Hi all, I’m not a network guru but when I was confronted with this problem, as I saw many people were having the same problem on the forums I visited, I decided to share how I managed to solve it, after hours of tries and tests. Sorry for the inaccuracies, this is not a technical paper, it’s just a “how I did it” blog post. I’m not a network administrator I’m a CG guy who wants to use his NAS. Feel free to correct me in the comments.
The goal : being able to start then access my NAS remotely, from the internet (not only from my own WIFI network). Starting a device through the internet is called “wake on wan” or “WOW”.
- Modem Router : SFR NB6VAC.
- Router : Asus RT-AC68U
- NAS : Synology DS216j
- Laptop and smartphone to test wake on wan.
As you can see, my router is behind my ISP’s modem-router, which brought additional challenges. We’ll deal with this later.
Setup your LAN
Wake on Wan will not work if Wake on Lan doesn’t work, so start by setting your LAN properly.
Give a Static IP for your NAS inside your LAN. I set it up inside the Synology DSM control panel.
it is better to give static IP’s to your computers inside your LAN, except perhaps for laptops.
Also, still in the Synology DSM control panel, enable Wake on Lan.
Collect your MAC address. You can find it in CMD > ipconfig /all or in your router.
Test Wake On Lan
First, you can test the “wake on lan” tool of your router. Then, try also with some apps:
Just enter your NAS’ local IP and MAC address,
Also add the local port. For example, don’t put 8009, just put 9. Try also 7 and 22 if 9 does not work.
But adding an IP should not be absolutely necessary. I’m not sure, but when one uses wake on lan, only the MAC address is involved.
Try these apps. You should observe the target PC powering up almost instantly upon hitting enter.
Having a private WAN IP on your router?
We want to start configuring the devices for wake on wan. But before we start, there’s something we should check…
Check the WAN IP address of your router. If it looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC-1918 IP address (often referred to as private addresses). But for external access to our devices, it’s better to have a public address. Why is my router’s WAN address private? Because the SFR modem-router is issuing a private IP to the Asus router.
Because of that, the Asus router is complaining that “The wireless router currently uses a private WAN IP address. This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.” That is because the asus router took an internal ip from my modem. Its a known fact that dynamic DNS concept will not work on dual natting. So there are a lot of things I can’t do on the router with a private WAN IP: activating a DDNS for the router, and all AI Cloud services, which rely on DDNS, like Cloud Disk, Smart Access, Smart Sync.
Another problem is that your own DDNS, the one we will set up later in this article, will not be reachable if this limitation is not avoided. Your own NAS DDNS, will look like mynas.synology.me:5000, and will be useful to connect to your NAS’ web interface remotely. This web interface won’t appear in your web browser if you don’t fix the problem. Instead, as per my tests, when you type this address, you’ll see the web interface of your modem-router. But wake on wan needs a DDNS that reaches its target: the NAS. So it is important to solve this issue.
To solve that, it is advised to put the modem router into bridge mode, so that the router gets a public WAN IP. Big problem here : my modem router does not have bridge mode and my ISP does not intend to add this function via a firmware upgrade in the future. There may be ways to hack this modem router but I didn’t try. Let’s move on.
Bypass the modem router without Bridge
So the solution I found was to use the modem-router’s DMZ function. What it does is pass on all internet traffic to the router.
While this solution is not ideal, it has solved part of the problems for me.
I also tried port forwarding instead of DMZ, but it didn’t work for me. So I kept the DMZ option on.
Ports forwarding on your router
To configure the devices for wake on wan, the 2nd step is to setup port forwarding on the router.
I really had no idea which port the router or the NAS uses for waking on LAN. Is there a way to know it other than with trial and errors? According to bigeddu on the Synology forum, the port is 22. But he doesn’t have the same Diskstation or router I have. So I found out after many tests that my Diskstation uses the port 9. I tried ports 7,9 and 22.
To make sure which port was the right one, I added many port forwards in my router. Here are them:
The first line is to access your NAS’ interface. The 3 following lines are for Wake on lan attempts. The last line is another computer. You should add the 4 first lines.
“Source target” : I think that value should be left empty.
While you’re in your router’s options, bind the NAS’ IP with its MAC address. Due to the fact that a “Magic Packet” (the data packet that wakes your hardware) is always broadcasted to the MAC address and not to the IP address, we need to tell our router that the signal it is receiving from an IP and port, should go to a MAC address. Indeed, if the NAS is off, there is no IP our router can find, so it must forward the WOL signal from the IP to a specific MAC address.
Restart the router after all is configured.
DDNS for your NAS
Previously, we set up a static local IP address for your NAS. Now we need to set up a static public IP address for your NAS. If you have only a local IP address, when you will send the wake on lan signal from the internet, the NAS will be unreachable because this IP is private and is behind your router. Now if the IP is public, the WOL request will find the public IP and will reach the NAS.
To get a static public IP address, we need a DDNS provider. There are some free DDNS providers in the internet (NO-IP is an example) but I am using Synology’s DDNS Service. You can get one in the control panel of your Disk Station DSM: “External Access” > DDNS. You will get an address that looks like a domain name, for example: mynas.synology.me. Restart the NAS. Then, to connect to your NAS’ web GUI, just type http://mynas.synology.me:5000 . Try it.
Persistent static ARP entry on the Asus router
This is the complicated part, the problem I spent so much time locating.
First, let’s summarize how our Wake on Wan will work: First, the user sends a wake on wan request through the internet. DDNS routes the signal towards our private network at home. The modem-router gets it and passes it on to the router via DMZ. The router gets it. Its port forwarding settings tells him he must pass it to the NAS. Using the IP-MAC binding, he passes this signal to the NAS. Now everything should work… But it deosn’t. WHY???
The answer is that when the NAS is switched off, the router forgets about the MAC address. Yes that’s right. As the MAC address is binded to the IP, and as this binding setting is kept in the router’s memory, it SHOULD not forget about the NAS’ MAC address, even after everything is shut down and restarted, but sadly, that’s the way it is. So we have to work on this problem again! Make him eat this MAC!
First, we have to test if the router can memorize this MAC address forever. For this, we have to connect to the router by Telnet or SSH. So the first step is to enable telnet and / or SSH in the router’s settings.
Then you can use putty to connect to your device. Install Putty, launch Putty (not the other utilities), and enter the router’s local IP then ENTER.
Enter your router’s admin username , not “root”
Enter password [your admin password]
Type “arp” (without quotes): you should see the list of devices that the router is connected to. If the NAS is shut down, you’ll see it’s not in this list.
But we’ll make the router remember the NAS. Type the following after logon to router via telnet.
arp -s xxx.xxx.xxx.xxx yy:yy:yy:yy:yy:yy <Enter>
Where xxx.xxx.xxx.xxx is the local STATIC ip address of your NAS, and yy:yy:yy:yy:yy:yy is the MAC address of your NAS.
NOTICE, the ip address numbers are separated by periods “.”, and the mac address numbers are separated by colons “:”, with a space in between the two.
To see if it was done correctly, type ARP from telnet prompt, it should show your computer ip address and mac address with PERM in the line, meaning permanent.
Now you can test a wake on wan (see below) and it should work.
However, if you reboot your router, you will still have to enter this again, as it erases the arp table when you reboot. Damn! So let’s get this even more complicated. All we need to do is to have this command to run each time the router starts. The command will automatically start “arp -s [IP] [MAC]” each time we boot the router.
To do this, there 2 ways. The first is to have a usb thumb drive permanently connected to the router and install the router’s USB application “Download Master”. This method did not work for me. The second method is to install the Merlin Firmware for Asus routers. This worked.
Here’s a 10 steps guide:
1 — Install the Merlin firmware from http://asuswrt.lostrealm.ca/ . At the beginning I didn’t want to install another firmware but then I found the Merlin firmware installs fine, provides nice tools and options, provides the nano editor. It also provides SMB master browser which is good for your home network.
2 — Set up JFFS : On router UI > Administration > System Tab > you’ll find options for JFFS2 that are available only on custom firmwares like Merlin’s. We have to enable “Format JFFS partition at next boot” and “Enable JFFS custom scripts and configs”. Click apply, reboot, and after the reboot, check again: “Format JFFS partition at next boot” should be on “no” and “Enable JFFS custom scripts and configs” should be on “yes”.
3 — Merlin provides some customizable user scripts. Those scripts are stored in the internal non-volatile flash in the JFFS partition. But some of them do not exist right after you install Merlin. Now we will create one fo them : the file “services-start”.
4 — You’ve got to type in the Putty terminal:
nano -w /jffs/scripts/services-start
arp -i br0 -s [IP, for example 192.168.1.254] [MAC address, for example FF:FF:FF:FF:FF:FF]
5 — Press CTRL-O to save changes in the “services-start” , enter to save, and you’ll see something like “Wrote 2 Lines”.
6 — Then press CTRL-X in order to close nano-editor
7– With the following command, you’ll make your file executable. Type the following in Putty terminal:
chmod a+rx /jffs/scripts/services-start
8 — Then type in Putty terminal “reboot” and the router will reboot.
9 — Testing : After reboot, still with Putty, you can login into your router. Type a command “arp”. You’ll see what IP addresses correlate to what MAC addresses. You should see the word “PERM” just right after the MAC address of the NAS. I guess that PERM means permanent.
10 — That’s it!
Test Wake On Wan
I tried with these apps:
- From a PC : I used Aquila Tech WakeOnLan.
- From a smartphone, I used Wake Up by Cenito. DS Finder did NOT work at all! I suspect it works only on LAN, not on WAN.
Just enter your NAS’ local DDNS domain name, its MAC address, and the external port, the one the router will get. So for example , don’t put 9, just put 8009. Do the same for 8007 and 8022.
And now it’s time to try.
To make sure the test is correct, shut down the NAS, reboot the modem-router and reboot the rooter.
First use your smartphone, disconnect its WIFI and keep the 3G. Use the app. If the Diskstation starts, it means it has worked!
Then you can try to connect your laptop to another WIFI, like one of these free WIFI hotspots, and try again with a desktop or modern UI app. Note: some WIFI hotspots will restrict some accesses.