routing and such of the incoming traffic happens. Except when it is not running....
The ASUS built-in VPN is too limited to be used for what I do...

Or could I have an on-boot cron job on a RaspberryPi powered from the main power line which would do the following when it starts up (RPi devices always start on applying power):
1) Wait a few minutes to let things settle
2) Check if the server can be reached (test a mount from it or simply check pinging or similar)
3) If there is no response to the check then send the WOL packet (how would that WOL be done from a bash script?)
4) Again wait a while for it to start up
5) Make another connectivity test, if that fails post a message to me about that fact.

This would automate the restart and not require me to connect and do stuff manually on a power resume.

 

[ColinTaylor]

I understand that your VPN server is running on the Ubuntu machine. I wasn't suggesting you change that. I was suggesting you run a second VPN server (on a different port) on the router only for emergency access. The reason for choosing the router over the Pi was that the router is the only device you can guarantee is up after the internet connection is restored (otherwise there would be no internet).

Wake on LAN can be found at Network Tools - Wake on LAN. Or by using the ether-wake command from SSH.

# ether-wake
BusyBox v1.25.1 (2024-11-17 14:17:59 EST) multi-call binary.

Usage: ether-wake [-b] [-i IFACE] [-p aa:bb:cc:dd[:ee:ff]/a.b.c.d] MAC

Send a magic packet to wake up sleeping machines.
MAC must be a station address (00:11:22:33:44:55) or
a hostname with a known 'ethers' entry.

        -b              Broadcast the packet
        -i IFACE        Interface to use (default eth0)
        -p PASSWORD     Append four or six byte PASSWORD to the packet

 

[bbunge]

Your idea about a smart switch is a good one. Not too sure about shelly's but I have several Wemo's that I can control from anywhere. Will have to give one of those a try.
With the crazy weather our rural electric co-op has been experiencing random power loss. We have also been warned that with increased power consumption they may have to do rolling blackouts (and there are planned data center construction in our area). Because of that I have set the NAS and NVR to power down after 5 minutes of loss of power. That will help prolong power to the router and ONT.

 

[BosseSwede]

I understand that your VPN server is running on the Ubuntu machine. I wasn't suggesting you change that. I was suggesting you run a second VPN server (on a different port) on the router only for emergency access. The reason for choosing the router over the Pi was that the router is the only device you can guarantee is up after the internet connection is restored (otherwise there would be no internet).

Wake on LAN can be found at Network Tools - Wake on LAN. Or by using the ether-wake command from SSH.

# ether-wake
BusyBox v1.25.1 (2024-11-17 14:17:59 EST) multi-call binary.

Usage: ether-wake [-b] [-i IFACE] [-p aa:bb:cc:dd[:ee:ff]/a.b.c.d] MAC

Send a magic packet to wake up sleeping machines.
MAC must be a station address (00:11:22:33:44:55) or
a hostname with a known 'ethers' entry.

        -b              Broadcast the packet
        -i IFACE        Interface to use (default eth0)
        -p PASSWORD     Append four or six byte PASSWORD to the packet

I can see the use for the Router based VPN, I use OpenVPN a lot but my servers are all on Linux machines behind routers.
The only Router I have VPN usage on is the one at my summer home and that acts as a Client only, connects to my Ubuntu based home VPN through the home router's port forwarding.
I see that it might be a valid use for setting up my home router as a VPN server for the reason you mention, will look into it.
(I see in your signature that you use the same router as my home router...)

Network Tools????
My servers and other computers are all headless Ubuntu servers or other Debian related distributions like Pi-OS for Raspberries etc...

I have checked on my server and it cannot find ether-wake at all:

$ apt policy ether-wake
N: Unable to locate package ether-wake

 

[BosseSwede]

Your idea about a smart switch is a good one. Not too sure about shelly's but I have several Wemo's that I can control from anywhere. Will have to give one of those a try.
With the crazy weather our rural electric co-op has been experiencing random power loss. We have also been warned that with increased power consumption they may have to do rolling blackouts (and there are planned data center construction in our area). Because of that I have set the NAS and NVR to power down after 5 minutes of loss of power. That will help prolong power to the router and ONT.

I have a shelly-plug sitting in the power feed of a Linux Mint mini-PC at the summer home (100 km away). It is headless but with a VGA simulator attached to its video output to make it boot past the boot startup menu. It has sometimes locked up and I have added the Shelly in order to make it possible for me to power cycle it remotely. When the problem happens it is still running but unresponsive for some reason. Power cycling fixes that.
So when it first happened I installed the Shelly to be able to remotely restart the Mint machine.
Very convenient, but I am not sure it will work for my use case at home on the NUC based server when the BIOS power setting to start after power loss has the caveat of the intentional shutdown state - it seems that would not respond to a power cycle then....
You also seem to use the same router as I do...

 

[ColinTaylor]

Network Tools????
My servers and other computers are all headless Ubuntu servers or other Debian related distributions like Pi-OS for Raspberries etc...

I have checked on my server and it cannot find ether-wake at all:

$ apt policy ether-wake
N: Unable to locate package ether-wake

I'm talking about your Asus router. Connect to it via its OpenVPN server and open its webUI in a browser. Or SSH into the router.

https://demoui.asus.com/Main_WOL_Content.asp

 

[Tech9]

Lenovo IdeaCenter

Does it have power options with last state in BIOS settings? I had some Lenovo computers in the past, but it was years ago. All my HP computers have it. If they were on before power loss - power up automatically on power restored.

 

[BosseSwede]

Does it have power options with last state in BIOS settings? I had some Lenovo computers in the past, but it was years ago. All my HP computers have it. If they were on before power loss - power up automatically on power restored.

That Lenovo is a big PITA...
It came with Windows when I bought it around 2020 or so and I think used Windows itself to make it shrink its disk use to make room for further OS:es and then GParted-Live to use the space for partitions I really wanted. There I installed an Ubuntu desktop, just to get to a sensible system for further actions.
Then I also copied in the partition for my existing ubuntu server to the drive and made it work there. I believe by running update-grup in the desktop ubuntu (long time ago now)...

But to do anything in BIOS I *have* to boot up Windows in order to reach the BIOS (don't ask me why, it simply did not work in any other way).
So since I don't want Windows to start messing up the existing system I have not used that for a long time and I don't even remember the Windows login for it...
I need to get away from Windows everywhere except on my laptop.

 

[CaptainSTX]

That Lenovo is a big PITA...
It came with Windows when I bought it around 2020 or so and I think used Windows itself to make it shrink its disk use to make room for further OS:es and then GParted-Live to use the space for partitions I really wanted. There I installed an Ubuntu desktop, just to get to a sensible system for further actions.
Then I also copied in the partition for my existing ubuntu server to the drive and made it work there. I believe by running update-grup in the desktop ubuntu (long time ago now)...

But to do anything in BIOS I *have* to boot up Windows in order to reach the BIOS (don't ask me why, it simply did not work in any other way).
So since I don't want Windows to start messing up the existing system I have not used that for a long time and I don't even remember the Windows login for it...
I need to get away from Windows everywhere except on my laptop.

See if you can find the manual for your mother board. I have a mini PC which I used for a VPN client and by moving a jumper between a couple of pins it enabled this PC to automatically startup and boot when power was supplied with no need to use the power switch.