Wake on LAN? Wake on WAN!

I got a couple of small computers laying around which are more like development systems and mostly lab environments. However, these are not running 24/7 and since I’m traveling alot I’m not always close to those computers. Let me show you what Wake on LAN (WOL) is and how you can make it Wake on WAN over IPv6.

What’s Wake on LAN?

Wake on LAN is a pretty old mechanism which allows to turn on computers over your LAN. Network cards are in stand-by mode listening to packets containing a “magic” sequence. That sequence is six times 0xFF followed by 16 times the target MAC address.

Let’s assume your target MAC address is 00:11:22:33:44:55, that magic sequence would be this:

00000000: ffff ffff ffff 0011 2233 4455 0011 2233
00000010: 4455 0011 2233 4455 0011 2233 4455 0011
00000020: 2233 4455 0011 2233 4455 0011 2233 4455
00000030: 0011 2233 4455 0011 2233 4455 0011 2233
00000040: 4455 0011 2233 4455 0011 2233 4455 0011
00000050: 2233 4455 0011 2233 4455 0011 2233 4455
00000060: 0011 2233 4455

That magic sequence is easy to scan for while the computer is actually turned off. A full-blown IP stack is not required, but can be used as the transport mechanism. That fact is used by most WOL clients which will simply send a UDP packet to port 9 (“discard”) to the broadcast address.

Example: Wake on LAN

Like previously mentioned NICs are not implementing a full-blown IP stack which would request an IP address using DHCP and also not reacting to ARP. To workaround that issue, WOL packets are sent to the direct or limited broadcast address to force the client’s system to send a broadcast packet to the targeted layer 2 domain.

Sending a WOL packet using wakeonlan:

[~] wakeonlan -i 192.168.178.255 00:11:22:33:44:55 
Sending magic packet to 192.168.178.255:9 with 00:11:22:33:44:55

Looks like this on the wire:

00:54:29.120604 dc:71:96:XX:XX:XX > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 144: 192.168.178.45.39040 > 192.168.178.255.9: UDP, length 102
	0x0000:  4500 0082 cd66 4000 4011 8686 c0a8 b22d
	0x0010:  c0a8 b2ff 9880 0009 006e e6fd ffff ffff
	0x0020:  ffff 0011 2233 4455 0011 2233 4455 0011
	0x0030:  2233 4455 0011 2233 4455 0011 2233 4455
	0x0040:  0011 2233 4455 0011 2233 4455 0011 2233
	0x0050:  4455 0011 2233 4455 0011 2233 4455 0011
	0x0060:  2233 4455 0011 2233 4455 0011 2233 4455
	0x0070:  0011 2233 4455 0011 2233 4455 0011 2233
	0x0080:  4455

Going WAN

Going WAN is quite similar to that. Just use public IPv4 and you got it. The end.

Oh, you don’t have publicly routed IPv4 network for your internal means? Only one public IPv4 address? Well, add some DNAT to your SNAT, also known as portforwarding. That should work. But I don’t cover this in my tinkering since IPv4 is considered deprecated.

Going WAN via IPv6

It’s all easy and fun when you invoke wakeonlan within your LAN using IPv4. But unfortunately the real challenge begins when you want to use IPv6 instead. Like I do with IPv6-only networks.

[~] wakeonlan -i ff02::1 00:11:22:33:44:55
Can't call method "addr" on an undefined value at /usr/bin/wakeonlan line 117.

Turns out that wakeonlan does not support IPv6 at all. Anyway, that’s an easy fix which I proposed upstream already.

Now with proper IPv6 support, we can send Wake on LAN packets to proper IPv6 multicast addresses. No need to configure IPv4 anymore.

[~] wakeonlan -i ff02::1%wlp2s0 00:11:22:33:44:55                     Sending magic packet to ff02::1%wlp2s0 on port 9 with payload 00:11:22:33:44:55

We are still on LAN level though. And IPv6 doesn’t have the concept of direct broadcast addresses. Well, anything broadcast is unknown to IPv6.

But we can use a trick on our router using ip-neighbor to “assign” an IPv6 address to the broadcast MAC address making it defacto a direct broadcast address:

root@router:~# ip neighbor add 2001:db8::fdff:ffff:feff:ffff dev eth0 lladdr ff:ff:ff:ff:ff:ff nud permanent

I chose a host identifier which reassambles the broadcast MAC address as the EUI-64 version of it. You may choose whatever you like though.

By the way, don’t forget to put that command somewhere where it gets executed everytime your router boots up. Also you should firewall it to only allow port 9 or to only allow from your trusted source networks.

Anyway, using that trick we can finally send a UDP packet across the world to turn on our target computer:

[~] wakeonlan -i 2001:db8::fdff:ffff:feff:ffff 00:11:22:33:44:55
Sending magic packet to 2001:db8::fdff:ffff:feff:ffff on port 9 with payload 00:11:22:33:44:55

And we can see on the router, the packet has reached the broadcast destination:

root@router:~# tcpdump -i eth0 -n -e -x 'port 9'
[…]
23:17:34.083047 74:83:c2:XX:XX:XX > ff:ff:ff:ff:ff:ff, ethertype IPv6 (0x86dd), length 164: 2001:db8:1::1.39810 > 2001:db8::fdff:ffff:feff:ffff.9: UDP, length 102
[…]
	0x0020:  fdff ffff feff ffff 9b82 0009 006e dfd2
	0x0030:  ffff ffff ffff 0011 2233 4455 0011 2233
	0x0040:  4455 0011 2233 4455 0011 2233 4455 0011
	0x0050:  2233 4455 0011 2233 4455 0011 2233 4455
	0x0060:  0011 2233 4455 0011 2233 4455 0011 2233
	0x0070:  4455 0011 2233 4455 0011 2233 4455 0011
	0x0080:  2233 4455 0011 2233 4455 0011 2233 4455
	0x0090:  0011 2233 4455

Finally, no need for IPv4 addresses anymore to do some Wake on LAN and it has even become Wake on WAN. 🙂

Wake on WAN goes mobile

I can fully recommend Wake On Lan by Mike Webb as a mobile WOL client. It supports IPv6, hostnames and a lot more cool stuff!

If you need help setting up your on-prem infrastructure and leverage existing technology to build something unique, don’t hestiate to book a meeting with me!