Port Fodwarding for Wake On LAN problems

[brummygit]

I've recently returned to Merlin FW having replaced my RT-N66U running Toastman with a RT-AC68U running Merlin 378.55 but can't get Wake On LAN from the internet to work.

I have a Windows 10 PC but have changed the default LAN card settings for Win 10 and WOL works fine from the router GUI, but I can't get it working from outside my LAN.

I configured port forwarding for UDP Port 9 to my home PC Port 9.

I assigned a static IP to the PC using DHCP on the Router and checked in the GUI client listing that it has a closed padlock against its entry (not totally sure what this does).

I am not sure if I need to set a static ARP entry against the PC as I would in Toastman's FW but I can't get a WOL to work. If I need to set a static ARP up, can I do it via the GUI?

 

[GSpock]

Indeed, you need to have the entry static in ARP table in order to have it work.
synatx is
arp -s local_ip_addr mac_addr
I did not find a way to implement this via the GUI, so I put it in the services_start script ....
GS

 

[Deleted member 27741]

I do not have static ARPs and my wols work. Are you connecting to one of the vpn servers on your router before sending the wol command?

P.S. here is a windows batch file and short router script to use the router wake by command line (once connected to your router vpn you just double click to wake)-

Windows batch file (you need plink, a program included with PuTTy):
mode con: cols=20 lines=20
c:
cd c:\Program Files (x86)\PuTTy
plink -ssh your.ROUTER.ip.address -P yoursshport -l yourloginname -pw yourpassword /jffs/scripts/fileonyourouter

Router script /jffs/scripts/fileonyourouter (replace 00:00:00:00:00:00 with MAC of device you want to wake):
#!/bin/sh
logger -t $(basename $0) "STARTING SCRIPT, PARAMETER: $1"
/usr/bin/ether-wake -b -i br0 00:00:00:00:00:00

 

[brummygit]

Thanks to you both.

I don't use VPN into my LAN, but instead take control of my PC using TeamViewer and use the remote wake their client or from an app on my iPhone.

I took the advice of GSpock and set up a simple script to add a static ARP entry.

Thanks again

 

[GSpock]

I do not have static ARPs and my wols work. Are you connecting to one of the vpn servers on your router before sending the wol command?

P.S. here is a windows batch file and short router script to use the router wake by command line (once connected to your router vpn you just double click to wake)-

Windows batch file (you need plink, a program included with PuTTy):
mode con: cols=20 lines=20
c:
cd c:\Program Files (x86)\PuTTy
plink -ssh your.ROUTER.ip.address -P yoursshport -l yourloginname -pw yourpassword /jffs/scripts/fileonyourouter

Router script /jffs/scripts/fileonyourouter (replace 00:00:00:00:00:00 with MAC of device you want to wake):
#!/bin/sh
logger -t $(basename $0) "STARTING SCRIPT, PARAMETER: $1"
/usr/bin/ether-wake -b -i br0 00:00:00:00:00:00

static in ARP is mandatory if you want to do wake-on-WAN. (useful for people who do not want to allow remote access to their router either via the GUI or via VPN)
Rgds,
GS

 

[Deleted member 27741]

static in ARP is mandatory if you want to do wake-on-WAN. (useful for people who do not want to allow remote access to their router either via the GUI or via VPN)
Rgds,
GS

I see than I am not understanding- you are talking about using a permanent port forward (and therefore port open to the internet) for wol, correct?

It certainly is more convenient. I used to do it myself. Now I use openvpn to get local access and consider it more secure.

 

[GSpock]

I see than I am not understanding- you are talking about using a permanent port forward (and therefore port open to the internet) for wol, correct?

It certainly is more convenient. I used to do it myself. Now I use openvpn to get local access and consider it more secure.

Hi 000111,
yes, you are right, I have a permanent port forward to internal port 9 of the specific device that I want to wake-up via WAN. I am not a security specialist, so I cannot judge if this is better than openvpn, and I consider myself not expert enough to set-up a vpn (at least at this point in time ).
Rgds,
GS