WOL office machine through l2tp vpn and broadcast in the office subnet

WebWorks
WebWorks Posts: 15  Freshman Member
First Comment Fifth Anniversary
I try to wake up some machines in the office by wol. L2TP works but udp packages sent to the office-subnet-broadcast never arrive.
What do I have to open to be able to send broadcast packeges to the office subnet.
L2TP has ip like 10.0.13.x
Office Subnet has 192.168.123.x

Best Answers

  • valerio_vanni
    valerio_vanni Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Answer ✓
    WebWorks said:
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

    This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?
    Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.

    The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.

    Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.

    You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
  • WebWorks
    WebWorks Posts: 15  Freshman Member
    First Comment Fifth Anniversary
    Answer ✓
    WebWorks said:
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

    This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?
    Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.

    The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.

    Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.

    You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
    Thanks for the long and complete answer. I figured about the same.
    Now I solved the problem with a internal website, based on iis and a wol asp net script.
    Runs like a charm and avoids all the problems.

All Replies

  • valerio_vanni
    valerio_vanni Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    WebWorks said:
    What do I have to open to be able to send broadcast packages to the office subnet.
    Unfortunately... a relay. Even a RaspBerry Pi, but outside the phisical layer, most of the WOL packets are not routable. (there are some exceptions, but the "rule of thumb" i wrote up here quite matches most of the cases)
  • WebWorks
    WebWorks Posts: 15  Freshman Member
    First Comment Fifth Anniversary
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

    This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Hi @WebWorks

    Thanks for your inquiry. Currently, we don't support this scenario.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • valerio_vanni
    valerio_vanni Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Answer ✓
    WebWorks said:
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

    This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?
    Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.

    The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.

    Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.

    You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
  • WebWorks
    WebWorks Posts: 15  Freshman Member
    First Comment Fifth Anniversary
    Answer ✓
    WebWorks said:
    Zyxel devices don't support broadcasts directed to remote subnet.

    They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".

    This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?
    Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.

    The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.

    Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.

    You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
    Thanks for the long and complete answer. I figured about the same.
    Now I solved the problem with a internal website, based on iis and a wol asp net script.
    Runs like a charm and avoids all the problems.

Security Highlight