6

--- Recap of the possible solutions at the bottom ---

First of all I apologize if I write something that makes no sense. My knowledge of networks didn't go beyond what an IP address is until 3 days ago, and a lot of this is still very alien to me.

I setup a system where I can turn on my home computer remotely using Wake on LAN / WAN. I have followed several guides to enable it and it seemed to be working, at first, except that after my remote PC has been turned off for a while, it doesn't work anymore.

I understood that this is due to the ARP table flushing, and I thought I had addressed this problem by mapping my remote PC IP address to its own MAC address in the DHCP config of its router.

Let me briefly illustrate what I did:

  1. Setup a DDNS service, allowed WoL in BIOS, allowed NIC to WoL on magic packets, disabled fast startup on windows 10 etc... that part is covered.
  2. I forwarded port 7 on my router listening to UDP packets. Since the router doesn't allow broadcasting, I cannot bind the port to 192.168.1.255 (it says "invalid ip"), and hence I bound it to the IP address of my remote machine.
  3. Then, in the DHCP config, I mapped my remote PC MAC address to its own IP.
  4. Lastly, I have downloaded an app on my phone (this one) that sends a magic packet with my remote PC MAC address. I tested it on 4G and it properly delivers the packet.

As I said above, everything works fine until remote PC stays turned off for a while. I thought step 3 would fix the ARP table flushing, but apparently it didn't (I thought DHCP configs and ARP table were the same thing?).

So my question is, is there a way I can circumvent this problem, and be able to turn on my pc remotely even after a it's been in shutdown for a while?

The second part of my question is: I read here that I am supposed to edit the ARP table of the router to have a static mapping between my pc MAC address and IP so that it doesn't get flushed out. I am not at home for the next 3 weeks and I don't recall my router having the possibility to edit the ARP table (I might be mistaken tho). So, is there a way I can SSH remotely to the router?

Any help or info is much appreciated.

Edit - for those that will stumble in the same issue:

If your router doesn't allow directed broadcasting (apparently most of them), sending a wake on WAN packet to a machine becomes a tad more complicated. One can either:

  • Add a static binding to the ARP table. Having a static DHCP reservation doesn't work because they carry out different functions, as explained here. Editing the ARP table is also not necessarily straightforward: seemingly most routers don't have that option in their web gui, and therefore you have to SSH into them. Even then, you might be facing a castrated system allowing a very small subset of commands, like in my case.

  • If you can't edit the ARP table, there are two more options:

    1. Use a low-power raspberry pi to be on 24/7, direct the wol packet to it via ssh and broadcast it via LAN, as explained here.

    2. If your router has an option to send WoL packets to machines in LAN, enable remote management of your router via HTTPS so you can access the router's web gui via browser. However, the general consensus is that this is a HIGHLY NON RECOMMENDED practice.

Improve this question
11
  • Some routers support SSH but it must be enabled to allow remote access. Enabling remote access obviously isn’t a secure setup.
    – Ramhound
    Commented May 17, 2021 at 12:27
  • @Ramhound Interesting, what would be the security implications of enabling a router for remote access ?
    – wtfzambo
    Commented May 17, 2021 at 12:29
  • It could be remotely configured by a malicious party and compromised.
    – Ramhound
    Commented May 17, 2021 at 12:35
  • @Ramhound uhm ok. How would that happen tho? Like, if I have a way to enable SSH and only allow my own private key, how could someone else that doesn't own that key to exploit it ?
    – wtfzambo
    Commented May 17, 2021 at 12:37
  • @wtfzambo: Network services could have pre-authentication vulnerabilities, allowing an attacker to take control without actually needing to log in first. Those have been very rare in OpenSSH, and relatively rare in Dropbear sshd (which is often found in small devices)... but they do occur. Many routers embed several-years-old software that's literally never updated, so e.g. if yours happens to run a version of Dropbear from 2016 or older then it's likely affected by a few such vulnerabilities. (Or, worse, if the manufacturer wrote a custom sshd... never ends well.)
    – grawity_u1686
    Commented May 17, 2021 at 12:54

2 Answers 2

Reset to default
5

The second part of my question is: I read here that I am supposed to edit the ARP table of the router to have a static mapping between my pc MAC address and IP so that it doesn't get flushed out.

Yes, if you're trying to use port-forwarding for WoL, that's correct.

I am not at home for the next 3 weeks and I don't recall my router having the possibility to edit the ARP table (I might be mistaken tho)

Many home routers indeed don't have this function (or at least not in the web UI). It's not something that a typical user would need to do; practically the only uses it sees are either WoL via port-forwarding or a poor attempt at "securing" the network.

(For that matter, many home routers don't even have the function to edit routes...)

(I thought DHCP configs and ARP table were the same thing?).

They definitely are not. (Some routers, such as pfSense, do have the feature to automatically copy static DHCP leases into static ARP table entries, but that's something they had to deliberately program for.)

So, is there a way I can SSH remotely to the router?

Depends on the router. Some allow SSH to be enabled, others only support Telnet or nothing at all; some restrict it to LAN only. Some let you do useful things via SSH, others have a very limited command set; you're unlikely to find an actual WoL command there, though you might be able to add temporary static ARP entries.

Whether you should also depends on the router. As mentioned in comments, many embedded devices tend to come with outdated and sometimes outright vulnerable software, which includes their SSH daemons. (For example, Dropbear sshd had a few remotely exploitable vulnerabilities in 2016.)

When you get home, I'd suggest getting a cheap Raspberry Pi-alike (low power so it can run 24/7), and setting up SSH (via port forwarding) into that. Admittedly, running the wake-on-LAN command via SSH is certainly not as convenient as doing it directly through an app... but it should actually be easy to forward the WoL packets to the Pi, and have it bounce them back to LAN as broadcasts. (No ARP issues since the Pi will always be online.)

Side note

I forwarded port 7 on my router listening to UDP packets.

Port 7 used to be assigned for the 'echo' service. Traditionally WoL packets are sent to port 9 (the 'discard' service), as they're supposed to be ignored by the actual OS – definitely not to be echoed back (possibly causing an echo storm).

Now it's very unlikely that any host will actually be listening for packets on the 'echo' port (unless it's a time-traveler from 1980s), and the actual WoL functionality doesn't even care about "ports" at all... but I'd fix it anyway, out of principle. Port 9 makes more sense for packets that are aimed at the NIC and not at the OS.

Improve this answer
7
  • Thanks for the detailer answer. So, as far as I've understood, if my router doesn't have a way through the web interface to edit the ARP table, I'm out of luck until I go back home. Besides that, what's the advantage of getting a Raspberry Pi instead of setting a static mapping on the ARP table (assuming I was at home and on LAN) ? It sounds extra work to achieve the same result, no? As for what regards the side note, thanks for the headsup, I'll definitely fix it.
    – wtfzambo
    Commented May 17, 2021 at 13:24
  • One last question: if DHCP table and ARP table are two separate things, I didn't understand what's the use of setting up a mapping in the DHCP config of my router if that gets flushed out anyway after some inactivity time.
    – wtfzambo
    Commented May 17, 2021 at 13:27
  • Well, there's no use in your case (it's just probably technically nicer if the "WoL" IP address you add to the ARP table is indeed the address that belongs to the host... but WoL doesn't care) -- there are however many uses for other purposes, such as, ensuring that a host that is otherwise online will always receive the same IP address assignment from the DHCP server. For example, I use my router's WoL functionality to wake up my desktop PC, and I want it to always receive the same IP address from DHCP. Same goes for my network-connected printer.
    – grawity_u1686
    Commented May 17, 2021 at 13:34
  • Ah ok I see, that makes sense.
    – wtfzambo
    Commented May 17, 2021 at 13:41
  • hey there, I'm necrothreading this as I wanted to ask you about that Raspberry-Pi thing. I don't really have half a clue where to get started, could you point me towards the right direction; some guide / tutorial / walkthrough, if you know of any?
    – wtfzambo
    Commented Nov 18, 2021 at 17:02
3

According to the User’s Guide VMG8825-B Series manual page 132, you should be able to assign a static address to your computer in Network Setting > Home Networking > Static DHCP. The address should be your internal IP, for example 192.168.1.10.

Once this is done, sending a WoL package to the router's public IP should wake your computer. This should be done from outside your local network.

If this doesn't work, some element of hardware or software does not support WoL. See this post for a list of requirements: RDP wake-on-lan in LAN environment.

In the case that you have access to your router's configuration page from outside of the network, you can force the sending of a WoL package to your computer from this page.

In the manual, see on page 137 the section of "The Wake on LAN Screen".

Click Network Setting > Home Networking > Wake on Lan to open this screen:

enter image description here

Enter the computer's internal IP address or its MAC address and press the "Wake Up" button.

Improve this answer
5
  • Hey, thanks for the detailed answer! Somehow I had missed that part in the router settings, I'll check this evening. Regarding the second part of your message, I was aware that I could WoL using that option, but I have no idea how to access the router outside of my local network. Would upvote but not enough reputation
    – wtfzambo
    Commented May 17, 2021 at 16:01
  • 1
    You access the router's configuration page through its public IP address, or its DDNS name if configured (manual page 61). Setting the router login is covered in "Remote Management" on page 283. When enabling this, set the router login to non-default values that are long enough to be proof against brute-force attacks, as you will certainly be attacked (as we all are).
    – harrymc
    Commented May 17, 2021 at 16:16
  • Ah, thanks! I wanted to mark both answers as valid because both are relevant. Anyway I did try to access my router through the public IP address (actually the hostname I setup via the DDNS service), but nothing loads. I suppose I should enable something in the settings at this point.
    – wtfzambo
    Commented May 17, 2021 at 16:25
  • So, I eventually managed to connect to my router's web gui thanks to my flatmate (she turned on the pc for me). It turns out that I already did setup a static DHCP for home pc, due to the fact that I cannot use directed broadcasting. As before, im able to wake the pc up if it's been turned off for a few minutes, but I cannot after some time has passed.
    – wtfzambo
    Commented May 17, 2021 at 20:51
  • WOL is supported only from sleep (S3), or when the user explicitly requests to enter hibernate (S4) state in Windows 10. You should also turn on fast startup. See link.
    – harrymc
    Commented May 17, 2021 at 20:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .