I use the built-in WoL just fine for my dekstop PC, but I have a work laptop on my guest VLAN, due to the different subnets, it is much easier to do WoL through opnsense directly instead of trying to traverse across subnets.
I pulled a lot of documentation together and even used gemini to try and help sus out some of my issues. In the end, gemini (as one might expect) gave me a lot of “almost good” information. rather, good information, but not 100% right. Unfortunately, I never found an example in the wild that was what I needed so I had to piece things together. I just wanted to put this here in case anyone else is struggling with it.
This allows you to do WoL via OPNsense when using the os-wol plugin. I already had a user account for HA with an API key. I just had to go into that user and add the permissions for “Services: Wake On LAN”.
In secrets my URL is:
opnsense_wol_api_url: https://opnsense.mydomain.tld/api/wol/wol/set
Obviously, replace the domain with what points to your OPNsense box.
Add the below as a rest_command in your configuration yaml
opnsense_wol_device:
url: !secret opnsense_wol_api_url
method: POST
verify_ssl: true # Set to false if you are using self-signed certs and don't trust them
headers:
Content-Type: "application/json;charset=UTF-8"
payload: >
{
"wake": {
"interface": {{ interface_name |tojson }},
"mac": {{ mac_address |tojson }}
}
}
authentication: basic
username: !secret opnsense_api_key # The API Key ID from OPNsense
password: !secret opnsense_api_secret # The API Key Secret from OPNsense
When you go into developer tools and actions, choose "opensense_wol_device (rest_command.opnsense_wol_device) or whatever you changed the name to.
You need to enter yaml mode so you can provide the interface_name and mac_address.
*** If anyone can tell me how to make HA prompt for those fields in UI mode, please tell me. ***
action: rest_command.opnsense_wol_device
data:
interface_name: "opt3"
mac_address: "DE:AD:BE:EF:CA:FE"
Note for the interface name, it must be the “opt” type interface name, the friendly name you give it (e.g. “GuestVLAN104”) cannot be used. Either name, you will get a return with status 200, but the content status will be “OK” only if it was correct, otherwise I only received a blank (“[ ]”) if invalid.