[SOLVED] WOL across VLAN's



  • Today I changed my network layout.

    
    LAN_ADMIN          -      192.168.10.0/24
    LAN                -      192.168.20.0/24 (VLAN)
    WIFI               -      192.168.30.0/24 (VLAN)
    WIFI_GUEST         -      192.168.40.0/24 (VLAN)
    WIFI_ADMIN         -      192.168.50.0/24 (VLAN)
    
    

    Before everything was on 192.168.10.0/24.
    My MacBook, which is connected through the WiFi VLAN, wants to send a WOL package to a computer connected to the LAN VLAN.
    Before, when everything was on one network, this worked without problems.
    I have an app named WakeMe, I put in the MAC address and port (4343) and it worked.

    Now that everything is setup with VLAN's I cannot get the WOL package from one VLAN to another.
    WOL from the pfSense box works. But I want to be able to send a package from my MacBook to the computer without logging in to the pfSense box (WIFI VLAN is not allowed to administer the pfSense box).

    At the moment I do NOT have any rules on my VLAN's except allow any any.
    Of course this will be changed but for now, testing purposes, I only have an allow any any.

    Anyone know how to?


  • LAYER 8 Global Moderator

    WOL is a layer 2 thing.. You send a specific packet to a mac, this nic is listening for said packet to its mac and wakes up the machine from its slumber.

    WOL is not 4343 so not sure what that has to do with anything..  What are you trying to wake up exactly and why?  Can you describe your use case.. Why not just leave this device on if you use don't know when you might need it.

    Devices like nas and such quite often have some form of directed traffic at layer 3 to wake them up.  If this is the case you might just need to setup a static arp entry on pfsense so it always knows what the mac of the device is when you send directed traffic to its IP.

    If a device is off for some specific amount of time depending on the length of how long specific os keeps its arp cache alive, etc.  When that device goes to sleep it wont answer to an arp, etc.  So you need to make sure you pfsense with a static arp setting so that when you send some sort of directed traffic to the device IP it will know the mac to send it too.. That way you can send wol via IP and pfsense will know how to get it there, etc.



  • Hi John,

    Thanks for the reply.

    The device is a pc that is not used very often.
    Sometimes I just need to do something on it but leaving it on 24/7 would really be a waste of energy and thus money.

    The WakeMe application on my MacBook defaults to port 4343, it worked out of the box so I never cared changing it to default WOL port 9 (UDP).
    Of course I tried changing it to port 9 now but without luck.

    [UPDATE]
    The computer I'm talking about has been given a static IP.
    After that I checked the box next to "Create an ARP Table Static Entry for this MAC & IP Address pair".

    I still can't wake up the machine from my MacBook. Tried another application as well without luck.


  • Galactic Empire

    I've set up subnet directed broadcasts on a Cisco network quite a long time ago, not sure if you can do it with pfSense but this link from Cisco might help :-

    http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html#directed


  • Galactic Empire

    Looks like you can't do directed  broadcasts :-

    https://forum.pfsense.org/index.php?topic=33018.0



  • Hmm I tried to add the line suggested:
    arp -s IP MAC with the package Shellcmd. Rebooted the pfSense box but "WOLing" does not work…



  • WOL is a broadcast.
    From a different subnet send it (in your case) to 192.168.20.255 which is the broadcast address of your subnet.



  • You don't need a static ARP table entry in pfSense for sending WoL locally.

    As jahonix says.  The WoL packet needs to be sent to the LAN broadcast address that the target machine is  on (192.168.20.255 in this case).

    A port number should only be relevant if the traffic is being NAT'ed or filtered.

    An example of this would be forwarding a particular port to targeted machine so it could be awaked from outside the firewall.  Otherwise once the ARP table entry had expired pfSense wouldn't know where to forward the packet.

    Another example is to create a NAT'able "broadcast agent" such as 192.168.1.254, for sending a WoL broadcast from outside the firewall.
    Static ARP Table Entry: FF:FF:FF:FF:FF:FF 192.168.1.254
    NAT desired port to 192.168.1.254

    Should not be done without full understanding of security implications and appropriate filtering.



  • Thanks for all the replies and help guys.

    After trying a few different WOL applications on my Mac I found one that is working now!
    I was looking for an app that could send it to the broadcast address, found it but after all I didn't need it.

    I'm using WakeOnLan (link) and still use the IP address of the computer itself: 192.168.20.11 instead of the broadcast (.255) address. Broadcast address did not work for me.
    A static ARP is needed btw. I tried it without and it did not work.

    Well, it's fixed now! :)
    Many thanks again.



  • @Panja:

    A static ARP is needed btw. I tried it without and it did not work.

    That's because you are sending the WoL packet to the machine's IP addresses instead of it's LAN broadcast address.
    It'll work that way but not what I personally would call a "proper" WoL implementation.  But if it fills your needs…

    Wonder why broadcast is not getting through.

    Wikipedia has good how it works WoL info. including magic packet contents.
    https://en.wikipedia.org/wiki/Wake-on-LAN



  • I understand I need the ARP entry because I use the IP address instead of the broadcast address.
    But using the broadcast address didn't work for some reason.

    To be honest I only use it once a month(ish) so this is OK for me.
    Thanks though for all the info, appreciated!


Log in to reply