Protecting IPMI over WAN

I'm moving away for a year for an internship. I want to leave my Debian server at my mom's place, but still need to be able to remotely access it when it screws up. I have a Supermicro IPMI, but I don't think that should be port forwarded and opened to WAN without another layer of protection. What should the extra layer be?

The network configuration at my mom's place and my new place could vary dramatically. We're using PFSense and a Ubiquiti AC Lite AP right now, but I might get greedy and take that with me. If I do, they will be using the ISP's modem/router combo which does port forwarding, but little else. I also have a DDWRT router with mediocre wifi, but if it can be used as a VPN box that's an option. I've got a RPi floating around too. The server has dual NICs and a dedicated IPMI port.

It would also be nice to be able to remotely power on the server, in case we lose power and the server doesn't come back on afterwards. I think using the IPMI disables WOL for no good reason, so I might have to leave the RPi there for that specific purpose anyway.

Thanks fellas!

I have the best results with a raspberry pi 2 as a openVPN gateway that is the door to my home network.

Just read it - there you go =) solved ^^

Set it to auto power on after power loss - do you have a UPS? some UPS can start the server when they get power back.

So the RPi can be on the normal network, and I can remotely connect to it from afar, then see the LAN stuff?

I'm planning to get a UPS and have only the server on the battery. Power consumption is usually only 50W, peaks at 130W so I figure a 500VA unit will be plenty to allow graceful shutdown. My boss like APC, do they play nicely with Linux?

The RPI is on your local network, the router will port forward the OpenVPN traffic to it, the RPI terminates the VPN and sends the data into your local network.

Depends - they work - lets call it that. NUT knows how to talk to them, but the UPS ain't very takative. The powerware on the other hand is telling you everything.

As you can see, the APC isn't realy the best choice for linux :(

There is what works, not, less, little more and good with nut http://networkupstools.org/stable-hcl.html

After what I know today, I would get only eaton ups nowadays. And will replace the APC ones if they die completely one day.

Apparently apcupsd is the way to go for APC UPS in Linux, NUT is for everything but their stuff. Only other brands I'm seeing in Canadia are Cyberpower and Tripplite. I don't care about any advanced features, I just want the UPS to trigger "poweroff" then cut power after the server is off, or a timeout period. I can use the RPi I'll need for VPN access to start the server back up once it has power again. Is that functionality I can expect out of any USB UPS with support from NUT or apcupsd?

Yeah I know about that, but it lacks (or lacked when I last looked?) some features like the network part. I have more than one thing on the UPS and thus a RPI is connected to each and relays the shutdown signals to the machines also connected. (saving me the ~200€ for the official network addin-card from APC)

When I last checked apcupsd it did not provide any more insight into the UPS despit the sucker actually beeing capable of providing it. As far as I know even apcupsd is done by reverse engineering.