Menu
What's new
By:
Filters Better Search

WOL with ASUSWRT-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

nphansen

Occasional Visitor
Since I may not be successful with my WOL project using ASUSWRT (http://forums.smallnetbuilder.com/showthread.php?t=19403) i'm considering installing ASUSWRT-merlin instead.

The WIKI has a WOL script (https://github.com/RMerl/asuswrt-merlin/wiki/WOL-Script-Wake-Up-Your-Webserver-On-Internet-Traffic), but as far as I can tell, that script would wake the PC on any traffic to the PC (even a port-scan). I would still want to require the WOL magic packet for waking my PC.

The static ARP entry still seems to be the best solution. I imagine that this would be much easier on the ASUSWRT-merlin. I.e. a script could be put in jffs/scripts/ to setup the ARP entry on power-up.

So. An ARP script is needed. I think the best place to put it would be in nat-start. Or is there a better place?

How do i execute arp from the script? Could I just put:

#!/bin/sh
arp -s <IP> <MAC>

..in the nat-start and done?

Thank you.


Edit: I'm having another thought: Is it possible with ASUSWRT-merlin to make a NAT entry that would cause the incoming magic packet to be broadcastet on the LAN? In this way I wouldn't have the need for a static ARP entry and static IP address of the target PC. My attempts to do this with ASUSWRT has been unsuccessful, but there may be a way with ASUSWRT-merlin?
 
Last edited:
Answering my own question :)

I found this thread, that explains how to do it with ASUSWRT-merlin.

(Unfortunately its a bit hard to search this forum, since short words like WOL and ARP are too short to be included in the search)

I think I'll give that a try. However, I don't understand the concern about the lack of authentication. The PC only wakes up on the magic packet that contains its MAC address. Of course its only 48 bit, but this is sufficient to prevent any random WOL packet heading my way to wake up the PC. Further, even if the PC wakes up unexpectedly, it has its own authentication protection. Anyone care to comment about this?
 
There's been reports of PCs randomly waking up when WOL was open on WAN. I suspect that some NICs might wake up whenever they see the magic packet, regardless of whether their MAC is present in it or not.
 
Thank you for commenting on this. I have tested it with several random MAC addresses and my PC only reacts on its own MAC. Of course, I can't say this for sure since I haven't tested all possible combinations. AFAIR I also have a network card that optionally require an additional password in the magic packet (aka secure WOL or something like that). I may look into this at a later time to increase security.

BTW: Do you know if its possible to make a NAT entry such that the magic packet is broadcastet on the LAN. I may prefer this solution, since I would avoid the need for static IP addresses, and I can wake up several PCs without a NAT entry for each one of them. What are the ASUSWRT(-merlin) script commands for manipulating the NAT table?
 
nphansen said:
Thank you for commenting on this. I have tested it with several random MAC addresses and my PC only reacts on its own MAC. Of course, I can't say this for sure since I haven't tested all possible combinations. AFAIR I also have a network card that optionally require an additional password in the magic packet (aka secure WOL or something like that). I may look into this at a later time to increase security.

BTW: Do you know if its possible to make a NAT entry such that the magic packet is broadcastet on the LAN. I may prefer this solution, since I would avoid the need for static IP addresses, and I can wake up several PCs without a NAT entry for each one of them. What are the ASUSWRT(-merlin) script commands for manipulating the NAT table?
Click to expand...

The nat-start is the ideal place to put anything that needs to play with the NAT portion of iptables. The router is simply using Linux's iptables to configure everything firewall/nat-wise.

No idea how to accomplish what you mention tho. I suspect it might not be possible through just a simple iptables rule.
 
Thank you. I looked into the iptables command. Yes, it should be possible, however, this is pretty complex stuff to understand. Lots of different tables, chains, rules etc. This will probably take more time to understand fully than I care to spend at present time.

So instead of iptables, i figured out this (clever?) way to make the router broadcast the magic packet:

1) Limit the dhcp pool to e.g. x.x.x.2 to x.x.x.253 (i.e. make sure .254 is not used by the dhcp server)
2) Make a port forwarding from wan to IP address x.x.x.254
3) Add a static arp entry arp -s x.x.x.254 ff:ff:ff:ff:ff:ff

Now, anything transmitted to the open port on the WAN interface (e.g. the WOL port 9) is routed to IP address x.x.x.254 and then broadcastet on MAC address ff:ff:ff:ff:ff:ff :cool:

This works perfectly. Of course I still need the static arp entry. I think I will try out the merlin build during the weekend.
 
nphansen said:
Thank you. I looked into the iptables command. Yes, it should be possible, however, this is pretty complex stuff to understand. Lots of different tables, chains, rules etc. This will probably take more time to understand fully than I care to spend at present time.

So instead of iptables, i figured out this (clever?) way to make the router broadcast the magic packet:

1) Limit the dhcp pool to e.g. x.x.x.2 to x.x.x.253 (i.e. make sure .254 is not used by the dhcp server)
2) Make a port forwarding from wan to IP address x.x.x.254
3) Add a static arp entry arp -s x.x.x.254 ff:ff:ff:ff:ff:ff

Now, anything transmitted to the open port on the WAN interface (e.g. the WOL port 9) is routed to IP address x.x.x.254 and then broadcastet on MAC address ff:ff:ff:ff:ff:ff :cool:

This works perfectly. Of course I still need the static arp entry. I think I will try out the merlin build during the weekend.
Click to expand...

The broadcast address is determined by the netmask, not by the DHCP scope.
 
Yes. I know what you are saying. For a subnet mask of 255.255.255.0, the broadcast address would be 192.168.1.255. However, apparently a NAT entry with a destination IP of 192.168.1.255 doesn't work. The above is a work-around. Technically .254 is not a broadcast address, and therefore I need to limit the dhcp scope to ensure that this IP address is not used by any device.

Im not sure why I can't use a broadcast address as destination IP. However, if it is simply because it happen to be x.x.x.255, there may be another workaround:
With a subnet mask of 255.255.255.128, the broadcast address is 192.168.1.127. This may be accepted. I haven't tested this yet.
 
So you are reducing the DHCP scope simply to ensure the IP doesn't get allocated. I see what you are doing now.
 
Hello all. I was wondering if there exists a script that can wol a certain ip if another ip becomes active. To be more precise when i turn on my tv the router to send a wol packet to my freenas . Thank you in advance for your help. Rwgards.
 
You must log in or register to reply here.

Similar threads

K
Weird Wake on LAN problem with GT-AXE16000
Replies
15
Views
529
Kurai
K
d5aqoep
WOL stops working after 15 min. ARP entries cleared randomly.
Replies
10
Views
577
d5aqoep
d5aqoep
D
WoL question on asuswrt firmware.
Replies
3
Views
320
bbunge
bbunge
Andro
Wake on Lan in LAN (broadcast address only)
Replies
0
Views
723
Andro
Andro
D
Devices within LAN not connecting
Replies
4
Views
252
dondondon
D

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 731 (members: 26, guests: 705)
Top