What's new

Wake on WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi, I just wanted to confirm that the IPs with permanent MAC addresses configured using our procedure for the AX86U router, and also for the AX58U model, at least in my case, remain active in the ARP table as days go by according to the procedure I have already reported in this forum. This makes the Wake-on-LAN process work perfectly with update 388.2. However, as it seems that this procedure does not work in all cases, we will have to keep an eye on the topic to try to find a solution with more technical foundation and more universal.

On the other hand, I would like to mention that I have found out that the "wake.sh" file is a shell script that listens for requests to access the local network and triggers the Wake-on-LAN action when a request to the target IP address is detected. In summary, the script checks if the destination IP address is alive using the ping command, and if it is not active, it uses the ether-wake command to send the Wake-on-LAN magic packet. Regards,
Good job! I'll try this wake.sh.
Oh yeah. It works. And with that, we don't need static entries in ARP. Instruction: https://github.com/RMerl/asuswrt-me...pt-Wake-Up-Your-Webserver-On-Internet-Traffic

P.S.: But this does not mean that everyone can forget about the failure of static entries in ARP on some router models with Merlin 388.2 firmware. This fault must be corrected. The problems we are seeing may be just the tip of the iceberg.
 
Last edited:
Good job! I'll try this wake.sh.
Oh yeah. It works. And with that, we don't need static entries in ARP. Instruction: https://github.com/RMerl/asuswrt-me...pt-Wake-Up-Your-Webserver-On-Internet-Traffic

P.S.: But this does not mean that everyone can forget about the failure of static entries in ARP on some router models with Merlin 388.2 firmware. This fault must be corrected. The problems we are seeing may be just the tip of the iceberg.
Hi, I'm glad you finally found a way to make WOL work for your setup. In my case, I prefer to continue using the method we found with the broadcast IPs and permanent MAC entries in the ARP table because it works very well for my installation with several PCs operating as a local network through VPN without opening external ports for security reasons. It was a pleasure working with you, and I hope we have also helped other people with the same problem that arose after the 388.2 firmware update of some Asus router models. Let's hope that Asus and Merlin's technical teams will soon find a solution to the problem. Until next time, take care...
 
Asus confirmed my suspicion (in my tests I discovered that entries weren't disappearing if I stopped the networkmap service). The entries are being removed by networkmap, over which I have no control as it's closed source. This is not a bug, and it's not related to my code either.

Asus will consider possibly changing it so PERM entries are being kept, but no promises.
 
RMerlin, i'm very glad you found the source of the problem. Of course, Asus believes that this is not a bug, because there is no such malfunction on their official firmware, incl. on the newest. The malfunction appears only on Merlin 388.2 firmware (with the exception of alpha1). We will wait, although I doubt that Asus will solve a problem that they do not have. Regards.
 
Last edited:
Asus confirmed my suspicion (in my tests I discovered that entries weren't disappearing if I stopped the networkmap service). The entries are being removed by networkmap, over which I have no control as it's closed source. This is not a bug, and it's not related to my code either.

Asus will consider possibly changing it so PERM entries are being kept, but no promises.
Nice work! Just wondering what is the purpose of networkmap / what does it do? And can i stop / disable the service without issues / or are ther things in frontend/webgui that wont work when i stop/disable this service... and also wont give issues to the functionallity of the router itself?
Thanks for investigating this arp perm thingy! 👍👌😊
 
Asus confirmed my suspicion (in my tests I discovered that entries weren't disappearing if I stopped the networkmap service). The entries are being removed by networkmap, over which I have no control as it's closed source. This is not a bug, and it's not related to my code either.

Asus will consider possibly changing it so PERM entries are being kept, but no promises.
Thank you, it seems like a joke, but in that case I also cannot promise that the next routers I buy for myself and for other people I collaborate with will be from the Asus brand, and in fact I am already studying other alternatives with a more transparent and secure WOL function, especially for remote connections through VPN. Best regards,
 
Nice work! Just wondering what is the purpose of networkmap / what does it do?
Networkmap as the name implies is responsible for keeping track of devices present on your LAN, and display them in the client list. Doing so relies on ARP, which would explain why it may manipulate the ARP table. People have been complaining about networkmap being unreliable for some of them, so I can understand why Asus might be cleaning up that table as part of their scan process or monitoring process. That's why I first suspected it might be tied to the issue.

And can i stop / disable the service without issues
You can't. It's monitored by the watchdog, so it will be restarted if the process is killed. It will also affect anything that displays a list of available clients throughout the UI.
 
I am already studying other alternatives with a more transparent and secure WOL function, especially for remote connections through VPN. Best regards,
Seriously, there is no need for a static ARP entry to issue a WOL packet. I regularly use WOL myself to wake up my backup NAS because I'm too lazy to get up to power it up physically, and I have never needed a static ARP entry to do that.
 
Seriously, there is no need for a static ARP entry to issue a WOL packet. I regularly use WOL myself to wake up my backup NAS because I'm too lazy to get up to power it up physically, and I have never needed a static ARP entry to do that.
I think the issue here is not WoL being done locally but remotely. Locally there is no problem because you would use a broadcast to send the magic packet. This can't be done when trying to use port forwarding (typically UDP port 9) as DNAT will only route unicast packets, hence it must use the target's IP address. If the arp entry for that IP address doesn't exist the packet will be dropped.

There was a similar issue with a different manufacturer's router here.
 
I wouldn't expose a device's Wake on LAN interface to the WAN for security reasons.
 
I wouldn't expose a device's Wake on LAN interface to the WAN for security reasons.
We agree on that, I always do WOL remotely by previously connecting to a VPN on the router configured only for the LAN without opening any external port on the router as if we were on a local network. Then I also connect locally to the PCs and when I finish the connection, I disconnect the VPN from the router. In addition, there are other measures in place in the physical network to prevent intrusions. The method I had been using for years stopped working with the 388.2 update on the AX86u and AX58U routers because the permanent MACs disappeared, so I had to find a new method that I have already described in the forum so that the MACs I am interested in are maintained and I can continue using the usual procedure, although I don't know how long Asus will continue changing the rules of the game on the fly and without prior notice, seriously bothering users. The method published on GitHub that does not require permanent ARPs, which we have referred to in this thread, seems to work more from the WAN and by opening external ports on the router, as at least for me locally, it does not work for some reason. If you know a different method to do it without permanent MACs, I would appreciate it if you could let me know so that I can try it on the mentioned routers. Regards,
 
. If you know a different method to do it without permanent MACs, I would appreciate it if you could let me know so that I can try it on the mentioned routers. Regards,
If you already have a VPN in place, then I would connect to the router over SSH, and use the ether-wake shell command to issue your WOL packet. This might possibly even be semi-automated/scripted, depending on your client environment (i.e. the OpenSSH ssh client can be used to execute a command over SSH).
 
If you already have a VPN in place, then I would connect to the router over SSH, and use the ether-wake shell command to issue your WOL packet. This might possibly even be semi-automated/scripted, depending on your client environment (i.e. the OpenSSH ssh client can be used to execute a command over SSH).
This is exactly what I do from the Android Termux app. I run this script;

Code:
#!/bin/sh
ssh admin@192.168.1.1 ether-wake -i br0 XX:XX:XX:XX:XX:XX:XX

I did find that my computer's wireless adapter has ARP offloading and GTK rekeying capabilties during sleep. That may be why I don't need the permanent ARP entry as it gets populated even during sleep.
 
I did find that my computer's wireless adapter has ARP offloading and GTK rekeying capabilties during sleep. That may be why I don't need the permanent ARP entry as it gets populated even during sleep.
You only need ARP when you want to access by IP. ARP is a table that associates an IP address to a MAC address. ether-wake works directly by using the Ethernet address. That`s why I can wake up my backup NAS with ether-wake without a static entry.
 
You only need ARP when you want to access by IP. ARP is a table that associates an IP address to a MAC address. ether-wake works directly by using the Ethernet address. That`s why I can wake up my backup NAS with ether-wake without a static entry.
Thank you. That's what I understood until this thread threw me off! Hopefully our back and forth will help others as I am not having the issue that OP is reporting.
 
I still like my asus router a lot (despite static arp entry thingy), because of asuswrt merlin and the nice group of people/support here
My RT-AX86U Pro is already up and running for 13 days without any issues... everyting works awesome nice fast etc... openvpn server... startup scripts... wifi 6 speed 80/85 megabytes per second... Yeahhhhhhh haha
ok
Bye! 😁 👍👍
 

If you already have a VPN in place, then I would connect to the router over SSH, and use the ether-wake shell command to issue your WOL packet. This might possibly even be semi-automated/scripted, depending on your client environment (i.e. the OpenSSH ssh client can be used to execute a command over S
"Let's see, if it were just up to me, I would have an even easier option than the one you propose through SSH, by simply using the Asus router's mobile application through the Wake-on-Lan option in Network Tools, since both the application and said tool work perfectly on the local network through VPN, so I could wake up any PC on the network without any problem. But the issue is that I don't want different network users to handle this application to wake up their PCs in case of need, and less so SSH, since these are tools that correspond more to network administrators. Even the router's SSH option to work only on the LAN, I only activate it when I need it for technical or administrative tasks, and later I completely deactivate it for security reasons. So, each user connects previously to the VPN and then uses a simple Wake-on-Lan application, either on their mobile or laptop, to later connect to the PC with the corresponding username and password, either by RDP or by ZeroTier, that is, everything always as if it were local. That is my working approach, and that is why I asked that question about ARP, whether it is permanent or not. Regards."
 
....... either by RDP or by ZeroTier .......
*I meant, connecting to RDP using either the local network or the ZeroTier network.
 
We agree on that, I always do WOL remotely by previously connecting to a VPN on the router configured only for the LAN without opening any external port on the router as if we were on a local network. Then I also connect locally to the PCs and when I finish the connection, I disconnect the VPN from the router. In addition, there are other measures in place in the physical network to prevent intrusions. The method I had been using for years stopped working with the 388.2 update on the AX86u and AX58U routers because the permanent MACs disappeared, so I had to find a new method that I have already described in the forum so that the MACs I am interested in are maintained and I can continue using the usual procedure, although I don't know how long Asus will continue changing the rules of the game on the fly and without prior notice, seriously bothering users. The method published on GitHub that does not require permanent ARPs, which we have referred to in this thread, seems to work more from the WAN and by opening external ports on the router, as at least for me locally, it does not work for some reason. If you know a different method to do it without permanent MACs, I would appreciate it if you could let me know so that I can try it on the mentioned routers. Regards,
But if you are already using a VPN can't you just send the packet to the broadcast ip 192.168.51.255 for example?
For example, from my mobile connected to the wifi i simply send the packet to the adress 192.168.x.255:9 to the specific mac adrress and it works. Haven't tested it using a vpn, with a vpn i only used the asus app and it works.
It's what i'm using now with 388.2, i connect to the vpn and send the packet with the app.

My problem is only because i was sending the packet from the wan with a port foward to the ip of the adress, since you can't send packets to the broadcast ip or forward a port to it.
 
But if you are already using a VPN can't you just send the packet to the broadcast ip 192.168.51.255 for example?
Most people use a routed VPN connection (TUN). Broadcast traffic is not routed to a different network so this won't work. If your VPN was a bridged connection (TAP) then it would work because it would be part of the same network.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top