Question Is it possible to setup WOW while not having access to ARP tables?

[Rui_Cardona_1]

My ISP does not provide me with access to the ARP Tables on my ISP provided Modem Router, this means that I cannot stop the ARP tables from being flushed (not sure if that's the right term) every 5 minutes from my Modem Router after the computer I intend to turn on shuts down.
So far I have tried: Setting up a static IP on the target PC, setting a DMZ for the target PC, creating a DDNS for my router, port-fowarding for both TCP and UTP for port 7 and 9 and using a tplink router with proper IP and MAC binding (this one also failed because with the tplink router in the chain I was not able to use either WOL or WOW at all)
Question is, how can I setup WOW properly if I do not have access to the ARP tables? The only extra equiment I currently own is the tplink router, with that being said I do not know how to set it up properly for this as I explained above.

I'm not even sure if ARP is the problem but is the only conclusion I can reach after some research. Any help would be appreciated!

 

[bill001g]

Your main issue is there is no such thing as wake on wan.

Even the way you are attempting to hack around it should not technically work. The WoL packet is support to be a packet send to the broadcast mac address that contains the actual mac address to wake in a special pattern.

WoL has no concept of IP addresses or port numbers so that information should not really even be in the packet. The only reason it works....well for a lot of motherboards....is these motherboards accept packets sent to the actual end machine mac address and as long as it can find the pattern it doesn't care what else is in the packet.

But you are correct the problem is the arp timeout in the router. The only fix is to get a router that you can set a static arp entry.

Even then WoL is very flaky. When I used to use it I had to send mulitple wake packets many times and I was sending them from the lan.

So if you REALLY want to use Wol there are some routers like asus that let you remote access the router and then ask the router to send a actual WoL packet. You could set up a raspberry pi device to do the same thing.

First really look at why you are doing this. Most sleep modes do not use much more power than WOL mode but as soon as you attempt remote access to the machine it fully powers up.

The other method that works much better is to use the option in the bios that does boot when power is restored. You then use one of fancy power outlets that you can get remote access and turn the power on. These used to be very expensive things years ago now they are very cheap.

 

[Rui_Cardona_1]

Your main issue is there is no such thing as wake on wan.

Even the way you are attempting to hack around it should not technically work. The WoL packet is support to be a packet send to the broadcast mac address that contains the actual mac address to wake in a special pattern.

WoL has no concept of IP addresses or port numbers so that information should not really even be in the packet. The only reason it works....well for a lot of motherboards....is these motherboards accept packets sent to the actual end machine mac address and as long as it can find the pattern it doesn't care what else is in the packet.

But you are correct the problem is the arp timeout in the router. The only fix is to get a router that you can set a static arp entry.

Even then WoL is very flaky. When I used to use it I had to send mulitple wake packets many times and I was sending them from the lan.

So if you REALLY want to use Wol there are some routers like asus that let you remote access the router and then ask the router to send a actual WoL packet. You could set up a raspberry pi device to do the same thing.

First really look at why you are doing this. Most sleep modes do not use much more power than WOL mode but as soon as you attempt remote access to the machine it fully powers up.

The other method that works much better is to use the option in the bios that does boot when power is restored. You then use one of fancy power outlets that you can get remote access and turn the power on. These used to be very expensive things years ago now they are very cheap.

I do have a router that let's me set a static arp entry, the tplink one. The problem then becomes being able to get the package all the way to the computer. If there's a way to get it working this way it'd be awesome. You mentioned a raspberry pi, mind elaborating a bit more?

 

[bill001g]

So the hack that mostly works is to first put in a port forwarding rule for some dummy lan ip. Say use 192.168.1.249....assuming the router is 192.168.1.1.
Now put in a static ARP entry for this dummy ip 192.168.1.249 and map it to the broadcast mac fff:fff:fff

So now in theory when you send a wol packet to the external IP of your router it will translate that into a broadcast packet which your wol machine should see.

Part of the reason broadcast are not allowed to cross ip boundaries is people can use them to denial of service attack you. If they where to send junk traffic to say udp port 9 on your router it would then send broadcast out which every machine on your network would get. If someone sends enough it can denial of service every machine. Mostly you are just going to get the garbage traffic from the port scanners unlikely someone will attack you just have to be aware you have opened a hole.

The raspberry pi solution can be done a couple ways but the simplest is to telnet or ssh into the raspberry remotely and send the wol packet. There are fancier solutions if you dig around.

 

[Rui_Cardona_1]

So the hack that mostly works is to first put in a port forwarding rule for some dummy lan ip. Say use 192.168.1.249....assuming the router is 192.168.1.1.
Now put in a static ARP entry for this dummy ip 192.168.1.249 and map it to the broadcast mac fff:fff:fff

So now in theory when you send a wol packet to the external IP of your router it will translate that into a broadcast packet which your wol machine should see.

Part of the reason broadcast are not allowed to cross ip boundaries is people can use them to denial of service attack you. If they where to send junk traffic to say udp port 9 on your router it would then send broadcast out which every machine on your network would get. If someone sends enough it can denial of service every machine. Mostly you are just going to get the garbage traffic from the port scanners unlikely someone will attack you just have to be aware you have opened a hole.

The raspberry pi solution can be done a couple ways but the simplest is to telnet or ssh into the raspberry remotely and send the wol packet. There are fancier solutions if you dig around.

So, to do what you suggest above I'd need to use my TP-Link router and my network IP's would be as follows: Modem Router from ISP would be 192.168.1.1, TP-Link 192.168.1.2 and then on the TP-Link router it's LAN IP would be 192.168.0.1 and the dummy IP 192.168.0.249. Assuming that's right, would I bind on the ARP table the computer's Mac address to that dummy IP or the Router's?

Also, where should I open my ports? I assume on both so that the packet can go through.

Then sending a packet would be as simple as sending it to the tplink's public IP and MAC address on the ARP table right?

 

[bill001g]

With 2 routers in the path you have to put port forward rules in both.

You would sent to the public IP (ie the wan IP in the ISP router) with the mac address of the actual device you want to wake internal to the packet your application sends.

WoL is messy sometimes to get to work. The best first test is with the machine you want to wake up run wireshark on the machine to see what data you get. First do the wake over the local lan then try to send it via the port forwarding. Note you have to actually be on a different ISP when you try to test to the external IP. Key here is do you receive the packets and do they use the ports you expect and most important does it contain the magic packet with the mac. Wireshark should decode the packet for you.

 

[Rui_Cardona_1]

With 2 routers in the path you have to put port forward rules in both.

You would sent to the public IP (ie the wan IP in the ISP router) with the mac address of the actual device you want to wake internal to the packet your application sends.

WoL is messy sometimes to get to work. The best first test is with the machine you want to wake up run wireshark on the machine to see what data you get. First do the wake over the local lan then try to send it via the port forwarding. Note you have to actually be on a different ISP when you try to test to the external IP. Key here is do you receive the packets and do they use the ports you expect and most important does it contain the magic packet with the mac. Wireshark should decode the packet for you.

Hey, thank you for all the suggestions. I followed this guide over here: https://forums.tomshardware.com/threads/the-ultimate-modem-router-setup-thread.1303081/

And more specifically PPPoA config in there.

 

[Ralston18]

@Rui_Cardona_1

Forum rules prohibit self-awarded Best Answers so I have removed the BA award to yourself.

However, you are free to award a Best Answer to whatever other post in this thread helped you the most.

It appears that you intended to BA @bill001g (Post #6).