What's new

Wake On WAN (WOW) on Asus RT-AC68U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

henrycao

New Around Here
I read the instruction about setting up Wake on WAN here:
https://github.com/RMerl/asuswrt-merlin/wiki/WOL-Script-Wake-Up-Your-Webserver-On-Internet-Traffic

Few questions:
1. Does it really require Merlin firmware? Because jffs partition is already there, and I checked /usr/sbin/ether-wake is there. So it seems every required is there already. What else is missing?
2. What I don't get is how to trigger WOW. It seems like it is parsing dmesg log for traffic contains destination = TARGET. So I thought I could just do a port forwarding to TARGET and then use a browser to access it to trigger. But it doesn't work. I don't even see TARGET in dmesg.

Thought?
 
1. Does it really require Merlin firmware? Because jffs partition is already there, and I checked /usr/sbin/ether-wake is there. So it seems every required is there already. What else is missing?
User scripts are not supported in stock Asus firmware. It's something that Merlin added.
 
User scripts are not supported in stock Asus firmware. It's something that Merlin added.
Thanks Colin!

I installed the latest version on my 68U.

Looks good.

But when I use my web browser to access the private IP and port in specified in my script (based on Merlin's WIKI -- I only updated IP, PORT, and MAC in the script), it still doesn't wake up my computer.

First I thought I didn't configure my computer properly to receive the magic packet. But I tried router's WOL with my computer's MAC address. It works.

Any thought what is missing? I also added a port forwarding to forward the port in the script to my computer.
 
Make sure you have enabled JFFS custom scripts and configs (not shown in that wiki guide because the screen shots are ancient :rolleyes:).

Make sure you are testing it from outside your LAN, and your PC is accessible in its "woken" state.

Check for errors in the script's log file: /var/log/ether-wake.log
 
It turned out my stupid mistake -- after upgrading, I asked for "rebuilding" /jffs partition and so everything is gone.

So far, no one scans the port of my router yet and so everything looks fine. I wonder how the machine can prevent from being waken up due to a random port scan?

Thanks!



Make sure you have enabled JFFS custom scripts and configs (not shown in that wiki guide because the screen shots are ancient :rolleyes:).

Make sure you are testing it from outside your LAN, and your PC is accessible in its "woken" state.

Check for errors in the script's log file: /var/log/ether-wake.log
 
. I wonder how the machine can prevent from being waken up due to a random port scan?
WOL works by sending a "magic packet" not by a simple ping or port scan.

Have you considered connecting to your network via VPN and using the WOL tool in the router ?
 
Last edited:
WOL works by sending a "magic packet" not by a simple ping or port scan.

Thanks for your reply.

Yes, the script in the router will send a magic packet for WOL.

However, I am worry that someone on the internet will do a port scan on my public IP, and the scan will trigger the Wake-on-WAN (not WOL), which indirectly triggers WOL.
 
However, I am worry that someone on the internet will do a port scan on my public IP, and the scan will trigger the Wake-on-WAN (not WOL), which indirectly triggers WOL

I haven't looked at the script, but I can't imagine it would trigger on a simple port access. If it does, I wouldn't use it. (See edit below)

As an aside, I don't believe wake-on-wan is a real thing. WoW is essentially a hack to trigger WoL but from the WAN side, but the underlying mechanism should still use WoL

EDIT: I looked at the link and it does say a port scan will trigger it ( at least at the top). Personally, (without investigating further) I'd use a VPN connection instead as I know my network is scanned, as are most, continuously. The script in the link is for waking a webserver, so it makes sense but it sounds like your use-case is different. Accessing the router GUI via WAN is another option, but I would not recommend it for fairly obvious security reasons.

Bottom line, I think the script you are trying to use is the wrong tool for what you want to do.
 
Last edited:
I haven't looked at the script, but I can't imagine it would trigger on a simple port access. If it does, I wouldn't use it.

As an aside, I don't believe wake-on-wan is a real thing. WoW is essentially a hack to trigger WoL but from the WAN side, but the underlying mechanism should still use WoL

Yeah people expressed the same concern in this forum about the script (which I use) on Merlin's wiki page.

And the users' counter-argument is that the machine being waken up will deal with the security issue, which I think is acceptable. Because if there is a security hole on the machine, when the machine is on, the hacker will hack in anyway except that WoW gives more chance to the hacker to attempt to hack.
 
And the users' counter-argument is that the machine being waken up will deal with the security issue, which I think is acceptable
Me too, but it solves a different use-case. If I was powering on a system for personal use (remote desktop for example), I certainly wouldn't want it waking up 300 times a day for no reason :) Defeats the purpose.
 
Yeah, agree. So I was asking for a way to filter out port scanning. :)
You can't really. How would the router be able to decide what is a legitimate connection from one that isn't.

That said, you could install something like Skynet and block "likely sources", e.g. China. Unless of course you were actually in China...
 
You can't really. How would the router be able to decide what is a legitimate connection from one that isn't.

That said, you could install something like Skynet and block "likely sources", e.g. China. Unless of course you were actually in China...

I was thinking of filtering by packet length. Since I am the only one knowing the magic length and so if someone wants to do a port scan, it is unlikely he is going to try 65496 different packet length for each port....

Tho, somehow, I don't see the traffic coming in in dmesg, which the script monitors/parses.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top