WOL into a different VLAN / Subnet


I am searching for a solution to wake a qnap server in a different VLAN (different IP Subnet) with an WOL package from a Windows PC.
In past I have send the wol directly from the PC via a powershell startup script.
Now, as the qnap is in a different subnet this does not work anymore.

Wakeup via Luci-WOL directly from the router works fine;
Is there a way that the router send out the wol package directly to the qnap, triggered via a local script on the windows system?

Thank you, Mark

There is no easy way to send wol packet to other broadcast. Linux drop these broadcast packets (cisco and other proprietary routers have an command to allow forward these packets). You need to do some remark with u32 filters and wol packets send to non-broadcast ip adresse.

I actually sent you this yesterday, but thought I better test it first. Assuming you have WinSCP on your Windows machine, and that you can access the LEDE router by hostname or IP from that machine:

From the Windows command line:

"C:\Program Files (x86)\winscp\winscp.com" /ini=nul /command "open scp://root:password@hostname/ -hostkey=""ssh-rsa 2048 a0:b1:c2:d3:e4:f5:g6:h7:i8:j9:k0:l1:m2:n3:o4:p5""" "call /usr/bin/etherwake -D -i br-lan 00:11:22:33:44:55" "exit"

Obviously you need to substitute the LEDE username:password, the router's hostname or IP, and the router's "hostkey fingerprint" (which displays the first time you run the command with the correct credentials and any wrong fingerprint). You also need to substitute the MAC address of your Qnap box after etherwake. The -i option is for the interface you want the WOL sent over. This is the windows command line version -- but , it can also be done using a WinSCP script file. More details here:


Thank you for that great tip, I will try it out this evening.
Is there a way to greate aditional users with less rights in order to user your proposal with restricted user rights? Or does this work only with root rights? I like to avoid having root password in clear text on within the scripts on the client PCs. Thank you , Mark

Adding additional restricted users can be done, but requires additional packages and configuration. Perhaps an easier way would be to turn the batch file into an exe (so that the password can't be viewed) with this utility:


I used this program many years ago, and it worked fine. Apparently it's still being updated!

I have tried the way via the winscp scripting interface and it works fine. Thank you. However, I am still worried about writing the root password into a script or another tool. Is it possible to create additional user which can not access the configuration of the router? Thank you and best Regards, Mark

Sorry I can't give any specific assistance on adding another user with limited privileges. I've read that it can be done, but I haven't had a need for it myself. It requires adding one or more additional packages and probably some careful modification to permissions.

Hopefully someone else on the forum has done this and can guide you...

BTW, if you strike out, do consider the batch to exe converter I mentioned. This would make the password unreadable on the client machines.


try this. It is working for me.

  • reserve an IP address from DST_NETWORK, which you will use for WOL packets.

  • set static arp for this IP address to ff:ff:ff:ff:ff:ff

  • and run this (maybe you will need additional kernel modules)

tc filter add dev $SOURCE_INTERFACE parent ffff: protocol ip prio 1 u32 match ip dst $BROADCAST_OF_DST_NETWORK action nat ingress $BROADCAST_OF_DST_NETWORK $IP_YOU_WILL_USE_FOR_WOL

of course replace $VAR :slight_smile: