Cant get WOL working - DS210+. Any ideas?!

[beagle]

Hi all,

I'm struggling with getting WoL working on my new DS210+. I've never used WoL before, but I'm fairly IT proficient and this one's got me stumped! Setup is as follows:

DS210+ on LAN with static IP and WoL enabled.
Dlink DGS-1008D Green switch
Linksys WAG-160N router, with ports 80(http), 443(https), 5000 and 5001 all forwarded to the NAS IP as TCP format, and then ports 7 and 9 (WoL - see below) forwarded to the NAS IP as UDP format.

As for a WoL magic packet app - I'm actually trying "on-line" websites that generate and send the magic packet for me from your IP and MAC (because it's not practical or possible for me to install a magic packet app on the client PC owing to admin rights)... Have tried both: http://www.wakeonlan.me/ and also http://www.dslreports.com/wakeup. Whilst I understand this may be the problem - i.e can I be sure the website is sending the magic packet - these both "appear" to be reliable sites for WoL users. However, no joy. I'm using the suggested ports from these sites for WoL access - ports 7 & 9 as UDP, but the DS refuses to turn on over the WAN. It will however turn on over the LAN using the bundled Syno app, so again, fairly confident it's not the NAS, but rather my setup.

The ONLY thing I can think of that I may be doing wrong is that I'm trying to forward WoL packets direct to the NAS IP address, rather than broadcasting to all on the network via the broadcast address - this is because the Linksys router software won't accept the common xxx.xxx.xxx.255 broadcast address. Could this be my problem?

I started looking into packet sniffers like wireshark to see if I could actually detect the incoming packet, but that's something I don't have experience in.

Any ideas anyone?!

Many thanks, Beagle

[AeonDakota]

Hello, I'm having the exact same problem with almost identical setup (different router though, but same port forwards). Sorry I can't help, but just wanted to let you know you weren't alone.

[beagle]

I'm only about 60% there on this at the moment, so someone please correct me if you know better - here's what I've found out so far after much googling... which in short points to my router being the issue.

1) Consumer grade routers deliberately stop something called a "directed IP broadcast" - basically a broadcast message command across a subnet, but initiated from another subnet. i.e. a message from the WAN (internet) instructing a broadcast message to take place on my own LAN. This type of message is apparently the basis of smurf and fraggle attacks, so routers deliberately block them. The reason this seems to affect WOL, or more specifically here "remote WOL" or "WOW" (Wake on WAN), is because the WOW packet originating from the WAN is trying to initiate a broadcast across your own local network to all local network assets, but must pass through your router to get there. Your router of course, can't tell if this is legitimate WOW request, or a melicious attack, so blocks it. Problem no 1.

2) If you are able to get a packet through somehow, then the next problem people find is that WOW works for the first few mins after switching off the target device, but then no longer. This is because a WOW packet goes to a MAC address, not an IP address. Your router stores a correlation table of MAC addresses to IP addresses in it's ARP cache, which is continuously updated by live devices saying "hello" and identifying their MAC, and the router then assiging them an IP address. Now when you turn off a device, it no longer advertises itself (because it's off), so eventually the router loses sight of the MAC and thus terminates the association with an IP - by flushing the ARP cache in the routers memory every few mins - hence again stopping WOW working because this time the router isn't even trying to send out the magic WOW packet to the right device. Problem no 2.

Now then, this is where I've now generated more questions than I've found answers!...

The proposed answer appears to be to buy a half decent router that provides functionality to allow WOW magic packets through it's firewall (prob 1), and permits something called "bind IP to MAC" (prob 2). I've had two options suggested to me - either a good value "business grade" router such as a Draytek 2820 (£150-£200), or a router running some half decent and capable firmware such as DD-WRT or Tomato. It's also worth noting that both these options also have firmware that can initiate WOL requests itself - so if you still for some reason have no joy in getting the magic packet through from the WAN, then a half-way house option is to remotely log in to the router GUI over the internet, go to the routers WOL page, and initiate WOL from there - the router then generates it's own WOL request across the LAN. I'm thus going to invest in a new router and I'll let you know how that goes in the next couple of weeks...

However, questions I now have (CAN ANYONE ANSWER?!)...

1) Why if directed IP broadcasts are generally a bad thing, would a business grade router allow them through? How can this be done safely?

2) I've personally tried sending a WOW packet direct to a specific IP address through my routers port forwarding page - i.e NOT a broadcast to all on the LAN, but still no joy - why?? I can see the packet on my network using a packet sniffer, so I' know it's got through but the NAS doesn't respond. My assumption is that my router has flushed it's ARP cache real quick after I power off the NAS, thus the packet is on my network but no longer getting through, OR the router is still changing the packet in some way before passing it on. (Note if I initiate WOL from the Syno App, the NAS wakes up straight away).

3) Does anyone know if a WOL command HAS to be broadcast to all devices on a network, or can it go just to THE specific device. i.e. as a software standard, how are WOL magic packets supposed to be implemented?

As food for thought, one final thing that might work is another half-way house option: With some routers (alas not my Linksys WAG160N), whilst the config GUI doesn't allow you to bind-IP-to-MAC, you can apparently telnet/ssh in to them and manually create a permanent static ARP assignment linking IP to MAC. My thought was then that IF a WOL magic packet can be sent to a single IP address through port forwarding, and not broadcast to all, then the router may not see it as a Directed IP Broadcast and thus allow the packet through. The static ARP entry would then direct it to the correct place and fingers-crossed the NAS might fire up - just a thought.

PLEASE - I'm not a TCP/IP guru (yet anyway!), so anyone who can help or try out the above, please challenge / contribute to this thread and help see if we can get WOL working over the internet!

Thanks.
Beagle

[maxxfi]

Here are my 2c

One possible reason for the difference between cheap and 'business grade' routers is that the latter
give more control over their configuration, and as they are probably managed by professionals
there could be some situation where it's ok to disable the broadcast propagation.

The WOL 'magic packets' are broadcast packets (IP: 255.255.255) addressed to a specific MAC address.
At the shutdown time for the device to be WOL'd the O.S. has to tell the network interface to not completely
turn off, but to keep listening for packets addressed to its MAC address.
The technology is made to be independent of the IP address, and actually doesn't even need TCP/IP.
In TCP/IP networks takes shape of a broadcast packet (a specially crafted UDP datagram)

I think one in-house solution (actually I'm working on it ) is to have on the local network a very tiny device
(my tiniest so far is an old NSLU) that is always on, has its own IP address and so can be contacted from outside,
and that can launch WOL packets for other devices inside its LAN (or activate USB-driven power switches, but I'm digressing here )

[beagle]

Problem now solved... at the price of a new router.

I now have a Draytek Vigor 2820 router, which not only passes on the packets from WAN --> LAN, but also has a Bind-IP-to-MAC functionality to direct packets long after the ARP cache would normally have been flushed. Furthermore the router is also able to generate its own WOL signal to the NAS over the LAN in its admin pages - thus giving me two options to boot the NAS - either via an online WOL application, or by logging in to my router.

It's possible that my old Linksys WAG160N would have worked without the Bind-IP-to-MAC funtionality IF the router would have allowed me to forward all WAN-based packets to all my LAN devices via the xxx.xxx.xxx.255 broadcast address. However, the WAG160N firmware will not let me enter a broadcast address, saying it's out of the normal address range - annoying . I guess it might not have been the most secure workaround either (as in passing all WAN traffic on as a LAN broadcast).

Anyways, moral of the story - if you're having problems getting Wake On WAN working, try either:

i) Bind-IP-to-MAC to prevent the ARP-cache flushing issue catching you out. (if you can't see Bind-IP-to-MAC in your router firmware, then google it for your router, as some routers allow you to telnet in to them and add manual bind entries in the ARP - not the WAG160N btw - nnnngggghhh!)

ii) Forwarding internet-based UDP WOL packets to all devices on your LAN via your networks broadcast address - commonly at xxx.xxx.xxx.255

iii) Buying a half-decent router!

As a last point http://www.depicus.com/wake-on-lan/wake-on-lan-monitor.aspx provide a WOL packet sniffer, to help you see if packets are making it through to your network in the first place.

Hope that helps!

Cheers,
- Beagle

[AeonDakota]

Thanks for your insightful information, beagle. I'm running a Netgear CG3000 router supplied by my ISP, and I can't really see it supports that type of thing (Bind IP to MAC). Getting a new router is not an option, since I require a router with "coaxial in" since I'm running broadband over the cable network here in Denmark. I suppose I'll have to live without the feature.

PS: What's the reason behind the name "beagle"? The dog or something else? I'm a happy beagle owner myself