Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Wake on Lan over SSL VPN - TZ470

dbdan22dbdan22 Newbie ✭

Hi,

Newbie here.

I'm trying to get Wake on Lan working over a Netextender SSL VPN connection to a TZ470.

I'm using Nirsoft WakeMeOnLan for the magic packet generator.

I followed the instructions for setting up WOL at https://www.sonicwall.com/support/knowledge-base/how-do-i-allow-wake-on-lan-packets-to-pass-through-a-sonicwall/190619062738724/

I've made the necessary changes to BIOS / Windows / Network card, etc to enable WOL on the PC. It works on the LAN.

But it's not working over the VPN connection.

If someone with a working WOL setup could share some tips to get WOL through VPN I'd greatly appreciate it. Conceptually I understand what needs to be done but I'm getting bogged down in the details.

Also is there a better WOL magic packet generator I should be using?

Thanks in advance.

Category: SSL VPN
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @dbdan22 WoL does not work out of the box over Layer3 and need some requirements.

    First of all, WoL using the MAC address will not work obviously so we need a WoL client supporting sending the magic packet to an IP address, Nirsoft seems to do that. This requires a static IP for the client.

    Second your VPN access settings for SSL VPN must allow access to the IP address you wanna wake up.

    Third, which is probably your missing link, the Firewall does not know the MAC address of the client, because ARP requests do not get answered when the client is offline. The only way I'am aware of to solve this, is to create a static ARP entry (the MAC address of the client) to enable the Firewall to route the magic packet properly to it's destination.

    Hopefully this helps a little, if not you might check with Packet Monitor if there is anything dropped on it's way.

    --Michael@BWC

  • dbdan22dbdan22 Newbie ✭

    Hi,

    Thank you for your reply.

    I'm confused.

    "WoL using the MAC address will not work" - but the MAC address is required, you cannot send the magic packet without it. The magic packet contains 16 repetitions of the target computer's MAC address.

    "This requires a static IP for the client" - Why? It's a broadcast. "The magic packet is broadcast on the data link layer to all attached devices on a given network, using the network broadcast address; the IP address (which relates to the internet layer) is not used." (wikipedia)

    "Second your VPN access settings for SSL VPN must allow access to the IP address you wanna wake up" - isn't that what IP Helper does?

    "the Firewall does not know the MAC address of the client, because ARP requests do not get answered when the client is offline." - again, it's a broadcast, it doesn't have to know the MAC address of the client. It gets broadcast to all devices on the network, and the target computer, being in a low power state, gets the packet and sees 16 repetitions of its MAC address and wakes up.

    If someone with a working WOL setup could share some tips to get WOL through VPN I'd greatly appreciate it.

    Thanks.

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited February 2024

    @dbdan22 long story short, sending packets to a MAC address does not work over Layer 3 (everything routed, such as VPN). Broadcast does not apply here, because you cannot send a broadcast packet into the SSLVPN which ends up in your LAN.

    I implemented something similar with SonicWall SMA, which comes with a WoL client that supports WoL via IP address, IMHO Nirsoft does this as well.

    WakeMeOnLan also allows you to turn on a computer from command-line, by specifying the computer name, IP address, or the MAC address of the remote network card.

    Update:
    You could try the following approach and see if the Broadcast gets transferred, 
    but IMHO it's not as easy as my approach.
    

    --Michael@BWC

  • dbdan22dbdan22 Newbie ✭

    Possible complication:

    Both the PC running Netextender, and the target network, have the same IP address range: 192.168.1.0/24

    Even if I give the target PC a static IP, will I be able to send the packet?

    I've noticed that when I fire up Netextender and connect to the network, I can Remote Desktop to a PC by its FQDN but not by its IP address. What's going on behind the scenes here?

Sign In or Register to comment.