Using Wake-On-LAN WOL/PME to power up your computer remotely

1. Introduction

Wake-On-LAN, or WOL in short, is a feature offered by some network cards and motherboards which allow the computer to be powered up when it detects certain activity on the network.

Making use of WOL may decrease security risks, since the computer won’t be on, connected and unattended for prolonged periods of time; it will save power and thus reduce your bills; it will save the life of the components.

This column will describe this functionality and will give you an overview of the most important issues you need in order to make it work.

[Note] Note: This column assumes you have at least basic understanding of computer networks. It is beyond the scope of this document to teach you about those.

2. Hardware requirements

2.1. Basic functionality

First of all, you need to make sure that the network card you intend to use and the motherboard in your computer both support Wake-On-LAN functionality.

The network card should mention such functionality in the specifications or in the user manual, the same goes for the motherboard. If you’re trying to decide on buying a new card or board most of the time you can find PDF documents on the manufacturer’s website so you can make an informed decision.

[Tip] Tip: Keep in mind that Wake-On-LAN is sometimes referred to as WOL, or as PME (Power Management Event).

If you have both motherboard and network card handy you can make a quick check for WOL like this:

2.2. WOL implementations

Older network cards and/or motherboards needed a special 3-pin cable connecting them in order to make WOL work. Even if a network card is recent and advanced, it may still provide a WOL cable and a WOL socket for backwards compatibility with older motherboards.

Starting with PCI version 2.2, there’s been a new development in the PCI standard in the form of PME (Power Management Events). What this means is that PCI cards can send and receive PME via the PCI socket directly, without the need for a WOL cable.

Check the network card and motherboard manual for the following things:

The findings will tell you whether you need to make use of the WOL cable or if they can talk PME directly.

[Caution] Caution: Both network card and motherboard need to match at least one WOL method. If, for instance, you find out your network card needs to send WOL via cable, but the motherboard has PCI 2.2 and doesn’t offer a WOL cable connector… well, you’d be out of luck.

2.3. Network card installation

If the network card is embedded on the motherboard, your job is somewhat easier. Just go into the BIOS and enable it. If the motherboard supports WOL, the network card will most likely do too.

If the network card is a PCI card and if you need to use the WOL cable, look for the WOL connector on the motherboard first. Its location is described in the manual. The WOL cable can be pretty short so you want to use a PCI slot that’s close enough to it. Very often the WOL cable connector is placed near the group of led and switch connectors, which means you will only get enough cable to reach it from the last PCI slot.

3. Software requirements

3.1. BIOS settings

All relevant settings are usually found under a BIOS section called “power management”. Your mileage may vary. Your motheboard manual should help you locate them.

The following settings will help you enable WOL from the motherboard’s point of view.

3.1.1. Power management

Please note that power management features such as WOL are in close relation to power management itself. So you will most likely need to enable ACPI or APM support for the motherboard.

ACPI and APM are the two main industry standards for power management (ACPI being the newest and more advanced). If your motherboard supports WOL, this implies support for either ACPI or APM. You should make sure that whichever one is supported by your motherboard is enabled in the BIOS settings.

[Note] Note: Often you may find that the WOL and power-off state options are not accessible unless you enable ACPI/APM.
[Tip] Tip: Sometimes the ACPI option is called IPCA in the BIOS.

3.1.2. Power-off state

This option may have various names:

Most likely you will need to set this to S3/STR in order to make the motherboard able to wake up on various events. STR (Suspend To RAM) is a special power-off state which leaves certain parts of the machine in a “sleeping” state, but still aware of their surroundings. You could say that the machine is “sleeping with one eye open”.

3.1.3. WOL support

Finally, look for the WOL option. Usually it is labeled “WOL” and is found under the “power management” section. But it may also be labeled “PME” or “Wake (up) on LAN/Ethernet/PME#”, or found under a different BIOS section.

3.2. Network card settings

After taking care of the motherboard, you still need to enable WOL from the network card’s point of view.

There are various possible WOL settings for a network card, mainly related to choosing what kind of network activity should trigger WOL events.

[Note] Note: This article is aimed at Linux. If you use Windows, you should find power management settings in your network card properties in the device manager.

3.2.1. Setting WOL settings with ethtool

For accessing these settings you can use the ethtool command line tool, which is part of the gkernel project. Here’s an excerpt from the relevant part of the man page:

wol p|u|m|b|a|g|s|d...
   Set Wake-on-LAN options.  Not all  devices  support  this.   The
   argument  to  this  option  is a string of characters specifying
   which options to enable.
   p  Wake on phy activity
   u  Wake on unicast messages
   m  Wake on multicast messages
   b  Wake on broadcast messages
   a  Wake on ARP
   g  Wake on MagicPacket(tm)
   s  Enable SecureOn(tm) password for MagicPacket(tm)
   d  Disable (wake on nothing).  This option clears  all  previous
      options.

You can set any combination of WOL trigger events with a command such as this:

ethtool -s eth0 wol umgb

[Caution] Caution: If your computer has a permanent Internet or LAN connection, certain events will occur very often, as often as every couple of minutes. This will make your computer wake right back up very soon. It may or not be what you wished for.

3.2.2. Disabling WOL

You can effectively turn WOL off for a network card using the following command:

ethtool -s eth0 wol d

Now the network card won’t respond to WOL events regardless of what the motherboard WOL settings are. This allows for runtime software control over WOL.

3.2.3. Recommended setting

It’s recommended to only allow the “magic packet” to trigger WOL events. In order to do this, use the disable command above, followed by setting the g option.

Having the magic packet as the only WOL event makes sure the computer will not power up due to random network activity, but only as the result of a very specifically targeted wake-up call. More on this to follow below.

3.2.4. More than one network card?

You may have more than one network card in your computer. I just wanted to remind you that once the motherboard enables WOL, any of the installed cards can potentially make use of it. Provided they have the appropriate WOL support and connectivity, of course.

Make sure to set or unset the desired options on all active network cards. Otherwise, the default settings in regard to WOL may vary from card to card and may lead to unforeseen consequences.

4. Using WOL

So you’ve enabled everything you could, and now you’re wondering just how exactly do you trigger a wake-up call remotely via network.

4.1. Waking up on network activity

As you saw above in the ethtool help, there are various network activity events that can trigger WOL remotely, ranging from regular network activity to targeted calls.

Such events will definitely occur when the targeted machine is connected to at least one other network-enabled device. This is clearly the case, or you wouldn’t be considering using WOL in the first place.

There are probably cases when you may wish for a machine to power up when detecting such network events. If you know what you’re doing you can make use of them. A valid use can be making sure the machine always starts up again after an unwanted power-off.

However, if you want to be the one to decide when the machine powers up, please disable WOL on network events and read about the Magic Packet below.

4.2. Waking up when receiving the Magic Packet

This type of remote wake-up call is special, because it allows for more control over who and when can trigger WOL on a certain machine.

The Magic Packet is an UDP network packet, which contains a certain header, the MAC address of the targeted network card (repeated 16 times), plus optionally a password. If you know the MAC and the password you can craft a Magic Packet.

Making it reach the target machine, however, can be more tricky.

In order to successfully send a Magic Packet you need to broadcast it to a network. This is the equivalent of shouting someone’s name in a crowded room. No, you cannot identify the machine by IP address, it’s powered down, remember? All you can do is broadcast the packet to every machine in that network and let them pass it around until it reaches the sleeping machine with the right MAC address. Other machines will also receive it, but will discard it since the MAC doesn’t match.

This is very easy to do in a LAN (local network), since all the machines know each other and there are ARP tables and other stuff that will help.

4.2.1. Sending the Magic Packet over Internet

But is it even possible to send the Magic Packet over Internet? Many would tend to respond “no” to this question, at the first glance.

It’s not a simple question, so please read this more in depth information on the subject; see “Wake on Lan over the Internet (or why is it such a pain in the ****)”. That page also describes various caveats and tells you how to calculate a subnet-directed broadcast address.

In simple terms, yes, it is possible, provided you “shout” at the right network, and that all the machines that route traffic on the way will let the packet pass. Which is not to be taken for granted, since there are various network attacks that employ packets that look very similar to the Magic packet. Therefore, some routers may decide to block such traffic (by default even).

One of the last obstacles may be your home router. Many people who use permanent connections (DSL or cable) buy a router and set up the computers in their home in a LAN behind that router. This is a good thing, but some of the cheaper routers may not have any special way of dealing with WOL packets and may choose to simply block them. You would therefore be well advised to check the documentation for any home router you intend to buy and look up “Wake On LAN”.

How a home router deals with WOL may vary. Here’s one example I’m familiar with: the AT-AR221E,which offers a WOL tool in its administration interface. Basically, it’s an utility that can be used to generate a Magic Packet for the specified MAC within the LAN. While this doesn’t exactly mean WOL over Internet, the result is pretty much the same: you are able to log in to the router interface remotely and then signal the desired machine to wake up.

[Note] Note: Resist the temptation to think of the Magic Packet as a regular, specifically targeted transmission, such as PING or a SSH connection. Always remember that the target machine is off, so there’s no associated, live IP. What you use instead is in fact a hint sent to that machine’s general “neighborhood”. The machines or routers in that neighborhood will pass the packet around and it will eventually reach the target too. It’s an indirect approach.

4.2.2. How to generate a Magic Packet

There are various utilities out there which you can use to broadcast Magic Packets.

Here’s a quick example for using Wake-On-LAN Client:

wol -h 192.168.123.2 -p 53 --passwd=x-x-x-x-x-x XX:XX:XX:XX:XX:XX

The password is the SecureOn password (see below). The last part is the MAC address.

Please note that if you target a computer on the same LAN you don’t need to specify an IP address or port. The MAC address will be used in conjunction with the ARP tables to determine the target machine.

However, the IP address can become important if the target computer is not on the same network as the machine you run the client on. You can use broadcast addresses to better control what machines you reach.

The port number is usually not important, any port will do. However, there are cases where it might become useful, such as making sure the packet can pass a firewall or router restrictions.

4.2.3. Security considerations

Please realise that WOL can become a security risk, if used improperly. If a computer is off it cannot be hacked remotely; but if it can be turned on remotely, or wakes up by itself, the chances for a security compromise start moving away from zero.

Outside of some particular cases when you want a machine to always stay on when there’s network activity, you should aim for maximum control over WOL. It is therefore highly recommended to only allow the Magic Packet wake-up method, because it has several safety measures included.

4.2.3.1. MAC address protection

The Magic Packet requires the remote party to know the MAC address of your network card. The MAC address is made out of 6 bytes and can also be set to whatever you want, allowing for 2^48 possible combinations.

But don’t just assume nobody can find out what it is. Anybody on your LAN for instance can find out what it is, it’s as simple as doing cat /proc/net/arp. So remember, there are quite a few cases when the MAC address is broadcasted remotely and can be read by others.

[Warning] Warning: Just assuming the MAC address won’t be found out is NOT secure protection so don’t rely on it 100%.
4.2.3.2. SecureOn password protection

Some network cards allow you to set a Magic Packet password; this feature is called SecureOn. The password is also 6 bytes like the MAC address, and also allows for 2^48 combinations. Unlike the MAC address, however,it cannot be read remotely, only guessed, and the 2^48 combinations make guessingit an impossible task for all practical purposes.

You can set the SecureOn password like this (use 2-digit hexadecimal numbers in place of xx/yy/zz/…):

ethtool -s eth0 wol sethtool -s eth0 sopass xx:yy:zz:aa:bb:cc

[Tip] Tip: It is highly recommended to set a SecureOn password if your network card supports it.
4.2.3.3. Using more than one network card

If you have more than one network card installed, make sure you don’t forget to secure all of them as far as WOL is concerned. If you leave even one of them with WOL enabled it will nullify your efforts for the entire system.

5. More information

The following places offer more information regarding Wake-On-LAN: