Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • wip
2 results
Compare
Name Last commit Last update
ci
static
.gitignore
.gitlab-ci.yml
.golangci.yml
COPYING
Makefile
README.adoc
config.go
data.go
go.mod
go.sum
main.go
saml.go
screenshot.png
README.adoc

README

Wake-on-LAN as a service (WOLASS) provides a centralized solution to wake hosts by sending WOL packets. It requires an extra IP address in each network and a static ARP entry on the router (see below) but no extra hardware in each network. It has a simple web interface to manage and wake hosts. User authentication is implemented using SAML. Networks and user permissions are statically configured in a TOML configuration file.

To send WOL packets to remote hosts an extra IP in each network is utilized. This WOL-IP needs a static ARP entry on the router set with the broadcast MAC. WOLASS sends the WOL packet to this address which is then broadcasted by the router. Thanks to https://blog.ipspace.net/2009/03/generating-layer-2-broadcast-from.html for this idea. To prevent misuse of this IP it can be restricted by firewall or ACL.

Authentication is based on SAML and handled in saml.go. The current setup is suited for our local IdP implementation. Change the SAML-attributes for your installation if necessary.

Authorization is based on user name (option Users) or UNIX group membership (option UnixGroups; groups on the system where wolass is running). Additional methods can be implemented easily. Have a look at config.go and isNetworkUserAccesible() in main.go.

Screenshot

Screenshot of the WOLASS web interface showing a list of hosts with links to wake and delete them and a form to add new hosts

Limitations

HTTPS is currently not implemented, use a reverse proxy to terminate HTTPS.

The user data is currently stored in a simple JSON file (written atomatically and durable). This won’t scale for a large number of users and should be replaced with a proper database (e.g. PostgreSQL) when necessary.

Sample router configuration

  • Cisco IOS: arp 192.0.2.254 ffff.ffff.ffff ARPA

Sample config.toml configuration

# Host/Port to listen
Listen = ":8001"
# Path to data (hosts/macs/groups configured by users); written atomically
DataPath = "data.json"

# Configure network and give users "alice", "bob" and "eve" access; also give
# all members of the UNIX group "employee" access
[[Networks]]
Network = '192.0.2.0/24'
WolIP = '192.0.2.254'
Users = [
    'alice',
    'bob',
    'eve',
]
UnixGroups = [
    'employee',
]

[[Networks]]
Network = '198.51.100.0/24'
WolIP = '198.51.100.2'
Users = [
    'eve',
]

[Saml]
RootURL = "https://wol.example.org/"
SPCertPath = "saml-wol-sp.cert"
SPKeyPath = "saml-wol-sp.key"
IdpMetadata = """
...
"""