[SOLVED] Wake on Lan works, wake on WAN does not

[roberto21]

It has been literally years I am trying to solve or at least understand a WoW problem.This may be due to my poor understanding of many suggestions I have been reading here and there, so I'll try to summarize what I did and what does not work, in a practical way.
The challenge is to wake up a windows10 pc from a windows10 pc at home. My home pc is in a LAN behind a 3 home-and-life router, the pc to be awoken is in a LAN behind a Vodafone Station Revolution router. The target PC is correctly configured to be awoken, since WoL works perfectly INTHE SAME LAN.
I am using Matlab MC-WOL.exe command line to send the magic packet to the target pc. From what I understand, MC-WOL uses port 65535. Following the instructions:

1. with static DHCP in vodafone router, I mapped the MAC address of the target pc (say aa🇧🇧cc:dd:ee:ff) to its IP address in LAN (say 192.168.1.22)
2. Forwarded port 65535 to IP address 192.168.1.22

This should take care of the fact that the vodafone router, as every other commercial router, does not support broadcasting, but in this I may be wrong.

Anyhow, if in a pc in the same LAN I try the command

MC-WOL aa🇧🇧cc:dd:ee:ff

all is well, and the pc wakes up without trouble

If I try, in my pc at home

MC-WOL aa🇧🇧cc:dd:ee:ff /a 11.22.33.44 (where 11.22.33.44 is the external, internet address of the vodafone router)

I get the same result message (SUCCESS!! in sending the packet) but nothing happens, and the PC does not wake up.

It is clear Im am missing something vital , and maybe trivial (but not for me). What am I doing wrong?
Also, note that in the Vodafone LAN there is always a windows10 PC powered on, because it hosts the SQLEXPRESS used to handle our small database. Can this be of any help in finding a solution? Thank you for your understanding.

 

[roberto21]

It has been literally years I am trying to solve or at least understand a WoW problem.This may be due to my poor understanding of many suggestions I have been reading here and there, so I'll try to summarize what I did and what does not work, in a practical way.
The challenge is to wake up a windows10 pc from a windows10 pc at home. My home pc is in a LAN behind a 3 home-and-life router, the pc to be awoken is in a LAN behind a Vodafone Station Revolution router. The target PC is correctly configured to be awoken, since WoL works perfectly INTHE SAME LAN.
I am using Matlab MC-WOL.exe command line to send the magic packet to the target pc. From what I understand, MC-WOL uses port 65535. Following the instructions:

1. with static DHCP in vodafone router, I mapped the MAC address of the target pc (say aa🇧🇧cc:dd:ee:ff) to its IP address in LAN (say 192.168.1.22)
2. Forwarded port 65535 to IP address 192.168.1.22

This should take care of the fact that the vodafone router, as every other commercial router, does not support broadcasting, but in this I may be wrong.

Anyhow, if in a pc in the same LAN I try the command

MC-WOL aa🇧🇧cc:dd:ee:ff

all is well, and the pc wakes up without trouble

If I try, in my pc at home

MC-WOL aa🇧🇧cc:dd:ee:ff /a 11.22.33.44 (where 11.22.33.44 is the external, internet address of the vodafone router)

I get the same result message (SUCCESS!! in sending the packet) but nothing happens, and the PC does not wake up.

It is clear Im am missing something vital , and maybe trivial (but not for me). What am I doing wrong?
Also, note that in the Vodafone LAN there is always a windows10 PC powered on, because it hosts the SQLEXPRESS used to handle our small database. Can this be of any help in finding a solution? Thank you for your understanding.

 

[kanewolf]

It has been literally years I am trying to solve or at least understand a WoW problem.This may be due to my poor understanding of many suggestions I have been reading here and there, so I'll try to summarize what I did and what does not work, in a practical way.
The challenge is to wake up a windows10 pc from a windows10 pc at home. My home pc is in a LAN behind a 3 home-and-life router, the pc to be awoken is in a LAN behind a Vodafone Station Revolution router. The target PC is correctly configured to be awoken, since WoL works perfectly INTHE SAME LAN.
I am using Matlab MC-WOL.exe command line to send the magic packet to the target pc. From what I understand, MC-WOL uses port 65535. Following the instructions:

1. with static DHCP in vodafone router, I mapped the MAC address of the target pc (say aa🇧🇧cc:dd:ee:ff) to its IP address in LAN (say 192.168.1.22)
2. Forwarded port 65535 to IP address 192.168.1.22

This should take care of the fact that the vodafone router, as every other commercial router, does not support broadcasting, but in this I may be wrong.

Anyhow, if in a pc in the same LAN I try the command

all is well, and the pc wakes up without trouble

If I try, in my pc at home


I get the same result message (SUCCESS!! in sending the packet) but nothing happens, and the PC does not wake up.

It is clear Im am missing something vital , and maybe trivial (but not for me). What am I doing wrong?
Also, note that in the Vodafone LAN there is always a windows10 PC powered on, because it hosts the SQLEXPRESS used to handle our small database. Can this be of any help in finding a solution? Thank you for your understanding.

Having a static DHCP reservation is not a guarantee that the ARP table in the router does not age out.
I bet if you used your cell phone (on cell service) to send the wake packet, you could test that. Turn off the PC and immediately send the wake packet from your phone while at the PC. If it works then the MAC is still in the ARP table. Wait 10 min and try. If it fails, then the ARP table has aged out.

 

[bill001g]

I agree it is likely a mac timeout which is why this hack doesn't work on most routers. WOL has no concept of IP addresses so it can not technically be done from a different subnet. Some WOL clients also enforce that the WOL packet must be sent to the broadcast mac addresses rather than the machine mac address.

The other way this might work is to put in a port forward rule to the broadcast IP. So your port map port 65535 to 192.168.1.255. Depends how smart the router is. Many routers disable this because someone can denial of service attack you.

The other method is to put in a static ARP entry (not possible on most consumer routers) and map some dummy IP like 192.168.0.100 to the broadcast mac address FF:FF:FF:FF:FF:FF. You would then put in port forward rules to 192.169.0.100. Since WOL only cares about the mac address inside the packet having strange IP doesn't matter. Technically it should not have a IP header but few WoL clients enforce this.

On top of this WoL is very flaky sometimes. You must send multiple packet to wake it..

Other solution tend to work much better. Some routers like ASUS you open a web page remote on your router and ask it to send the WoL packet for you. The other common way to do this would be to remotely access your always on pc and ask it to send the WoL.

I tend to not bother with this mess anymore. Many of the microsoft low power options let you remotely access machine even it is in low power and it will bring the power up. There is very little extra power being used compared to WoL state. You can also just use one of fancy power plugs you can access via the internet. You can set the machine to boot as soon as it gets power.

 

[roberto21]

Having a static DHCP reservation is not a guarantee that the ARP table in the router does not age out.
I bet if you used your cell phone (on cell service) to send the wake packet, you could test that. Turn off the PC and immediately send the wake packet from your phone while at the PC. If it works then the MAC is still in the ARP table. Wait 10 min and try. If it fails, then the ARP table has aged out.

I don't completely understand why using my cell phone (without wifi) should be different from using a pc, but i tried anyhow. No result. Packet is succcessfully sent, but the pc does not wake up. Note that in any case, even testing with my home pc, I shut down the target pc and immediately (few seconds) send my magic packet: there is absolutely no answer from the target.
I have also a rule in bitdefender firewall that allows MC-WOL permission for outgoing activity, all network, all protocols. This should be enough to allow packets to leave my router...I hope

 

[bill001g]

But where are you sending the packet from your home pc. Are you sending a WoL packet directly on the lan or are you trying to use the external IP of your router. Using the external IP of your router as a destination IP from a machine inside the lan is another issue. Someone else just today asked about this. Your router must support what is called hairpin NAT. Not all routers support this. If it does not wake when you pc is sending a WOL packet directly then it is one of the many strange issues with WoL. Microsoft got involved and defined their own version of low power wake stuff and it has been inconsistent how bios makers implemented it. You likely have something set wrong in the bios.

 

[kanewolf]

I don't completely understand why using my cell phone (without wifi) should be different from using a pc, but i tried anyhow. No result. Packet is succcessfully sent, but the pc does not wake up. Note that in any case, even testing with my home pc, I shut down the target pc and immediately (few seconds) send my magic packet: there is absolutely no answer from the target.
I have also a rule in bitdefender firewall that allows MC-WOL permission for outgoing activity, all network, all protocols. This should be enough to allow packets to leave my router...I hope

Using your cell phone, on cellular, ensures you are on an external network.

 

[roberto21]

But where are you sending the packet from your home pc. Are you sending a WoL packet directly on the lan or are you trying to use the external IP of your router. Using the external IP of your router as a destination IP from a machine inside the lan is another issue. Someone else just today asked about this. Your router must support what is called hairpin NAT. Not all routers support this. If it does not wake when you pc is sending a WOL packet directly then it is one of the many strange issues with WoL. Microsoft got involved and defined their own version of low power wake stuff and it has been inconsistent how bios makers implemented it. You likely have something set wrong in the bios.

I thought it was clear from my example: I send the packet to the external IP of the router. I don't think I have much of a choice here: that is the address of the lan where the packet is supposed to go Then it should be the router to route the packet to the correct MAC address.

MC-WOL aa🇧🇧cc:dd:ee:ff /a 11.22.33.44 (where 11.22.33.44 is the external, internet address of the vodafone router)

Maybe I did not understand the question. What do you mean saying that using the external IP "is another issue"? Is it better or worse?
Then, Microsoft can be inconsistent or not (no wonder in this), but if the packet is able to wake the pc within the lan, why shouldn't it work from outside the lan? BIOS should not have anything to do with this: it either works or doesn't. My impression is that for some reason the packet is sent, but does not get delivered. Can it be blocked somewhere between the two routers?
Tomorrow (today is holiday here) I'll take a look at the ASUS bios of the target machine, but ... what should I look at?

 

[roberto21]

Let me add something. In your kind answers, you mentioned some low power status, like (I imagine) Sleep and Hibernate. Well, good news (relatively). I made some tests: instead of shutting down the target pc, I hibernated it. In this situation, following the sending of the packet from my home pc, the target pc wakes up in a few seconds.
Why relatively? Why in the world the beast wakes up from shut down WITHIN the LAN, and refuses to do so from outside the LAN? What is the difference? Apparently the packet from outside gets received...but does not work, except in Hibernate status.
Ah. Another info. Even when the target pc is shut down completely, Anydesk manages to wake it. Anydesk finds the pc not available, and tries to power it on via wol, And it works. What trick is Anydesk using?

 

[bill001g]

I have no idea about the hibernate status. Any of this power stuff has gotten very confusing since microsoft got involved.

Load wireshark on the machine and send it and see if you get the packets. That will quickly tell you if both the port forwarding as well as the issue with sending to the external IP is working correctly.

The problem with sending traffic to the outside IP address on the router is the router gets confused.

What happens you are attempting to NAT both the source and destination IP to the same external IP.

So if you send a packet from 192.168.0.100 to 11.22.33.44 as the packet passes from lan-wan the router will translate the packet do be from 11.22.33.44 to 11.22.33.44. It might then translate the second one to your inside ip so you get from 11.22.33.44 to 192.168.0.xx. But when the traffic comes back it has to figure out how to reverse this.
Some routers also always send the packet to the ISP even if it was his own IP. The ISP would then have to be smart enough to send it back.
This is something so messy that it is hard to say if any particular router will do this properly. Some do and others do not and there is nothing you can do.

On your first comment the flaw in what you say is " route the packet to the correct MAC address". This is the main reason wake on wan does not work. Mac addresses timeout after about 15 minutes of the router not seeing traffic from it. If there is no entry the router will do a ARP ....BUT your machine is asleep and will not respond. The router will discard the packet. So it might work when you first put the machine in WOL mode but after a short time the mac address will time out and it will stop. This is the reason that WoL actually send traffic to the broadcast mac address so that there is no need to have any mac tables. The packet will get sent to every port.

 

[roberto21]

I have no idea about the hibernate status. Any of this power stuff has gotten very confusing since microsoft got involved.

Load wireshark on the machine and send it and see if you get the packets. That will quickly tell you if both the port forwarding as well as the issue with sending to the external IP is working correctly.

The problem with sending traffic to the outside IP address on the router is the router gets confused.

What happens you are attempting to NAT both the source and destination IP to the same external IP.

So if you send a packet from 192.168.0.100 to 11.22.33.44 as the packet passes from lan-wan the router will translate the packet do be from 11.22.33.44 to 11.22.33.44. It might then translate the second one to your inside ip so you get from 11.22.33.44 to 192.168.0.xx. But when the traffic comes back it has to figure out how to reverse this.
Some routers also always send the packet to the ISP even if it was his own IP. The ISP would then have to be smart enough to send it back.
This is something so messy that it is hard to say if any particular router will do this properly. Some do and others do not and there is nothing you can do.

On your first comment the flaw in what you say is " route the packet to the correct MAC address". This is the main reason wake on wan does not work. Mac addresses timeout after about 15 minutes of the router not seeing traffic from it. If there is no entry the router will do a ARP ....BUT your machine is asleep and will not respond. The router will discard the packet. So it might work when you first put the machine in WOL mode but after a short time the mac address will time out and it will stop. This is the reason that WoL actually send traffic to the broadcast mac address so that there is no need to have any mac tables. The packet will get sent to every port.

I understand, or better I don't understand, you are right, it is all extremely confusing. When you say the mac address gets discarded after10-15 minutes of inactivity, this does not explain why it doesn't work when I shut down the machine and after a few SECONDS I send the packet. Mac address should NOT have had the time to be discarded. It is possible that in Hibernate status it works because in some twisted way Hibernation is not shut down, but the time question remains. Then, just to clarify your explanation: if I send a packet from my home pc (192.168.1.11) to 11.22.33.44, the router (MY home router) translates the packet to be from 11.22.33.44 to 11.22.33.44. It (the same router? or the other one at the office?) translates the second one (what second one?) to my inside IP (you mean the IP of the target pc, behind the other router?), let's say 192.168.0.44. But to do this translation the router should know that that IP (which I do not transmit) is mapped to the MAC address that I transmit, and this the router knows, since mac address is mapped to that ip address with static dhcp..
"When the traffic comes back" .. I admit my ignorance, I don't know what you are talking about. Same for IP sent to ISP.

Anyhow:
1) when the target is in hibernation, everything works fine, so the packet arrives;
2)Anydesk manages to wake up the shut down target even after days of inactivity. I really would like to know what trick they are using.
I am willing to help., but please help me. Where should I run wireshark? I assume I can run it on the pc permanently powered on at the office? Or should I run it on the target pc? Then, while it is running, I send my packet from the home pc and see if something is detected?

 

[bill001g]

You would run wireshark on the machine you are trying to wake. You obviously need to do it while it is active. It is purely for troubleshooting. You will then know what packets if any you get and what the data actually looks like inside the packets so you can see if it really conforms to WoL.

NAT is a extremely confusing concept. You have to understand the translation as the traffic goes out and comes back. Not with is just the source ip address (and the concept of source IP changes based on the directly of the flow). What you are now adding is a second NAT as the traffic comes back in to the other machine. So you are now nat the destination IP also.(again this is from the viewpoint of your machine sending the WoL packet). So the traffic passes through the nat on the router 4 times rather than 2 for each packet send and responded to. You can look up what is called hairpin nat

If it works you are likely running some microsoft thing. The OS maybe actually up and respond to ARP requests. When you run real wake on lan only the ethernet chip is up and a ethernet chip has no concept of IP it only knows it mac address.

I don't know what to tell you but if search for wake on lan and ARP timeout you will see many discussions of this problem. This is not a new problem it has existed for years and since few people run it any more the consumer router manufactures have done nothing to allow you to set fixed ARP entries.

 

[roberto21]

You would run wireshark on the machine you are trying to wake. You obviously need to do it while it is active. It is purely for troubleshooting. You will then know what packets if any you get and what the data actually looks like inside the packets so you can see if it really conforms to WoL.

NAT is a extremely confusing concept. You have to understand the translation as the traffic goes out and comes back. Not with is just the source ip address (and the concept of source IP changes based on the directly of the flow). What you are now adding is a second NAT as the traffic comes back in to the other machine. So you are now nat the destination IP also.(again this is from the viewpoint of your machine sending the WoL packet). So the traffic passes through the nat on the router 4 times rather than 2 for each packet send and responded to. You can look up what is called hairpin nat

If it works you are likely running some microsoft thing. The OS maybe actually up and respond to ARP requests. When you run real wake on lan only the ethernet chip is up and a ethernet chip has no concept of IP it only knows it mac address.

I don't know what to tell you but if search for wake on lan and ARP timeout you will see many discussions of this problem. This is not a new problem it has existed for years and since few people run it any more the consumer router manufactures have done nothing to allow you to set fixed ARP entries.

Thanks, Bill001g. I thought so, so I connected to the target pc with anydesk and launched wireshark there. Then I launched mc-wol on my home computer. Unfortunately, I get thousands of traffic packets on wireshark, and I really do not know what to lok for. Maybe I have to set up a filtering mechanism, but I don't know how. It appears that 90% of the traffic is between the permanently powered on pc and my target pc, and if there are packets coming from mc-wol I cannoit see them in that huge amount of traffic.

By the way, hibernate does not seem to work that well: if I hibernate the target pc, it comes back alive by itself after about one minute, without any wake packet sent. And this is not what I want anyway...

 

[bill001g]

You could use a filter that only looks for the 1 port you are forwarding. You using anydesk to access the pc is likely what is generating the huge traffic you are capturing your watching wireshark so it cascades up. Better if you use local keyboard and monitor and pretty much pretend your pc is asleep running only wire shark with as few other programs as possible. Then you can capture the raw traffic and see packets you did not expect.

It likely is getting some kind of traffic that is waking it up. Again this is all microsoft proprietary junk. Wake on Lan has always been a pain but ever since microsoft define all their different suspend option and even worse bios manufactures inconsistently support some of them it has made this a almost impossible thing to get to work well.

I would still recommend the simple solution. Now that they have those power outlets that you can access via the internet for cheap you can just use the bios option that tells the machine to boot as soon as it sees power. You can use a full shutdown and the port forward are very straight forward for the power outlets some have cloud based access so they work for people that can't get port forwarding to work.

 

[LDelMar]

I also tried for hours to make the hole wake on wan thing work. Turns out my router doesn't allow port forwarding to the broadcast adress (255) nor does it allow editing the ARP. I also did some research on that smart energy plug solution, but my pc doesn't turn on when power is back on, no setting in the bios there.

So I gave up and thought, if wake on lan works, why not just use my old phone in the same network to boot it up. Now I use another pc or phone to remotely trigger that old phone to start my pc You can use Airdroid for starting, works like a charm from everywhere and no need to set up a raspberry.

Just make sure your phone is always loaded, but we use it as a babyphone anyway. Case closed !