WOL Across Subnets

Discussion in 'Networking & Security' started by PiERiT, Apr 4, 2018.

  1. PiERiT

    PiERiT 2[H]4U

    Messages:
    2,291
    Joined:
    Oct 8, 2010
    Just got ATT gigabit here and the WiFi coverage from their device is not great. I grabbed a Google OnHub I had in my closet and plugged it into the ATT box and set it up as an access point, and by default it uses a different subnet, 192.168.86.X, compared to the ATT device's 192.168.1.X. This is mostly fine and I can do just about everything between subnets, including SMB and Plex, but WOL doesn't seem to work. That is, I have an app on my phone (192.168.86.X) to perform WOL and it can no longer wake my desktop (192.168.1.X). It only works if both devices are on one subnet or the other.

    Do I need to do something special to allow WOL to work across subnets? Or can I set my OnHub to use the same subnet for itself and its DHCP clients as long as none of it interferes with the addresses being used by the ATT box and its DHCP clients?

    Edit: Reading this may actually be due to double NAT. ATT box doesn't have a setting for bridged mode but the OnHub does. Will look into that more.

    Edit2: I think I'm just screwed. If I set bridged mode on the OnHub I can no longer specify DNS for my DHCP wireless devices -- ATT box doesn't allow it. So either I don't get WOL or I don't get to specify DNS servers. I want both but I want the latter more. Oh well.

    Edit3: I ended up setting the OnHub to bridged mode and bought a Raspberry Pi to handle DHCP/DNS.
     
    Last edited: Apr 13, 2018
  2. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,282
    Joined:
    Oct 4, 2007
    It sounds like you have something misconfigured. Access points such as you are describing when placed in AP mode do not actually route traffic, so the wireless clients connected to it should belong to the same VLAN/subnet to the wired network to which it's connected.

    IF you set the OnHub to be in bridged mode, that is completely intended that you don't configure DHCP and DNS on that device, as basically that access point is just acting as a "dumb L2 switch".

    Alternatively, you should be able to contact AT&T and have them place THEIR modem in bridge mode and you can connect your own router. This way your router will have a true public IP address on its Internet/WAN interface and the AT&T modem is just terminating the connection and passing the traffic through as a "dumb" device. You could probably just connect the Google OnHub to the AT&T Modem and set the OnHub to be in router mode with the Modem in bridge mode.
     
  3. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,282
    Joined:
    Oct 4, 2007
  4. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    no broadcast across subnets is by design otherwise every ip would receive every broadcast packet.
     
  5. PiERiT

    PiERiT 2[H]4U

    Messages:
    2,291
    Joined:
    Oct 8, 2010
    I will try that tomorrow. I'm sure I need to do something to the OnHub afterwards though, no? It's getting a private IP on the WAN side right now, switching it to public won't change the fact that the LAN side uses a different subnet.

    Or would the OnHub become the only functional router after doing this? I'm hoping to use the ATT box for wired, OnHub for wireless, while somehow having all devices on the same subnet. I know I could use a cheap UniFi to accomplish that but then I'm back to not being able to use a custom DNS because ATT are dicks.

    Makes sense. Thanks.
     
    Last edited: Apr 5, 2018
    Cmustang87 likes this.
  6. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,282
    Joined:
    Oct 4, 2007
    You are getting a private IP address on the WAN side of your OnHub because your AT&T modem is acting as a NAT router/firewall. You won't be able to get a public IP address on any of your own gear that's connected to the AT&T router unless you put it in bridge/passthrough mode.

    If you set the OnHub to Access Point/Bridge only for wireless, it's intended that you don't set DHCP/DNS or any of those services because the device is relegated to just a basic L2 device. The purpose of putting it in AP mode is to bridge wireless clients to the wired LAN (AT&T modem/switch).
     
  7. PiERiT

    PiERiT 2[H]4U

    Messages:
    2,291
    Joined:
    Oct 8, 2010
    Nothing to be done then I suppose? Either no WOL or no custom DNS.

    What's funny is that I only have one wireless device where I need the custom DNS to come from DHCP. The rest I could set statically. Every angle I look at has one tiny thing that won't work. :(
     
  8. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    Unfortunately, what you are asking is beyond the means of a typical home router. You will need to research and upgrade to the SOHO level or flash to a third party firmware. dd-wrt is probably your best alternative in the low end. Just need a router that can accept the flash. Been using DD-wrt for years, very stable, secure and hackable (IPTABLES).

    https://www.dd-wrt.com/wiki/index.php/WOL
     
  9. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,282
    Joined:
    Oct 4, 2007
    Can you not make any changes on the AT&T device?
     
  10. PiERiT

    PiERiT 2[H]4U

    Messages:
    2,291
    Joined:
    Oct 8, 2010
    I was hoping not to have to buy anything. I'm fine without WOL unless I figure something out with what I have.

    I have full access to it, it's just flat out missing certain options like specifying DNS or setting bridged mode (the passthrough thing you found being the only option).
     
  11. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,282
    Joined:
    Oct 4, 2007
    Put it in passthrough mode and connect your own router. The best solution. ISP gear is trash.
     
  12. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    YEP My Router is servicing the PPoE while the crap DSL router is in bridge mode. IP Drop list via custom shell script. Get past that and then your in the DMZ, To get to the LAN, there's another subnet, router and firewall to through. Because wireless security sucks, it has it's own subnet. And that's all I can say about that.
     
    Last edited: Apr 5, 2018