Community discussions

MikroTik App
 
caprupa
just joined
Topic Author
Posts: 1
Joined: Sun Sep 13, 2015 5:52 pm

WOL from WAN

Sun Sep 13, 2015 8:55 pm

Hello everyone

I'm a new user in this forum and with Mikrotik products , RB2011UiAS with 6.32.1 Os installed.

I would to power on my server from WAN using an android app.
With server power off, the ethernet port is enabled for WOL correctly because I see it with doing an IP Scan from the mikrotik
Simply I forwarded the external port (example 5550) to the internal address (XXX.XXX.XXX.XXX) to the port (9) but I don't see on the firewall NAT rule any packets is coming in, the counter is always 0

I've used another router to test my configuration (mobile phones etc.) and it works so I think I'm not setting correctly the Mikrotik firewall, please can someone give me an help?

Thanks in advance
 
User avatar
ricreis394
just joined
Posts: 10
Joined: Tue Jul 28, 2015 2:38 am

Tue Sep 15, 2015 2:12 am

Have you checked the arp table?

Sent from my A0001 using Tapatalk
 
User avatar
lordkappa
Member Candidate
Member Candidate
Posts: 133
Joined: Wed May 16, 2012 1:53 pm
Location: Vancouver, Canada

Re: WOL from WAN

Tue Sep 15, 2015 1:27 pm

If you are trying to use standard "Magic packet" WOL this will never work. WOL is strictly layer 2. It won't be routeable since it's only addressed to the broadcast address.

Also, since it's a layer 2 affair the magic packet doesn't even need to use a port. UDP is only used for programmer convenience and which port (if any) is used is at the discretion of whoever wrote the WOL client software.

One way to make this work would be to use a subnet directed broadcast which, to my knowledge, Mikrotik does not support. This is probably for the best, as enabling SDB is a major security risk.

The SAFE way to do it would be to use a VPN to become a member of the local LAN, and send your WOL packets that way.
 
marrold
Member
Member
Posts: 427
Joined: Wed Sep 04, 2013 10:45 am

Re: WOL from WAN

Tue Sep 15, 2015 2:03 pm

Use a VPN to become a member of the local LAN, and send your WOL packets that way.
This is one method.

Or you could setup an SSH client to remote into the router and you could run the inbuilt WOL tool on the router. You could probably automate this using something like JuiceSSH

http://wiki.mikrotik.com/wiki/Manual:Tools/Wake_on_lan
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: WOL from WAN

Tue Sep 15, 2015 2:27 pm

Actually it is possible and I have done it with a simple router myself. But in order to work you need to setup a static arp for the ip that you redirect to.
 
booboss
just joined
Posts: 1
Joined: Sun Feb 26, 2017 11:09 am

Re: WOL from WAN

Sun Feb 26, 2017 11:37 am

Hi All,

Also new here as caprupa and also want to WOL from WAN via RouterOS.

What lordkappa says is theoretically true - WOL is Layer II based, but.... it is possible to pass WOL packet through Layer III using static ARP as CyberTod says.
I've already did it on DD-WRT firmware using this method and I can confirm it works:
http://www.dd-wrt.com/wiki/index.php/WO ... Forwarding

Question is how to do the same on RouterOS?
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: WOL from WAN

Sun Feb 26, 2017 12:46 pm

Question is how to do the same on RouterOS?
Do you really need that workaround? There's an embedded WoL tool in RouterOS, check this wiki page out.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: WOL from WAN

Sun Feb 26, 2017 1:28 pm

WOL packets can also be sent as directed UDP packets, since only its data content is evaluated by the target NIC which scans for the following content: 6 bytes 0xFF followed by 16 repetitions of the target MAC (102 bytes).
Length can be more than that and the sequence doesn't need to start at the beginning of the packet.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WOL from WAN

Sun Feb 26, 2017 3:11 pm

Sure, but unfortunately directed broadcast (forwarding traffic to the broadcast address of a remote subnet in a routed network)
does not work on MikroTik routers. They say "because of security" but IMHO there should be an option to enable this for
trusted networks.
 
User avatar
baragoon
Member Candidate
Member Candidate
Posts: 294
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: WOL from WAN

Sun Feb 26, 2017 4:47 pm

very simple
first add static arp entry, for example
/ip arp
add address=172.16.69.30 interface=br-lan mac-address=FF:FF:FF:FF:FF:FF
next forward 9 udp port from wan to lan with address from the previously created static arp
/ip firewall nat
add action=netmap chain=dstnat comment=wol dst-port=9 protocol=udp to-addresses=172.16.69.30
and just send wol packet to your wan_ip:9 udp (or any port you like but you need to change nat rule).
my config works for me for a few years
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WOL from WAN

Sun Feb 26, 2017 9:08 pm

But that sucks! The standard way of doing this (in other manufacturer's equipment) is to send a packet
to the last address in the subnet, and the router or routing switch will automatically send it with broadcast MAC.

Of course you often have to use a config command like "ip directed-broadcast" to enable it.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: WOL from WAN

Sun Feb 26, 2017 9:54 pm

The NIC actually doesn't care about the MAC, it evaluates only the packet content.
So it just has to reach the physical interface, and for this it has to use a ethernet broadcast or multicast MAC address, to trick the switch to send it on all interfaces, since the real MAC can not be obtained via ARP or other methods, the NIC being in a receive only state...
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: WOL from WAN

Mon Feb 27, 2017 10:56 pm

I have a short script built that sends a WOL packet to a particular computer. If I need to activate the WOL, I SSH into the router and call up the script. The script also includes a log entry so I can tell if I (or someone else) activates the script.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WOL from WAN

Mon Feb 27, 2017 11:47 pm

Once you are logged on the the router you don't need any script because you can use the command:
/tool wol interface=aaaa mac=xx:xx:xx:xx:xx:xx

However, when you want to send a WOL command from somewhere else, it is a bit more tricky.
 
k750
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Fri Feb 19, 2016 4:40 pm
Location: France / Paris

Re: WOL from WAN

Tue Feb 28, 2017 12:49 am

Hello everyone
To wake up my server via the LAN I use the software: WakeOnLan
Here: http://www.dipisoft.com/articles.php?ln ... &tconfig=0
On the other hand I do not arrive by the WAN I arrive at nothing
Sorry for my English
Claude
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: RE: Re: WOL from WAN

Tue Feb 28, 2017 12:57 am

Once you are logged on the the router you don't need any script because you can use the command:
/tool wol interface=aaaa mac=xx:xx:xx:xx:xx:xx

However, when you want to send a WOL command from somewhere else, it is a bit more tricky.
Yes I know I can just type the command, but I can assure you that I don't remember the mac for the three computers I might want to wake up!


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: WOL from WAN

Thu Jan 25, 2018 7:29 pm

Sending the port forward to the IP of the target computer worked.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WOL from WAN

Thu Jan 25, 2018 7:33 pm

Sending the port forward to the IP of the target computer worked.
Probably only when you test it like "computer is on, shut it down, try a WOL command, yes it wakes up".
When you try it after an hour, it may be a different story.
(it might still work when the computer you try to wake up has "active management technology" or similar, and thus is always on the network, ready to be hacked)
 
petterg
Member Candidate
Member Candidate
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: WOL from WAN

Thu Jan 25, 2018 8:21 pm

I guess you could solve this by creating a script in the mikrotik that sends magic packet to the server.
Next you need a way to trigger the script. One way to do that is to create a firewall filter or mangle rule on a chosen port, and a scheduled task (running every minute or so) that checks the packet counter on this port - if it has counted X packets then it triggers the wol script - then reset the counter.
The downside of this solution is that you will get some false wake-ups (portscanners?). You can reduce these false wake-ups by implementing some portscanner detection on your fw, and limit the access to this port to your mobile service providers public ip ranges.
You can improve this further by including packet size in the firewall rule.
 
petterg
Member Candidate
Member Candidate
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: WOL from WAN

Sun Jan 28, 2018 12:03 pm

Another way to trigger the script from wan: In winbox go to ppp -> profile -> (add) -> scripts
Then, when your user logs in the script is triggered that makes use of the build in wol tool. For security you may put logged in users into a subnet not used for anything else, create firewall rule to tarpit any tunelled trafic and even force logout after a few seconds. That way you basically created a way for user authentication to remotely run a script.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: WOL from WAN

Wed Feb 21, 2018 8:17 pm

Been in use for a few weeks now.

Have not heard of any problems. Counter shows its been hit 218 times.

Who is online

Users browsing this forum: coffee1978 and 42 guests