Why does Wake on WAN stop working after a while?

[Daboa]

Noob here. I want to be able to turn on my three home computers over the internet so that I can access them remotely if I need to. I've configured a dynamic dns and set port forwarding, but it seems to work sometimes and other times not. Here's what's happening.

Last night I put my laptop to sleep. I then used an app to send a packet and it woke up. Great. So I put it back to sleep. In the morning, I sent a packet the exact same way and it didn't wake up. I woke it up manually, tested and saw that it was receiving the packets, put it back to sleep, and successfully woke it from my app. This describes the behavior of all of my computers. They stop responding to my packets after a while unless I wake them manually for a bit.

If I send the packets from a computer *on my network* straight to another computer (like 192.168.0.103), the computer wakes up, all the time.

So it seems the ddns or routing must be the issue. Any ideas about what's happening? My configurations are below. My router is a TP-Link TL-WR1043ND with latest firmware.


Client List

Port Forwarding

App Configuration

 

[bill001g]

WOL is a very special packet the is sent via a broadcast and contains the machine mac address. It technically should not work to set it directly to the ip address of the machine. The machine does not have a IP it only has a mac address since the OS is not running and even when it does run it could be assigned a different ip address. So the whole concept of sending WOL to a IP is flawed since WOL does not use IP.

Still because it sometime works it appears there are vendors that accept IP packets sent directly to the machine mac address rather than packets set to the broadcast address.

The reason it will work in a lan is the tool is likely just sending the packet to the broadcast address and not even bothering with the IP address. If the machine has been offline for a very long time the ARP entry has timed out and since the PC is offline it will not respond to a ARP. Also the mac table in the switch/router also has likely timed out since the pc is not sending any packets when it is asleep it only listens.

To make it work remotely the router needs a very special feature called directed broadcast. Even if it has it most the time you disable this because it allows someone to do denial of service attacks against all the machine at the same time. What you used to do was for example ping 192.168.0.255 with a spoofed source address and all the lan machines would then send replys to the spoofed source doing a denial of service. It was not long before this feature was removed or turned off by default.

So first your router must have this feature and then it must have a way to send this packet to all ports on the lan. On a non nat router you could send it to the broadcast of the subnet and with the direct broadcast feature the router would do it. On a internet nat router its hard to say. It would need a very special port mapping and there is really no standard so you are going to have to read the manual for your router and see if they support WoL.

The way seen it done securely was to open a secure connection with a machine that active on the correct lan and ask it to send the WoL on your behalf.

I am not sure unless you can somehow secure who sends these requests you would want to even use the directed broadcast feature on the internet.

 

[Daboa]

Wow, thank you for the informative reply. I now understand a few more pieces of the puzzle. From what I can tell, my router does not have a Direct Broadcast feature. Although I doubt anyone would want to DoS my humble home network, it sounds like a risk. Therefore, I don't see how I could create a LAN-level broadcast of the magic packets. It's not just a matter of port forwarding the packet to my subnet mask, right?

Btw, I've read this discussion and it's helped some understanding.

The other option I see on my router is IP & MAC bindings. It looks like I can bind my MAC and IP addresses in the ARP list. Would binding these deal with the ARP time-out issue?

 

[bill001g]

Yes if you were to put in a static ARP it might help but not for a reason I understand.

A WoL packet is send to a destination mac of ffff.ffff.ffff and contained INSIDE the packet is a special pattern with the mac address repeated multiple times.

Now if you were to send the packet to a IP address it would look it up in the arp table and then set the desination to that mac address rather than FFFF.FFFF.FFFF. If the mac was not in the mac address table it would still be broadcast to all ports or it would be sent to the actual machine port only if it had not timed out.

What is strange is this should not work but sometimes does. The packet is not a broadcast packet which it MUST be and the packet contains a IP header, where the WoL only contains the magic pattern. What this means is some manufactures of lan chipset are taking packets that do not follow the WoL standard. When you have someone taking packets that are non standard it is almost impossible to predict what will work and what wont

 

[Daboa]

Obviously, you understand more than I do. I'll try the static ARP bindings and see if that works. If not, maybe I'll leave my Laptop on all the time (it only uses 20 Watts at idle) and use it to broadcast WoL if I need any other devices. Thanks.

 

[Daboa]

For the record, I configured static ARP bindings and I haven't had a failure since. Wherever I want, I can wake any of my computers using the settings described. Thanks.