wol-on-conn is a simple, yet very useful script, to wake up server by MagicPacket(tm) generated on OpenWrt / LEDE router and triggered by incoming connection. Are you getting what I mean? No? So, imagine that you have installed the server, no matter what, eg. ftp, http, ssh. You and some of your friends use this server, but honestly only occasionally. You don’t want to run server 24 hours / day. Of course, you can give the MAC address of the server to your friends, so they can awake server by themselves. But what if your friends associate MAC only with the burgers, or they are likely to share your MAC with others? Therefore, it would be best to awake server by itself, when an incoming connection is reaching your router and then to put server asleep when idle. Isn’t it cool?
My solution requires a router with installed alternative firmware like: LEDE, OpenWrt, Gargoyle or even DD-WRT. If you are not familiar with these terms, I encourage you to read my old posts: Gargoyle – instalacja, aktualizacja, usuwanie and OpenWrt vargalex build – tutorial. And in addition for those unfamiliar with the Wake on LAN I recommend reading also my previous articles: Wake on LAN przez Internet , which will you learn how to adapt computer to be waken up the MagicPacket(tm) and Wake on LAN z OpenWrt / DD-WRT will you learn how to send MagicPacket(tm) over Internet to OpenWrt router.
Automatic waking up server on incoming connection
So we need to monitor all connections passing through the router. For this purpose it will be necessary to install the package conntrack-tools. In addition, the script wol-on-conn requires IP address calculator owipcalc and of course a tool to generate MagicPacket(tm) in LAN etherwake:
|
1 2 |
opkg update opkg install conntrack-tools etherwake owipcalc |
The command conntrack -L will return all connections passing through the router. It is worth a try. Pretty large output, isn’t it? Fortunately, the command conntrack has a number of switches to limit the returned output. I encourage you to read the official manual. One of the switches will allow to filter connections by their state. The TCP connection can be in several states. It is explained well on this page. The state, we will be most interested in is SYN_SENT. TCP connection is in a state SYN_SENT when the client sents the packet with SYN flag and waits for a response from the server – SYN+ACK. At this very moment we will wake up the server to allow connection to be established. The state ESTABLISHED means just that the connection is established and data transmission in both directions continues.
The script wol-on-conn
Take a look at the script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
#!/bin/ash # ### BEGIN INIT INFO # Provides: wol-on-conn # Short-Description: Wakes up server on incoming connection # Homepage: http://jazz.tvtom.pl/waking-server-incoming-connection/ # Requires: conntrack curl etherwake owipcalc ### END INIT INFO # SERVERS='192.168.1.150,3389,11:22:33:44:55:66 192.168.1.150,8089,11:22:33:44:55:66 192.168.1.200,3389,aa:bb:cc:dd:ee:ff 192.168.1.250,21,55:66:77:88:99:aa 192.168.1.250,22,55:66:77:88:99:aa 192.168.1.250,80,55:66:77:88:99:aa 192.168.1.250,443,55:66:77:88:99:aa 192.168.1.250,3389,55:66:77:88:99:aa 192.168.1.250,10000,55:66:77:88:99:aa 192.168.1.250,20000,55:66:77:88:99:aa' CLIENTS='192.168.1.0/24 111.111.111.111 222.222.222.222 333.333.333.333' REGIONNAMES='Mazovia' TEMPFILE='/mnt/sda3/wol-on-conn.temp' LOGFILE='/mnt/sda3/wol-on-conn.log' while true ; do sleep 1 for string in $SERVERS ; do IFS=',' read ip port mac <<-EOF $string EOF conntrack -L -p tcp --reply-src $ip --reply-port-src $port --state SYN_SENT 2>/dev/null > $TEMPFILE while read clientip ; do clientip=${clientip##*SYN_SENT src=} clientip=${clientip%% *} for range in $CLIENTS ; do if [ `owipcalc $range contains $clientip` == 1 ] ; then etherwake -i br-lan $mac if [ $LOGFILE ] ; then echo "`date` Sent MagicPacket(tm) to $mac on connection from $clientip to $ip:$port" >> $LOGFILE fi fi done string=`curl -s https://freegeoip.app/csv/$clientip` IFS=',' read clientip country_code country_name region_code region_name city zip_code time_zone latitude longitude metro_code <<-EOF $string EOF for range in $REGIONNAMES ; do if [ $region_name == $range ] ; then etherwake -i br-lan $mac if [ $LOGFILE ] ; then echo "`date` Sent MagicPacket(tm) to $mac on connection from $clientip to $ip:$port" >> $LOGFILE fi fi done done < $TEMPFILE done done |
The script wol-on-conn for proper operation requires the definition of several parameters
SERVERS– defines servers to be awaken in a specified format:ip,port,mac, both IP and port are internal;CLIENTS– due to the fact that our servers, virtually every moment, are visited for the multiple purposes of both evil (eg. to log on as root with the password admin) and good (eg. to index web pages), we must limit the pool of IP addresses from which it will be possible to wake up the server. The first, most obvious, group of trusted IP addresses is our LAN192.168.1.0/24, other trusted addresses you can define yourself, in published version of the script I left address range of Polish mobile network Orange:46.134.0.0/16. These addresses can be given in virtually any format:- as a single IP address eg.
192.168.1.1, - in CIDR notation eg.
192.168.1.0/24lub - in subnet mask notation eg.
192.168.1.0/255.255.255.0;
- as a single IP address eg.
TEMPFILE– temporary file, which is required for proper operation of the script;LOGFILE– optional log file, when you set up and test the script can be completely disable logging.
There is one thing to be done – you need to run the script wol-on-conn on reboot of the router. For this purpose, in the file /etc/rc.local of course before the last command exit 0 add the line:
|
1 |
/mnt/sda3/bin/wol-on-conn & |
or similar, depending on the location of the script.
wol-on-conn in practice
The script works great, but a lot depends on the awaken computer. The time between the connection attempt and the computer waking should be as short as possible. The shortest time is when waking the computer from S3 ACPI (the state of sleep, standby, suspend to RAM, STR). The great help in putting computer in S3 state can serve the command PowerNap, which I mention in the last section. But even when waking from S3 state, delay may be large enough to make the connection not established (as I said before it depends on the hardware). In this case, try increase the time limit for response from the server. Search for this option in the configuration section of the client. The screenshot below shows the configuration window of WinSCP – in my opinion the best SCP / SFTP / FTP client with default value of 15 seconds that are perfectly adequate. If you can not find a similar option in your client or simply it does not exist at all, like a postman you will have to knock on the server twice. The first to wake it up, and second, to talk 🙂
WinSCP – Limit czasu na odpowiedź serwera
WINS server on OpenWrt / LEDE
Finally, we will install a WINS server on the router with OpenWrt / LEDE. The WINS server is a centralised name server for LAN. Thanks to it we can refer to computers on the local network by their NetBIOS names even when they are suspended. You will certainly agree with me that it is easier to use the name of the server rather than its IP address. In order to start WINS server we will edit /etc/samba/smb.conf.template:
|
1 |
nano /etc/samba/smb.conf.template |
And add or change the following entries in the [global] section of the template. Probably only highlighted lines you need to add or change.
|
1 2 3 4 5 6 7 |
[global] domain master = yes local master = yes name resolve order = wins lmhosts hosts bcast os level = 99 preferred master = yes wins support = yes |
Then restart Samba server:
|
1 |
/etc/init.d/samba reload |
Finally, configure dnsmasq server to broadcast the WINS server IP address via DHCP to the clients on the LAN:
|
1 2 3 |
uci add_list dhcp.lan.dhcp_option="44,192.168.1.1" uci commit dhcp /etc/init.d/dnsmasq reload |
PowerNap – suspending idle server
At the end it remains for me nothing but encourage you to read the article, which perfectly complements the topics raised PowerNap – usypianie bezczynnego serwera