Wednesday, November 2, 2011

OpenWRT and Wake on Lan (WoL) how to make it work

The TP-Link Archer AC1750 C7 runs OpenWRT and is a great router IMHO.
You can also try the same hardware, rebranded by Amazon as the A7:
(There are many visitors to this page - but I'm not sure if any of this has helped others do what I did.
f the information below helps you, or you have questions, please use the comments to let me know.)

So, if you're trying to send a WoL wakeup packet to a single host on your LAN from your WAN segment, you'll need to use inbound port redirection.

Because I've not yet been able to make inbound NAT forward to my LAN's broadcast address,
you will need one "Redirection item" and a unique udp/port# pair per internal host, plus a static MAC address entry.

The missing static MAC entry is usually the second half of the puzzle that most folks don't figure out, and never get WoL working. This is something I think is broken in the kernel ip_tables module; it should log an error if a NAT redirection To: rule is missing from the ARP table, and the packet is being dropped due to lack of a MAC entry.

If you're using LuCI, this is done using a "Redirection" item.

Web Console path: admin/network/firewall
Here you will find three sections, (at least in my version, 10.03RC5 backfire):
• Zones
• Redirections
• Rules

To get WoL to work, I added one new Redirection item:

Name: WakeOnLan broadcast
Protocol: UDP
Source: wan:*
Via: Device:
Destination: lan:*
Action: DNAT

Where is an example internal LAN IP for the host you want to direct the WoL packets to.

As mentioned earlier, this isn't sufficient to make things work yet.

When the LAN host you're trying to wake up is powered off, it can't respond to ARP requests.
When a NAT packet is received by your router, it tries to forward it to the LAN segment, and perform DNAT.
Your router must know the ARP address of your To: destination host in order to send the UDP packet to it. And, since it's powered off, it won't know what that is, unless you set a static ARP address for it...

Where I found how to set a static MAC address:

This command statically sets the ARP address for an IP.  (Replace 00:de:ad:be:ef:00 with your hosts's ethernet MAC address.)

ip neigh add    lladdr 00:de:ad:be:ef:00  nud permanent   dev br-lan

I added the above 'ip neigh add' command line to my router's

If the 'ip' command is not installed, you should be able to install it with '
opkg update; opkg install ip

Note that if you change physical ethernet devices on this host, you'll have to update this line.

If you're still having trouble and you can do WoL from the local LAN, but can't get forwarding to work, drop me a note in the comments and I'll try to help.

If someone finds a way to get a Redirection rule to work with Destination: lan:* (the LAN broadcast address), please drop a note in the comments!



  1. There is another way to forward a WOL magic packet to a broadcast address, but you can't use .255 to do it. Instead, use .254. You will need to install the ip package if not already installed, and add a startup entry that will execute at boot time to make the magic happen. Here's how:

    - See if ip is installed by just running ip at the command prompt. If not do "opkg update" then "opkg install ip".
    - Add a line to /etc/rc.local, before the "exit 0" line:
    ip neigh add lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan (change the ip to match your subnet and change the dev if needed. run ip neigh to see what other ip's dev is)
    - Add a port forward: external wan on port 9, internal port 9 destination ip is the address from earlier.
    - Configure your WOL client to send the magic packet to your public WAN IP on port 9, and DISABLE broadcast.
    - Now reboot to let the rc.local line run.

    Now when you send a magic packet with your wol client on your phone or PC over the Internet, it will get port forwarded to the .254 address, which is a broadcast address. You can wake up any number of your internal hosts with this method, all through the same .254 broadcast address. Hope this helps someone!

  2. Neat trick +JoshK. I like it.

    My recipe above only enables a single host, and it's fragile; when ethernet MAC addresses change, you need to update the router as well as your magic packet config.

    Your solution sacrifices
    • one otherwise normally useable host address ( in your example)
    and gains:
    • the ability to wake up multiple machines
    • one will never need to change the router's config

    It probably should be noted that after setting it up like you've said, folks should avoid assigning the newly created broadcast IP ( to a real host.


  3. Why not use just
    arp -s ff:ff:ff:ff:ff:ff
    then you don't have to install ip package...

  4. Илья Зеликин writes:
    > Why not use just: arp -s ff:ff:ff:ff:ff:ff

    Thanks for asking.

    Best I can tell, the OpenWRT `arp` command built into /bin/busybox takes no flags. It looks like an alias for (cat /proc/net/arp).

    At least that's what I've seen from all versions I've tried including Barrier Breaker (14.07).

    I do plan to try your suggestion: use the broadcast MAC address instead of populating the arp table with the singlecast device address.

  5. I still cannot get wake on lan working. It will work for the first few days, and then when i go to wake it up, it won't its almost like it is not saving the arp entry that I am adding with ip neigh command and I am pretty sure I am typing it in

    1. > It will work for the first few days

      Are you adding it to your /etc/rc.local file or just typing it at a prompt?

      I'm wondering if it's the latter and your router is rebooting after a few days, and loses your typed-in setting.

    2. I just addded it to the /etc/rc.local file and I had a static entry though the luci interface.

    3. Since you suspect it is losing the configuration -- do you know how to get output from 'arp' and see if it changes between the time it works and when you discover it doesn't?

      If your device boots up and wakeOnLan works after boot, then I agree it does sound like something strange is going on.

      'logread' (or console output in luci) may be of help to find out what's changing.

    4. I don't really know what I would be looking for. I was able to wake my computer up this morning. When I turned it off and went to wake it up later, it would not wake up

    5. Are you sure the problem is the network/router?

      Because that sounds similar to hardware I have encountered.

      Device would reliably power-on on for the 1st 'wake' packet, could use it and tell it to shutdown/power-off (not sleep), after which it would not reliably respond to the 2nd 'wake' packet.

      In my case, I could get it to reliably trigger after power-off only after completely removing power, and re-energizing it.

      Not cool by me, but I couldn't find a way to fix it in software.

    6. I cannot confirm that it is an issue with the router. However, the link light on the nic of the pc does flash when the computer is off showing there is traffic on the line, same with the link light for the port to the computer on the router. I tried the completely remove power, but the computer just turns on for a second then turns off, but it still wont with wake on lan. The second time. I actually am having trouble getting it work right now. I can always see the packet in windows with wireshark, but it wont work when the computer is off.

    7. If you see the packet in wireshark then it is definitely not the router issue. There are two options you both should try:
      1) Try to send not a "magic packet" but use "pattern match" they are different. And some NICs reacts for only one type.
      2) Look here
      "The ability to wake from a hybrid shutdown state (S4) or a fully powered off state (S5) is unsupported in Windows 8 and above,[20][21] and Windows Server 2012 and above.[22] This is because of a change in the OS behavior which causes network adapters to be explicitly not armed for WOL when shutdown to these states occurs. WOL from a sleep state (S3) or non-hybrid hibernation state (S4) is supported."
      This can be useful too


    8. I believe I found this issue. Things have been very random lately, without changing anything wireshark no longer sees any wol packets even though it was before. After some experimenting, I found that it seems to have issues using my external IP address from the inside of my network to see if it would go past the firewall. After disconnecting my phone from the wifi and using 3g so it would act as if it was on the outside of the network, I have successfully gotten my pc to turn on twice in a row from the external IP address. I then connected it back to wifi and used the internal broadcast address and it successfully turned on twice in a row with that. I believe i finally solved the issue. It seems my router just doesn't like me using the external IP address on the inside of my network to experiment as if it was on the external side of the network. Thank you everyone for your help and i'll keep you guys posted if I have any more issues.

  6. Hey guys, I have been bumping my head in the wall from a long time because of Wake on Lan and Wake through Internet. I have Netgear R6100 and Wake on Lan/Wake through internet just works perfectly. Now below I will explain the steps I used to do it.
    1: I add a port forward rule, lets say 4343 udp with ip or the ip can be anything in case it is not being used.

    2: I add a static arp entry by using telnet with ip with Mac Address of the Computer I want to wake up. One thing more as Josh K mentioned, that we should create a static arp entry with mac address ff:ff:ff:ff:ff:ff but this wont work because most routers don't let forward magic packets to this mac ie ff:ff:ff:ff:ff:ff and if you does send packets to ff:ff:ff:ff:ff:ff, router wont allow it to broadcast to others. So Best option is to use the Mac address of the computer we want to wake. Also, some people add arp entry with ip of the computer they want to wake up but that doesnt works because when the computer start up, the status of arp entry changes from permanent to static and when you shutdown your computer it gets flushed. So never add arp entry with ip of the computer you want to wake up.

    3: Now by using depecis Woli which sends magic packets through internet wakes my computer any time I want and from any where in the world any time. It works all the time, as long the arp entry doesnt expire which wont if you use something like this

    ip neigh add lladdr 00:10:75:3E:C2:E6 nud permanent dev br0

    Replace mac address with your mac address of course and use a ip which is not being used in your network and will never be used as it is reserved for waking the computer.

    4: Now the problem which troubles me and because of it I have wasted so much time i.e when router restarts, the arp gets flushed so we need to auto add arp entry on router restart and we can do it by editing rc.local and add arp entry before exit 0 but in my case when router restarts that code above 0 exit gets deleted or the rc.local completely resets :( . I am searching for this solution so that rc.local wont reset. If some one can help, I am more than welcome, if this works out I am willing to make a complete tutorial for wake on lan without using 3rd party firmware such dd-wrt and it might help others and they probably wont have to waste their time as much as we did :(. Please do reply guys.

    1. Regarding:
      > 2: "... this wont work because most routers don't let forward magic packets to this mac ie ff:ff:ff:ff:ff:ff and if you does send packets to ff:ff:ff:ff:ff:ff, router wont allow it to broadcast to others."

      I'm not aware of this behavior, and haven't had this happen to me.
      It's not clear from your comments whether you're using OpenWRT, another firmware, or the stock firmware on your Netgear R6100. I'd venture a guess that that plays a large part in the outcome when using ff:ff:ff:ff:ff:ff.

      > 4: Now the problem which troubles me ... but in my case when router restarts that code above 0 exit gets deleted or the rc.local completely resets

      Let us know what firmware, and we can try to help figure this out. In OpenWRT changes made to /etc/rc.local should persist across reboots.

  7. This comment has been removed by the author.

  8. Thanks! I had the same problem, but that fixed it for me as well!

  9. Thanks a lot!

    Chiming in 13 years later, yours and particularly, @Josh K's solution worked wonders for me... although apparently until I reboot my router when it no longer has the MAC address of the host in the ARP table (confirmed with `ip neigh`).

    For context, I am using home-assistant (hosted remotely) to wake up my LG TV at home. The LG TV is reachable to home-assistant via a tailscale subnet router.


#RSFtalks with Edward Snowden

What an intelligent, thoughtful individual. I find it difficult to forgive 44 for failing to pardon this patriot and instead pursuing him ...

Other Popular Posts: