1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

WOL with ASUSWRT-Merlin

Discussion in 'ASUS N Routers & Adapters' started by nphansen, Sep 10, 2014.

  1. nphansen

    nphansen Occasional Visitor

    Joined:
    Sep 10, 2014
    Messages:
    15
    Location:
    Denmark
    Since I may not be successful with my WOL project using ASUSWRT (http://forums.smallnetbuilder.com/showthread.php?t=19403) i'm considering installing ASUSWRT-merlin instead.

    The WIKI has a WOL script (https://github.com/RMerl/asuswrt-merlin/wiki/WOL-Script-Wake-Up-Your-Webserver-On-Internet-Traffic), but as far as I can tell, that script would wake the PC on any traffic to the PC (even a port-scan). I would still want to require the WOL magic packet for waking my PC.

    The static ARP entry still seems to be the best solution. I imagine that this would be much easier on the ASUSWRT-merlin. I.e. a script could be put in jffs/scripts/ to setup the ARP entry on power-up.

    So. An ARP script is needed. I think the best place to put it would be in nat-start. Or is there a better place?

    How do i execute arp from the script? Could I just put:

    #!/bin/sh
    arp -s <IP> <MAC>


    ..in the nat-start and done?

    Thank you.


    Edit: I'm having another thought: Is it possible with ASUSWRT-merlin to make a NAT entry that would cause the incoming magic packet to be broadcastet on the LAN? In this way I wouldn't have the need for a static ARP entry and static IP address of the target PC. My attempts to do this with ASUSWRT has been unsuccessful, but there may be a way with ASUSWRT-merlin?
     
    Last edited: Sep 10, 2014
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. nphansen

    nphansen Occasional Visitor

    Joined:
    Sep 10, 2014
    Messages:
    15
    Location:
    Denmark
    Answering my own question :)

    I found this thread, that explains how to do it with ASUSWRT-merlin.

    (Unfortunately its a bit hard to search this forum, since short words like WOL and ARP are too short to be included in the search)

    I think I'll give that a try. However, I don't understand the concern about the lack of authentication. The PC only wakes up on the magic packet that contains its MAC address. Of course its only 48 bit, but this is sufficient to prevent any random WOL packet heading my way to wake up the PC. Further, even if the PC wakes up unexpectedly, it has its own authentication protection. Anyone care to comment about this?
     
  4. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,078
    Location:
    Canada
    There's been reports of PCs randomly waking up when WOL was open on WAN. I suspect that some NICs might wake up whenever they see the magic packet, regardless of whether their MAC is present in it or not.
     
  5. nphansen

    nphansen Occasional Visitor

    Joined:
    Sep 10, 2014
    Messages:
    15
    Location:
    Denmark
    Thank you for commenting on this. I have tested it with several random MAC addresses and my PC only reacts on its own MAC. Of course, I can't say this for sure since I haven't tested all possible combinations. AFAIR I also have a network card that optionally require an additional password in the magic packet (aka secure WOL or something like that). I may look into this at a later time to increase security.

    BTW: Do you know if its possible to make a NAT entry such that the magic packet is broadcastet on the LAN. I may prefer this solution, since I would avoid the need for static IP addresses, and I can wake up several PCs without a NAT entry for each one of them. What are the ASUSWRT(-merlin) script commands for manipulating the NAT table?
     
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,078
    Location:
    Canada
    The nat-start is the ideal place to put anything that needs to play with the NAT portion of iptables. The router is simply using Linux's iptables to configure everything firewall/nat-wise.

    No idea how to accomplish what you mention tho. I suspect it might not be possible through just a simple iptables rule.
     
  7. nphansen

    nphansen Occasional Visitor

    Joined:
    Sep 10, 2014
    Messages:
    15
    Location:
    Denmark
    Thank you. I looked into the iptables command. Yes, it should be possible, however, this is pretty complex stuff to understand. Lots of different tables, chains, rules etc. This will probably take more time to understand fully than I care to spend at present time.

    So instead of iptables, i figured out this (clever?) way to make the router broadcast the magic packet:

    1) Limit the dhcp pool to e.g. x.x.x.2 to x.x.x.253 (i.e. make sure .254 is not used by the dhcp server)
    2) Make a port forwarding from wan to IP address x.x.x.254
    3) Add a static arp entry arp -s x.x.x.254 ff:ff:ff:ff:ff:ff

    Now, anything transmitted to the open port on the WAN interface (e.g. the WOL port 9) is routed to IP address x.x.x.254 and then broadcastet on MAC address ff:ff:ff:ff:ff:ff :cool:

    This works perfectly. Of course I still need the static arp entry. I think I will try out the merlin build during the weekend.
     
    Kevin Marchant likes this.
  8. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,078
    Location:
    Canada
    The broadcast address is determined by the netmask, not by the DHCP scope.
     
  9. nphansen

    nphansen Occasional Visitor

    Joined:
    Sep 10, 2014
    Messages:
    15
    Location:
    Denmark
    Yes. I know what you are saying. For a subnet mask of 255.255.255.0, the broadcast address would be 192.168.1.255. However, apparently a NAT entry with a destination IP of 192.168.1.255 doesn't work. The above is a work-around. Technically .254 is not a broadcast address, and therefore I need to limit the dhcp scope to ensure that this IP address is not used by any device.

    Im not sure why I can't use a broadcast address as destination IP. However, if it is simply because it happen to be x.x.x.255, there may be another workaround:
    With a subnet mask of 255.255.255.128, the broadcast address is 192.168.1.127. This may be accepted. I haven't tested this yet.
     
  10. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,078
    Location:
    Canada
    So you are reducing the DHCP scope simply to ensure the IP doesn't get allocated. I see what you are doing now.
     
  11. Lucian Tothezan

    Lucian Tothezan New Around Here

    Joined:
    Jun 10, 2018
    Messages:
    1
    Hello all. I was wondering if there exists a script that can wol a certain ip if another ip becomes active. To be more precise when i turn on my tv the router to send a wol packet to my freenas . Thank you in advance for your help. Rwgards.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!