家庭 / 私人 C 类网络环境

此章节为我与 WolOn APP 开发者的往来邮件。基本 Wake-On-LAN 网络唤醒原理和主机设置就不赘述了。

A question about wake up on WAN with ipv6

Hello!

I encountered a problem when using your WolOn APP. My padavan router and PCs have native ipv6 address and all configured ipv6 DDNS. My ISP can’t provide me with a public ipv4 address. So I would like to use the router to forward ipv6 packets when wake up on WAN.

Wake up on LAN and wake up on WAN with ipv4 (like 192.168.1.2 and 100.65.119.101) works very well. However wake up on WAN with ipv6 (like 2409:8a23:a60a:8698:c051:c583:f271:adef) and pure ipv6 domain (only has AAAA record) doesn’t work.

I configured router ipv6 firewall like this:

1

1
2
ip6tables -A INPUT -p udp --dport 9 -j ACCEPT
ip6tables -I FORWARD -p udp --dport 9 -j ACCEPT

2

1
2
ip6tables -A INPUT -p udp --dport 9 -j ACCEPT
ip6tables -I FORWARD -p udp -d 2409:8a23:a6af:c612:3129:3b6f:e6a5:844b --dport 9 -j ACCEPT

3

1
2
3
4
5
ip6tables -F
ip6tables -X
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT

Each kind of 3 configs doesn’t work.

Does your software fully support ipv6? May you please give me some advice?

Thank you.

The supplement of “A question about wake up on WAN with ipv6”

Hello!

I have done many attempts.

I filled in “100.65.119.101”(the router ipv4 WAN IP) in the “Router IP/Hostname” of WolOn/WAN. The packets arrived. As is shown in the screenshot of Wireshark. The lower entry is for WolOn/LAN.

image-20220917141359119

I filled in the router ipv6 WAN IP in the “Router IP/Hostname” of WolOn/WAN. The packets didn’t arrive. Wireshark caught nothing. However, the router ip6table log indicates that the packet was accepted by the firewall:

image-20220917142356270

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:3389
2        0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:3389
3       30  4500 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:9
4       16  2694 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
5      139 25724 ACCEPT     all      br0    *       ::/0                 ::/0               
6        0     0 ACCEPT     all      lo     *       ::/0                 ::/0               
7        8   600 logaccept  icmpv6    *      *       ::/0                 ::/0                 ipv6-icmp !type 128
8        0     0 DROP       all      *      *       ::/0                 ::/0                 state INVALID
9        0     0 logaccept  udp      *      *       ::/0                 ::/0                 udp spt:547 dpt:546
10       0     0 logaccept  tcp      *      *       ::/0                 ::/0                 tcp dpt:80

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:3389
2      102 19720 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:3389
3        0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:9
4        0     0 ACCEPT     all      br0    br0     ::/0                 ::/0               
5       66  4944 TCPMSS     tcp      *      !br0    ::/0                 ::/0                 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
6     3571 1582K ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
7        0     0 logaccept  icmpv6    *      *       ::/0                 ::/0                 ipv6-icmp !type 128
8       56  3866 DROP       all      *      *       ::/0                 ::/0                 state INVALID
9      835  131K ACCEPT     all      br0    *       ::/0                 ::/0               
10       0     0 upnp       all      *      *       ::/0                 ::/0               

Chain OUTPUT (policy ACCEPT 557 packets, 215K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain bfplimit (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain logaccept (4 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        all      *      *       ::/0                 ::/0                 state NEW LOG flags 6 level 4 prefix "ACCEPT "
2        8   600 ACCEPT     all      *      *       ::/0                 ::/0               

Chain upnp (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Each time I click on the botton of WolOn, the “pkts” adds 10.

So what do these tests show? I am looking forward to your reply!

Re: The supplement of “A question about wake up on WAN with ipv6”

Hi,

You’ve done some pretty deep research.

For your internal network you should use IPv4 as WOL protocol doesn’t work on IPv6, it relies on broadcast and IPv6 doesn’t have broadcast addresses. I didn’t dive into your iptables config, but the idea is simple - get the WOL packed on your external router interface and broadcast it into your LAN. In your case I presume you should have your router’s external interface on IPv6 and your LAN on IPv4 then do the proper routing to broadcast WOL packets to your IPv4 network.

WolOn sends a burst of WOL packets, so it’s ok if you see in logs more than one packet at a time.

I hope it helps,

Alex.

Thank you for your reply.

Hello!

Thank you for your prompt reply. I got you. I did add a static ARP IPv4-MAC binding rule in my router. However I have left my home and now back to campus. Maybe I should try to install a tool like socat or xinetd to forward ipv6 WAN packets as ipv4 into LAN (broadcast or directly sent to 192.168.123.48) the next time.

You may have noticed that there was a forward rule in my first email: ip6tables -I FORWARD -p udp -d 2409:8a23:a6af:c612:3129:3b6f:e6a5:844b --dport 9 -j ACCEPT. It means that the ipv6 wol packets will be forwarded to the PC with this ipv6 address, but the PC didn’t receive it. If the PC was shutdown, I guess that’s because there was no MAC record coresponding to this ipv6 address. But even if the PC was on, it didn’t receive the packets. That’s one question I have.

Appreciate your efforts,

Xia.

简洁翻译

WOL 协议在 ipv6 上无法工作,因为 ipv6 没有广播地址。路由器 WAN 口收到的 ipv6 WOL 包必须在内网以 ipv4 的方式广播出去。

校园 / 办公 B 类网络环境

PC 在 10.12.148.143,手机在 10.0.161.8,分属于两个路由器下的广播域,虽然可以凭借静态路由表直接互相通信,但是广播 WOL 包只在 10.0.255.255 下起效,10.12.255.254 网关不会广播来自 10.0.x.x 的 WOL 包。

因此,跨网段只能直接发送 WOL 包实现唤醒,不能广播。关机后一段时间内,交换机还留存着 IP 地址对应的 MAC 地址,此时可以成功唤醒。但交换机没有设置静态 ARP IP 地址绑定,超过超时时间就无法唤醒了。

但是校园网的这个情况也有解决方案,在台式机与网口之间再接一台路由器。路由器长期在线,手机也可以直接给路由器发送 WOL 数据包,由路由器端口转发给台式机。普通路由器可能会遇到地址过期后换了新地址的问题,但如果是 Padavan 的话,可以进行 DDNS。虽然上传的是内网 NAT 的 WAN 口地址,但是只要手机也在内网,那就可以利用域名访问。

这落后的校园网,明明去年还有 2001 开头的教育网 IPv6,今年就没有了。打电话问了一下网络中心,被矢口否认了,便无法利用纯 IPv6 域名从公网访问路由器。NAT 类型也只有对称型 NAT4,连江苏移动都可以在路由拨号后做到全锥形 NAT1,BT 的末路,115 大展拳脚。

总结

LAN 指只填写 MAC 地址和广播地址的 WOL 方式,WAN 指填写 MAC 地址和目标(主机或路由器)IP 地址:端口号的 WOL 方式。以 LAN 方式直接发送给目标主机 WOL 包是没有意义的,因为 WOL 靠负载 MAC 工作。

  • LAN 同网段广播 WOL 包:成功
  • LAN 跨网段广播 WOL 包:失败,路由器广播域隔离
  • IPv4 WAN 直接发送给目标主机 WOL 包:成功,若路由器未设置静态 ARP IP 地址绑定,则会超时失效
  • IPv4 WAN 直接发送给路由器 WOL 包:成功,由路由器端口转发
  • IPv6 WAN 直接发送给目标主机 WOL 包:失败,Padavan 无法设置 IPv6 地址绑定,需进一步探讨原因
  • IPv6 WAN 直接发送给路由器 WOL 包:失败,IPv6 不使用广播地址,需进行 6to4 转发 
1
socat TCP6-LISTEN:9,fork TCP4:192.168.123.48:9

学习资料

隔离广播域的 VLAN 来了 - 来份锅包肉 - 博客园

port forwarding - Use iptables to forward ipv6 to ipv4? - Server Fault

IPv6 笔记 - 地址结构与分类 - fengf233 - 博客园

IPv6 的组播地址(掌握 IPv6 通信原理的关键知识点)_无名的基督的技术博客_51CTO 博客