Setting up a System w/ Wake-on-LAN and VNC?

andrebsd asks: "I'd like to make myself some sort of webpage where I could startup my system with 'Wake on Lan', and once it is started, use VNC to login. Once I'm done doing what I need the system for I would then like to shut it down again. I'm wondering how one might go about putting something like this together. VNC has various scripts for making that part work, but I haven't seen any scripts that can function as a 'Power on/Power off' button for a webpage. Thanks to anyone with any way of doing this." While there are helpful reference for Wake-on-LAN tools, how would you integrate all of these into a coherent system? How might one keep such a system (relatively) secure?

WOL isn't very hard.

[duffbeer703]

You'll need to lookup the precise specifications for WOL. Basically you simply send the MAC address three times to the target machine over UDP. Then the NIC wakes the computer up.

It's not very difficult to do this with a perl script or something similar that can be integrated into a web page.

Another alternative that may interest you if your target computer has access to a phoneline is "Wake on Ring". Some BIOS vendors (Abit was one) allow a modem to power on a PC after a specified number of rings.

Re:WOL isn't very hard.

[revmoo]

Good thinking

Here's a perl script that will do just that, then all you would need to do is combine it with mod_perl and you'd be set. As far as security I don't really think it'd be an issue, besides, you DEFINITLY have security-through-obscurity on your side here :-)

Where is your "system"?

Where is your "system"?

You do realize that Wake on LAN is a layer two protocol, right? I.e. it's an ethernet protocol that has nothing to do with IP, UDP, or TCP.

The webserver that is hosting this webpage will have to be on the same local area network [layer two] as your "system." So:

[you at your web browser] -> [THE CLOUD] -> [the webserver] -> [your "system"]

where the final arrow MUST be on the same local area network.

The person who administers the webserver [the second to last point in the diagram] must give you sufficient rights to some daemon on that webserver so as to allow you to send out a layer two [ethernet] packet via that daemon. If you yourself are not the administrator of this webserver, the chances of you getting those kind of rights are between slim and none. The standard sandboxes, such as the Java sandbox, don't allow you to get anywhere near sending a layer two packet.

Well

[SpaFF]

You could write a cgi-program that calls Etherwake. Or you could be even more savvy and write a cgi or php program that just sends out the wake-on-lan "magic packet" by itself. It's just an ethernet packet. Bear in mind thought that the webserver is going to need to be on the same network as the machine that you are trying to wake up or it won't work.

Some simple ideas

[Gudlyf]

I'm pretty sure it's not possible to sent WOL over the internet, since you're accessing the MAC address to turn the system on. It's broadcasting a packet to 255.255.255.255.

I use WOL to turn my Windows XP PC on by SSH'ing to my Linux server on the same LAN, then running the Linux WOL utility to turn the Windows PC on. Then I have the Terminal Services service running on the WinXP system on a non-default port where I can shut it down if I want to (using tsshutdn). It might also be possible to shut the system down remotely from the Linux system with Samba, but I've never tried that.

Re:Some simple ideas

[duffbeer703]

It depends on alot of factors.

WOL uses UDP to send the "magic packet", usually to port 9, where the packet never goes past layer-2 on the receiving end.

In a LAN this is a broadcast packet, but you can also direct the UDP to the last known IP address associated with a particular NIC. Sometimes it works, usually it doesn't.

Re:Some simple ideas

[duffbeer703]

I forgot to mention that since WOL over the internet is less than reliable, something like Wake-On-Ring with a modem or something similar is probaly a better idea.

Re:Some simple ideas

It is perfectly ok to send any kind of packet whatsoever, as long as it contains the signature which the network card is looking for (essentially its own MAC address repeated several times, though there are different kinds of WOL packets). The problem is getting the packet to the target network card: If you send it to the last known IP address, the last router on the way will ask (by broadcast) which hardware address is associated with the IP address in the WOL packet (Address Resolution Protocol, ARP). Since the target machine is off, it won't answer, so the router drops the WOL packet and returns a "host unreachable" ICMP packet. Directed WOL only works while the ARP-association is still in the last router's cache or statically set. Practically this means that you have to be in control of the last router on the way to the target machine if you want to use directed WOL. In a home network environment, that last router is usually a Linux box, so you could just as well use broadcast WOL from there and avoid the ARP issue altogether.

Re:Some simple ideas

[teridon]

You can wake up a system on a remote subnet by using two methods. One, you mentioned, is by using the remote IP. This probably won't work unless the router on the remote subnet still has the MAC address for that IP in its ARP cache. This isn't likely because if the system is sleeping the ARP cache probably expired already. And when the router for the remote system sends an ARP request (who has IP X), the sleeping system will of course not answer, so the router reports IP X as being down.

The second method is to send to the remote subnet's broadcast address (vice the LAN broadcast). e.g. if the IP is 128.183.23x.xxx, subnet mask 255.255.252.0, the remote broadcast address is 128.183.235.255. The router on the system local to the subnet with then broadcast it, so the sleeping system will see it.

The perl WOL utility allows you to specify the IP to use -- in this case specify the remote broadcast address and it should work. (unless of course there's a firewall blocking it :( )

What I do. . .

[MikeDawg]

I have a couple boxes on my network, one of which is a linux box that is "always-on". I have the SSH port (port 22) open to incoming connections from outside the network, and I have a VNC port open able to get to from outside the network, on the windows machine. I just ssh into my linux box, and run a simple perl script (I already recorded the NICs MAC address) to send the magic packet to the windows machine, give it a couple minutes, and then VNC on in to my windows machine. . .

it's not IP, so it won't get routed

[graf0z]

At least the "standard AMD Magic Packet format" of WoL is ethernet-type 0x0842, not IP (0x0800). Instead of an IP-packet with dest- and source ip address it just contains repeatedly

"FF FF FF FF FF FF 00 11 22 33 44 55"

(if 00:11:22:33:44:55 is the target MAC). So it won't pass any routers, You have to do this in an ethernet-segment. Try

# ether-wake 00:11:22:33:44:55

and catch it with Your favorite sniffer.

It would be senseless to use IP for WoL, as the arp-table of the last router has already forgotten the MAC of the dest ip and cannot resolve via arp-request it as the destination host is sleeping. If You have no machine next to Your target, You're lost.

graf0z.

Re:Any cheap routers capable of sending WOL?

[delus10n0]

SMC routers have always had this. You can log into their web interface and get a listing of DHCP clients. You put a check next to the ones you want to wake, and press "Wakeup". Done!

Consequently, I have a 3Com 3C510 Home Gateway (not made anymore) and it can also do the same wake up functions (not surprisingly, since it contains the same internals as SMCs)

Re:Any cheap routers capable of sending WOL?

[mcowger]

My SMC Barricade 7004AWBR can do this from its web interface. Its a great router in general too, and linux friendly.