Wake-On-Lan script for VM on Proxmox host

G

gregorypeck

New Member
Nov 30, 2019
16
0
1
Wake-On-Lan workaround for VM on Proxmox host​


Unfotunately it appears that a "normal" WOL procedure is not supported by the virtualized network cards of a VM.
Therefore I would be grateful if somebody could help me with a quick bashscript as a workaround.

Idea (unless somebody has another simple idea):
I have a VM (vmid 101) with the MAC address 76:ED:A4:3C:15:2B, and IP 1.1.1.81 which is turned off.

A simple bashscript on the Proxmox host continuousy listens in the backround.

For example something alike:
nc -ul 9
"|" sends the output to the next command grep, which then looks for the MAC address 76:ED:A4:3C:15:2B , and if it is recognized then the command

qm start 101
is run.

Can somebody please help me write this script? I would do it on my own, but sadly my knowledge of bash is insufficient.
Thank you very much.
 
Last edited:
Thanks, o
ojaksch said:
I did something like this as a proof of concept here some years ago. Have a look and enjoy WOL (and more) with VMs.
Click to expand...

Thanks, I think what you did is wonderfully designed, but far too complex for my needs.

I have something a bit simpler as a script running on the Proxmox host. I tested it and it works for the wakeonlan script (http://manpages.ubuntu.com/manpages/trusty/man1/wakeonlan.1.html):

nc -dknl -p 9 -u |
stdbuf -o0 xxd -c 6 -p |
stdbuf -o0 uniq |
stdbuf -o0 grep -v 'ffffffffffff' |
while read ; do
MAC=${REPLY:0:2}:${REPLY:2:2}:${REPLY:4:2}:${REPLY:6:2}:${REPLY:8:2}:${REPLY:10:2};
echo Received Address: $MAC
if [ "$MAC" == "0c:d2:92:48:68:9b" ]
then echo STRATE VM!
qm start 101
fi
done

Question:
1. Do you see any security risk? Could the Proxmox server running above script be exploited, as netcat listens on Port 9 UDP? Naturally, anyone in the network could start a VM, but is there another risk?

2. I believe above script would not work if I use wakeonlan via VPN (FritzBox), right, as the Mac Adress is not routed via VPN?

Any comments much appreciated.
 
gregorypeck said:
Thanks, o


Thanks, I think what you did is wonderfully designed, but far too complex for my needs.

I have something a bit simpler as a script running on the Proxmox host. I tested it and it works for the wakeonlan script (http://manpages.ubuntu.com/manpages/trusty/man1/wakeonlan.1.html):

nc -dknl -p 9 -u |
stdbuf -o0 xxd -c 6 -p |
stdbuf -o0 uniq |
stdbuf -o0 grep -v 'ffffffffffff' |
while read ; do
MAC=${REPLY:0:2}:${REPLY:2:2}:${REPLY:4:2}:${REPLY:6:2}:${REPLY:8:2}:${REPLY:10:2};
echo Received Address: $MAC
if [ "$MAC" == "0c:d2:92:48:68:9b" ]
then echo STRATE VM!
qm start 101
fi
done

Question:
1. Do you see any security risk? Could the Proxmox server running above script be exploited, as netcat listens on Port 9 UDP? Naturally, anyone in the network could start a VM, but is there another risk?

2. I believe above script would not work if I use wakeonlan via VPN (FritzBox), right, as the Mac Adress is not routed via VPN?

Any comments much appreciated.
Click to expand...
Do you really need this to work via WOL packets? You could simply use the PVE API to achieve such things, see https://pve.proxmox.com/wiki/Proxmox_VE_API
 
Chris said:
Do you really need this to work via WOL packets? You could simply use the PVE API to achieve such things, see https://pve.proxmox.com/wiki/Proxmox_VE_API
Click to expand...

No, it does not have to be a Magic packet. My above solution (nc -dknl -p 9 -u |) could listen to any other port anyway. Unfortunately your PVE API is great but not applicable for our usecase for different reasons.

Therefore I would be grateful for advice regarding my question:
gregorypeck said:
Do you see any security risk? Could the Proxmox server running above script be exploited, as netcat listens on Port 9 UDP? Naturally, anyone in the network could start a VM, but is there another risk?
Click to expand...
 
I have the following script succesfully achieving what is needed:
It starts a VM when netcat receives a transmission, i.e. "temp". The script is as follows:


nc -v -l -w 60 -i 5 -p 21212 |
while read ; do
MAC=${REPLY}; echo Received: $MAC
if [ "$MAC" == "1" ]
then
echo STARTING VM1!
echo Wait 5 Sec sleep 5


elif [ "$MAC" == "temp" ]
then
echo STRATE VM2! /usr/sbin/qm start 1022 fi

Could the Debian running above script be exploited, as Netcat (started by root) listens on Port 21212 (it could of course listen to another port as well if I change that)? Naturally, anyone in the network could start a VM, but is there another risk?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back