tl;dr I need WOL over the internet over the USG to work. WOL works already locally. I guess the USG/Switch is the problem.
Hi all
As a newcomer to networking in general and Unifi in particular I am trying to setup Wake-On-Lan for my local machines (±100) from the internet, via the USG Pro. Ultimately I want to be able to power on computers via the WOL feature in TeamViewer. To this end I've done a lot of (suggested) things already, but none seem to work.
I have already read most of the topics about Unifi/WOL in this community and others.
The most promising option — and the one I've currently implemented — is setting up a static ARP entry for the broadcast MAC (FF:FF:FF:FF:FF:FF) with an unused IP and a port forward for port 9 to that unused IP. I think — and please correct me if I'm wrong! — is that when a Magic Packet is sent from the internet on port 9 the USG forwards it to the unused IP, it then looks up its MAC and sees it is the broadcast MAC and thus sends the Magic Package to all clients.
I'm only yet in the part of configuring the network, and not yet using TeamViewer or configuring the computers (NICs and BIOS).
Hereby what I've undertaken and discovered so far:
1) Created a static ARP entry
Created config.gateway.json with the following content and uploaded it to /usr/lib/unifi/data/sites/default on the Cloud Key (Gen 2) via SSH (to make the entry persistant). Then Force Provisioned the USG.
{
"protocols": {
"static": {
"arp": {
"192.168.1.254": {
"hwaddr": "ff:ff:ff:ff:ff:ff"
}
}
}
}
}
2) Added Port Forward
3) Checking if ARP entry is in the USG
SSH'ing into USG, I can see the entry exist with show arp
4) Checking if USG receives the package from WAN
Since I do not yet use TeamViewer or have setup my computer (BIOS) I am using the RemoteBoot app on iPhone and Depicus to send a WOL package and Wake On Lan Monitor on the PC to test if it receives a package. We can see in the tcpdump that it receives the packages.
5) Checking if it goes trough LAN
The same goes for the packages on the local network. We can see them being routed to the unused IP specified in the port forward and config file.
6) Computer receives nothing
When checking the WOL Monitor on the client PC (the one with the MAC address to which the package is sent), nothing comes trough.
7) Direct port forward DOES work
For testing purposes I setup another port forward (this time on port 10) directly to the IP of the client computer. This clearly works as we can see in the WOL monitor:
I have no clue why it is not working. Do I need to setup something more? Have I made a mistake? Can someone put me in the right direction?
Thanks!
Best Answer
Because network broadcasts are blocked by default in routers (directed broadcast), you would need to enable directed broadcast, but that is a very, very bad idea because it opens up your network to broadcasts from anyone on the Internet (as does your idea).
The best solution I have seen for something like this is a host that is always on in your network that performs the WoL after you log into it and tell it which host(s) to wake. This should have security built into it so that others cannot simply control it. Unfortunately, hosts/servers and product or resource recommendations are off-topic here, so you will need to do your own research for a WoL server.