Use case resolved here: waking up a computer on your home LAN from internet involving a Wireguard VPN and Windows devices above Windows 7 (i.e. Win10 and Win11).
I feel like it's my duty to write this article so Google can find it and suggest it to every one who like me was for the previous year: having a hard time with Wake On Lan (WOL).
WOL is useful for people working away from home while still wishing to access his computer/server using remote control protocols such as RDP. Most of the data nowadays in stored in "someone else computer" also know as " the Cloud". So it is not the most common scenario since you won't need to turn on your computer at home to reach your data but simply have to connect to your OneDrive / Google Drive / Box / Dropbox to get that personal document you have to print at work.
Anyway, in my scenario I have a VPN gateway hosted at home to reach my LAN from internet (work, while traveling, etc.). Since there is no way I open my RDP port on the internet (0-days, ya know) I chose to use a VPN gateway to grant me access to my home network. That VPN server is a raspberry running Wireguard. It used to be OpenVPN but years after years Wireguard earnt my trust while being so much faster and lighter on hardware ressources (smartphone battery) than OpenVPN.
So here comes one thing you have to know while testing WOL over a VPN: WOL is layer 2, Wireguard is layer 3. So there is no way your magic packet will go through the VPN gateway and reach the sleepy device.
While the previous point is quite a hint when testing your WOL setup, you also have to know that WOL has evolved from Windows 7 to Windows 8. I have found very few articles on the web about this (hence this article) and I wish I knew that years ago. Windows 7 was fine with waking up turned off computers. A setting on a your network card and the BIOS allowed the network interface to stay on while the computer was off. A small part the the motherboard dedicated to the network was kept awake and it allowed WOL to work on computers whatever their status was.
It changed in Windows 8 and therefore Windows 10 and 11.
WOL will only work on devices in sleep modes (until hibernate aka S4 sleeping state). Shut down power state is not part of the fair. https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/system-sleeping-states
so here we are, if you are away from home and wish to wake up a Windows 10/11 computer you want to access through VPN then RDP, you have to know all the above to understand it will only work if:
1) Your computer is in one of the sleep modes only.
2) The device broadcasting the magic packet is on you LAN and not the remote device. For this specific point I have chosen to use etherwake on the very same raspberry I use to host Wireguard.
Therefore this is how I proceed to connect to my home server from the internet (e.g. my smartphone connected using 4G/LTE or a buddy's WiFi):
1) I launch Wireguard and connect to my LAN
2) I connect to my raspberry using SSH (Termius is great on iOS) and launch that command using etherwake: wakeonlan xx:xx:xx:xx:xx:xx (where xx:xx... is you sleepy device's network interface mac address)
3) Wait 5-10s for the computer to wake up then connect using RDP (RD Client is doing a great job on iOS).
This is it.
Of course I won't explain how to configure WOL on your network interface and in your BIOS / UEFI. If you need that well Google has plenty of articles to suggest while it has no article about how "to WOL" from Internet.
One last thing: some ISP routers offer the possibility to forward magic packets to your LAN from internet. In this scenario you only have to send the magic packet to your public IP address. This could be a possibility but I prefer my way. Why? Because most ISPs will offer you a dynamic IP so you would have to rely on a DNS and a script to update the DNs record. I actually such a script running every 5min at home because I have a dynamic IP but I use this for other reasons and using this for WOL sounds unreliable. And if you IP is static, it's still your ISP router i.e. something you don't control as opposed to your raspberry.