Looking for hosting?
I can personally recommend the one I use for this site. You get rock-solid service starting at 250 GB disk space and 2500 GB monthly bandwidth and stellar tech support, for only $6.95 a month. The current offer includes 1 FREE domain name (owned by you), $700-worth of software from CoffeeCup as a gift and 10 add-on domains If it sounds too good to be true, just give them a try, you also have a 30-day money back guarantee. Check it out.
Using Wake-On-LAN WOL/PME to power up your computer remotely
- 1. Introduction
- 2. Hardware requirements
- 3. Software requirements
- 3.1. BIOS settings
- 3.1.1. Power management
- 3.1.2. Power-off state
- 3.1.3. WOL support
- 3.2. Network card settings
- 3.2.1. Setting WOL settings with ethtool
- 3.2.2. Disabling WOL
- 3.2.3. Recommended setting
- 3.2.4. More than one network card?
- 4. Using WOL
- 4.1. Waking up on network activity
- 4.2. Waking up when receiving the Magic Packet
- 4.2.1. Sending the Magic Packet over Internet
- 4.2.2. How to generate a Magic Packet
- 4.2.3. Security considerations
- 4.2.3.1. MAC address protection
- 4.2.3.2. SecureOn password protection
- 4.2.3.3. Using more than one network card
- 5. More information
1. Introduction
Wake-On-LAN, or WOL in short, is a feature offered by some network cards and motherboards which allow the computer to be powered up when it detects certain activity on the network.
Making use of WOL will drastically decrease security risks, since the computer won’t be on, connected and unattended for prolonged periods of time; it will save power and thus reduce your bills; it will save the life of the components.
This column will describe this functionality and will give you an overview of the most important issues you need in order to make it work.
Please note that this column assumes you have basic to medium understanding of computer networks. It is beyond the scope of this document to teach you about those.
2. Hardware requirements
2.1. Basic functionality
First of all, you need to make sure that the network card you intend to use and the motherboard in your computer both support Wake-On-LAN functionality.
The network card should mention such functionality in the specifications or in the user manual, the same goes for the motherboard. If you’re trying to decide on buying a new card or board, most of the time you can find PDF documents on the manufacturer’s website, so you can make an informed decision.
If you have both motherboard and network card handy, you can make a quick check for WOL like this:
- Look for a 3-pin connector on the “upper” edge of the network card.
- Look for WOL/PME under “power management” in the motherboard BIOS.
2.2. WOL implementations
Older network cards and/or motherboards needed a special 3-pin cable connecting them in order to make WOL work. Even if a network card is recent and advanced, it may still provide a WOL cable and a WOL socket for backwards compatibility with older motherboards.
Starting with PCI version 2.2, there’s been a new development in the PCI standard in the form of PME (Power Management Events). What this means is that PCI cards can send and receive PME via the PCI socket directly, without the need for a WOL cable.
Check the network card and motherboard manual for the following things:
- PCI version at least 2.2 on both.
- WOL cable connector on both. On the motheboard it will be marked JWOL1 or something like that.
The findings will tell you whether you need to make use of the WOL cable or if they can talk PME directly.
2.3. Network card installation
If the network card is embedded on the motherboard, your job is somewhat easier. Just go into the BIOS and enable it. If the motherboard supports WOL, the network card will most likely do too.
If the network card is a PCI card and if you need to use the WOL cable, look for the WOL connector on the motherboard first. Its location is described in the manual. The WOL cable can be pretty short so you want to use a PCI slot that’s close enough to it. Very often the WOL cable connector is placed near the groupof led and switch connectors, which means you will only get enough cable toreach it from the last PCI slot.
3. Software requirements
3.1. BIOS settings
All relevant settings are usually found under a BIOS section called “power management”. Your mileage may vary. Your motheboard manual should help you find them.
The following settings will help you enable WOL from the motherboard’s point of view.
3.1.1. Power management
Please note that power management features such as WOL are in close relation to power management itself. So you will most likely need to enable ACPI or APM support for the motherboard.
ACPI and APM are the two main industry standards for power management (ACPI being the newest and more advanced). If your motherboard supports WOL, this implies support for either ACPI or APM.
You should make sure that whichever one is supported by your motherboard is enabled in the BIOS settings. Often you may find that the WOL and power-off state options are not accessible unless you enable ACPI/APM.
3.1.2. Power-off state
This option may have various names:
- Power-off state/method
- ACPI suspend type
- ACPI standby state
Most likely you will need to set this to S3/STR in order to make the motherboard able to wake up on various events. STR (Suspend To RAM) is a special power-off state which leaves certain parts of the machine in a “sleeping” state, but still aware of their surroundings. You could say that the machine is “sleeping with one eye open”.
3.1.3. WOL support
Finally, look for the WOL option. Usually it is labeled “WOL” and is found under the “power management” section. But it may also be labeled “PME” or “Wake (up) on LAN/Ethernet/PME#”, or found under a different BIOS section.
3.2. Network card settings
After taking care of the motherboard, you still need to enable WOL from the network card’s point of view.
There are various possible WOL settings for a network card, mainly related to choosing what kind of network activity should trigger WOL events.
3.2.1. Setting WOL settings with ethtool
For accessing these settings you can use the ethtool command line tool, which is part of the gkernel project. Here’s an excerpt from the relevant part of the man page:
wol p|u|m|b|a|g|s|d...
Set Wake-on-LAN options. Not all devices support this. The
argument to this option is a string of characters specifying
which options to enable.
p Wake on phy activity
u Wake on unicast messages
m Wake on multicast messages
b Wake on broadcast messages
a Wake on ARP
g Wake on MagicPacket(tm)
s Enable SecureOn(tm) password for MagicPacket(tm)
d Disable (wake on nothing). This option clears all previous
options.
You can set any combination of WOL trigger events with a command such as this:
ethtool -s eth0 wol umgb
3.2.2. Disabling WOL
You can effectively turn WOL off for a network card using the following command:
ethtool -s eth0 wol d
Now the network card won’t respond to WOL events regardless of what the motherboard WOL settings are. This allows for runtime software control over WOL.
3.2.3. Recommended setting
It’s recommended to only allow the “magic packet” to trigger WOL events. In order to do this, use the disable command above, followed by setting the g option.
Having the magic packet as the only WOL event makes sure the computer will not power up due to random network activity, but only as the result of a very specifically targeted wake-up call. More on this to follow below.
3.2.4. More than one network card?
You may have more than one network card in your computer. I just wanted to remind you that once the motherboard enables WOL, any of the installed cards can potentially make use of it. Provided they have the appropriate WOL support and connectivity, of course.
Make sure to set or unset the desired options on all active network cards. Otherwise, the default settings in regard to WOL may vary from card to card and may lead to unforeseen consequences.
4. Using WOL
So you’ve enabled everything you could, and now you’re wondering just how exactly do you trigger a wake-up call remotely via network.
4.1. Waking up on network activity
As you saw above in the ethtool help, there are various network activity events that can trigger WOL remotely, ranging from regular network activity to targeted calls.
Such events will definitely occur when the targeted machine is connected toat least one other network-enabled device. This is clearly the case, or youwouldn’t be considering using WOL in the first place.
There are probably cases when you may wish for a machine to power up whendetecting such network events. If you know what you’re doing you canmake use of them. A valid use can be making sure the machine always starts upagain after an unwanted power-off.
However, if you want to be the one to decide when the machine powers up,please disable WOL on network events and read about the Magic Packet below.
4.2. Waking up when receiving the Magic Packet
This type of remote wake-up call is special, because it allows for more control over who and when can trigger WOL on a certain machine.
The Magic Packet is an UDP network packet, which contains a certain header, the MAC address of the targeted network card (repeated 16 times), plus optionally a password. If you know the MAC and the password you can crafta Magic Packet.
Making it reach the target machine, however, can be more tricky.
In order to successfully send a Magic Packet you need to broadcast it to a network. This is the equivalent of shouting someone’s name in a crowded room. No, you cannot identify the machine by IP address, it’s powered down, remember? All you can do is broadcast the packet to every machine in that network and let them pass it around until it reaches the sleeping machine with the right MAC address. Other machines will also receive it, but will discard it since the MAC doesn’t match.
This is very easy to do in a LAN (local network), since all the machines knoweach other and there are ARP tables and other stuff that will help.
4.2.1. Sending the Magic Packet over Internet
But is it even possible to send the Magic Packet over Internet? Many would tendto respond “no” to this question, at the first glance.
It’s not a simple question, so please read this more in depth information on the subject; see “Wake on Lan over the Internet (or why is it such a pain in the ****)”. That page also describes various caveats and tellsyou how to calculate a subnet-directed broadcast address.
In simple terms, yes, it is possible, provided you “shout” at the right network,and that all the machines that route traffic on the way will let the packet pass.Which is not to be taken for granted, since there are various network attacks thatemploy packets that look very similar to the Magic one. Therefore, some routersmay decide to block such traffic (by default even).
One of the last obstacles may be your home router. Many people who use permanent connections (DSL or cable) buy a router and set up the computers in their home in a LAN behind that router. This is a good thing, but some of the cheaper routers may not have any special way of dealing with WOL packets and may choose to simply block them. You would therefore be well advised to check the documentation for any home router you intend to buy and look up “Wake On LAN”.
How a home router deals with WOL may vary. Here’s one example I’m familiar with: the AT-AR221E,which offers a WOL tool in its administration interface. Basically, it’s an utility that can be used to generate a Magic Packet for the specified MAC within the LAN. While this doesn’t exactly mean WOL over Internet, the result is pretty much the same: you are able to log in to the router interface remotely and then signal the desired machine to wake up.
4.2.2. How to generate a Magic Packet
There are various utilities out there which you can use to broadcast Magic Packets.
- A very fine tool is the Wake-On-LAN Client which is a very flexible and featureful Linux console utility.
- Many more, in all kinds of implementations, for many environments and operating systems, can be found on A. Czechowski’s excellent page.
- Depicus provides a Web form which you can use to attempt WOL over Internet.
- Your local router (if you have access to any) may include a Magic Packet generator.
Here’s a quick example for using Wake-On-LAN Client:
wol -h 192.168.123.2 -p 53 --passwd=x-x-x-x-x-x XX:XX:XX:XX:XX:XX
The password is the SecureOn password (see below). The last part is the MAC address.
Please note that if you target a computer on the same LAN you don’t need to specify an IP address or port. The MAC address will be used in conjunction with the ARP tables to determine the target machine.
However, the IP address can become important if the target computer is not on the same network as the machine you run the client on. You can use broadcast addresses to better control what machines you reach.
The port number is usually not important, any port will do. However, there are cases where it might also become useful, such as making sure the packet can pass a firewall or router restrictions.
4.2.3. Security considerations
Please realise that WOL can be quite a security risk. If a computer is off it cannot be hacked remotely; but if it can be turned on remotely, the chances for a security compromise start moving away from zero.
Outside of some particular cases when you want a machine to always stay on when there’s network activity, you should aim for maximum control over WOL. It is therefore highly recommended to only allow the Magic Packet wake-up method, because it has several safety measures included.
4.2.3.1. MAC address protection
The Magic Packet requires the remote party to know the MAC address of your network card. The MAC address is made out of 6 bytes and can also be set to whatever you want, allowing for 2^48 possible combinations.
But don’t just assume nobody can find out what it is. Anybody on your LAN for instance can find out what it is, it’s as simple as doing cat /proc/net/arp
. So remember, there are quite a few cases when the MAC address is broadcasted remotely and can be read by others.
4.2.3.2. SecureOn password protection
Some network cards allow you to set a Magic Packet password; this feature is called SecureOn. The password is also 6 bytes like the MAC address, and also allows for 2^48 combinations. Unlike the MAC address, however,it cannot be read remotely, only guessed, and the 2^48 combinations make guessingit an impossible task for all practical purposes.
You can set the SecureOn password like this (use 2-digit hexadecimal numbers in place of xx/yy/zz/…):
ethtool -s eth0 wol sethtool -s eth0 sopass xx:yy:zz:aa:bb:cc
4.2.3.3. Using more than one network card
If you have more than one network card installed, make sure you don’t forget to secure all of them as far as WOL is concerned. If you leave even one of them with WOL enabled it will nullify your efforts for the entire system.
5. More information
The following places offer more information regarding Wake-On-LAN:
Previous post: Simple Artwork License (SAL) |
Next post: Extracting/demultiplexing subtitles embedded in OpenDML AVI files |