WOL Libvirt Gateway
A simple Wake-on-LAN (WOL) gateway service for starting libvirt VMs. It listens for WOL "magic packets" on UDP port 9 (configurable), identifies the target MAC address, and if that MAC address belongs to a defined libvirt VM, it attempts to start that VM using the libvirt API.
This service is designed to be run on the same host as the libvirt daemon and the VMs. It's particularly useful for triggering VM power-on from external tools like Guacamole, which can send WOL packets.
Security Warning
⚠️ SECURITY NOTICE: This service is inherently insecure when exposed to the internet. Wake-on-LAN packets are plaintext and contain no authentication mechanism, besides an optional plaintext "password" that is intentionally ignored as it is insecure. Anyone who can send UDP packets to your service and knows (or can guess) a VM's MAC address can potentially start that VM. Only run this service on trusted local networks, if not localhost only.
Features
- Listens for WOL magic packets.
- Queries libvirt for VM MAC addresses.
- Uses the libvirt API directly to start VMs (no
virshcommand execution). - Configurable listen address and libvirt URI.
Prerequisites
- Rust (for building from source)
- Libvirt installed and running (
libvirtddaemon) - Your libvirt VMs must have their network interfaces configured with static MAC addresses that your WOL client will target
Installation
Usage
Basic Usage
Run the service with default settings:
This will:
- Listen on
127.0.0.1:9(all interfaces, UDP port 9) - Connect to libvirt using
qemu:///system
Command Line Options
Common options:
--listen-address <IP:PORT>- Address and port to listen on (default:127.0.0.1:9)--libvirt-uri <URI>- Libvirt connection URI (default:qemu:///system)
Examples:
# Listen only on localhost, port 9009
# Use session libvirt instead of system
Running as a System Service
systemd Service
Enable and start the service:
Check service status:
Development
Setting up the Development Environment
-
Install libvirt development libraries:
Ubuntu/Debian:
RHEL/CentOS/Fedora:
# or: sudo yum install libvirt-devel pkg-configArch Linux:
-
Clone and build:
-
Run in development mode:
Testing
Run tests:
Sending WOL Packets
You can use tools like wakeonlan or etherwake to send WOL packets. Many network management tools and virtualization platforms (like Guacamole) also have built-in WOL functionality.
Using wakeonlan
Install wakeonlan:
# Ubuntu/Debian
# RHEL/CentOS/Fedora
# Arch Linux
Send a WOL packet:
How it Works
- The service binds to a UDP socket (default
127.0.0.1:9). - When a UDP packet is received, it's checked to see if it's a valid WOL magic packet.
- If valid, the MAC address is extracted from the packet.
- The service connects to the specified libvirt URI.
- It iterates through all defined libvirt domains (VMs).
- For each domain, it parses the XML definition to extract network interface MAC addresses.
- If the MAC from the WOL packet matches a MAC found in a libvirt domain:
- The service checks the current state of that domain.
- If the domain is
shutoff,shutdown, orcrashed, the service attempts to start it. - If the domain is already running or in another non-startable state, no action is taken.
- If no domain matches the MAC, a warning is logged.
Troubleshooting
Common Issues
Permission denied connecting to libvirt:
- Ensure the user running the service is in the
libvirtdgroup - Check that
libvirtdservice is running:sudo systemctl status libvirtd - Verify the libvirt URI is correct for your setup
VM not starting:
- Verify the MAC address in your WOL client matches the VM's network interface
- Check VM state:
virsh list --all - Ensure the VM is in a startable state (shutoff, shutdown, or crashed)
- Check libvirt logs:
sudo journalctl -u libvirtd.service
Getting VM MAC Addresses
To find the MAC address of your libvirt VMs:
Logs and Debugging
Check service logs:
# systemd service logs
# If running manually, increase verbosity
RUST_LOG=debug
License
This project is licensed under the Apache 2.0 License. See the LICENSE file for details.