Hi,
I was asked if it was possible to wake up internal pcs automatically when they are accessed the first time over VPN (RDP). Since dhcp isn’t used, I had to create an arp/IP mapping.
I used the following rules and script in order to achieve it:
- Create a firewall rule that adds the target PC to an address list that is processed by a script, the rule should only trigger if the packets are originating from the VPN Pool (vvv.vvv.vvv.0/24)
add action=add-dst-to-address-list address-list=wol address-list-timeout=\
none-dynamic chain=forward comment=\
"packet from OVPN to 3389 add dest host to wol address-list" dst-port=3389 \
protocol=tcp src-address=vvv.vvv.vvv.0/24
- Create static disabled arp entries on an unused interface (ether5). These entries should be maintained manually.
/ip arp add address=192.168.xx.1 interface=ether5 disabled=yes mac-address=EE:EE:EE:EE:EE:E1 comment=PC1
/ip arp add address=192.168.xx.2 interface=ether5 disabled=yes mac-address=EE:EE:EE:EE:EE:E2 comment=PC2
- Write a lookup script that parses the wol address-list every 5 seconds looking up the arp entry and sends the magic packet to that address (over the right interface). After sending the WoL packet the address is removed from that list.
:local interface B1;
:foreach i in=[/ip firewall address-list find where list=wol] do={
:local wakeAddress [/ip firewall address-list get $i address];
:foreach j in=[/ip arp find where address=$wakeAddress and interface=ether5] do={
:local wakeMacAddress [/ip arp get $j mac-address];
:log info "Sending WoL to $wakeMacAddress via $interface";
/tool wol mac=$wakeMacAddress interface=$interface
}
/ip firewall address-list remove $i;
it works! Any comments appreciated.
Ralf.