WOL office machine through l2tp vpn and broadcast in the office subnet
Options
I try to wake up some machines in the office by wol. L2TP works but udp packages sent to the office-subnet-broadcast never arrive.
What do I have to open to be able to send broadcast packeges to the office subnet.
L2TP has ip like 10.0.13.x
Office Subnet has 192.168.123.x
What do I have to open to be able to send broadcast packeges to the office subnet.
L2TP has ip like 10.0.13.x
Office Subnet has 192.168.123.x
0
Best Answers
-
WebWorks said:
This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?valerio_vanni said:Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.0 -
Thanks for the long and complete answer. I figured about the same.valerio_vanni said:WebWorks said:
This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?valerio_vanni said:Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
Now I solved the problem with a internal website, based on iis and a wol asp net script.
Runs like a charm and avoids all the problems.1
Ally Member
All Replies
-
Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".0
-
Unfortunately... a relay. Even a RaspBerry Pi, but outside the phisical layer, most of the WOL packets are not routable. (there are some exceptions, but the "rule of thumb" i wrote up here quite matches most of the cases)WebWorks said:What do I have to open to be able to send broadcast packages to the office subnet.
0 -
This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?valerio_vanni said:Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".0 -
0
-
WebWorks said:
This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?valerio_vanni said:Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.0 -
Thanks for the long and complete answer. I figured about the same.valerio_vanni said:WebWorks said:
This means a security rule from IPSEC_VPN TO ZyWall, VPN-Range TO Lan1Subnet, Any_UDP Allow should solve the problem?valerio_vanni said:Zyxel devices don't support broadcasts directed to remote subnet.They are catched from receiver firewall and considered "_to_Zywall" instead of "_to_LAN/DMZ/etc".Security rules aren't an issue, here. Nothing is rejectred: you could set allow from everywhere to everywhere, and you'd get same result.The issue is that a broadcast packet is not broadcasted but is taken by Zywall itself, like a little fish going into a whale's mouth.Perhaps you should try with a policy route with option "overwrite direct route", but I'm not confident it will work, people from Zyxel are saying that remote broadcast is something unsupported.You should set up a WOL proxy: a machine on remote network that gets a normal (I mean unicast) package and then broadcasts on LAN.
Now I solved the problem with a internal website, based on iis and a wol asp net script.
Runs like a charm and avoids all the problems.1
Guru Member
Zyxel Employee
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
