UpSnap is a web application for sending WoL magic packets.

Installation

Once Docker is set up on the correct network segment, create a data directory for the container (likely under an upsnap parent directory) and edit the docker-compose.yaml file to point to this directory.

OpenID Connect Authentication

I use Authentik as my identity management provider and for SSO. This can be setup to work with UpSnap by logging into UpSnap as the admin user and navigating to https://upsnap.domain/_/#/settings/auth-providers (https://wol.brew.foo/_/#/settings/auth-providers for me). Login with the same admin credentials and configure the first OpenID Connect provider in the list. Now, create an Oauth2/OpenID provider and application in Authentik and set the redirect URI to https://upsnap.domain/api/oauth2-redirect. For me, this is https://wol.brew.foo/api/oauth2-redirect. Once you have finished setting up the provider, clicking on it will provide all of the URLs necessary to finish setting up the OpenID provider in UpSnap (set the name to something human readable).

You should now be able to login to UpSnap using Authentik, which will create the user using the username from Authentik. This user will initially have no permissions so log back into UpSnap as the admin and assign appropriate permissions to the new user(s).

Use from a separate VLAN

In order to wake up a computer on a separate VLAN or network segment, be sure to enter its IP address in UpSnap in addition to its MAC address. Then, specify the subnet mask as 255.255.255.255. This will cause UpSnap to use the remote host's IP address specifically as the broadcast address. Since this packet has a L3 IP address, it can be routed to the appropriate network segment. In order to make sure that this works, ensure that any firewall is configured to allow UpSnap WOL packets (port 9) through to the remote host. You may also need to configure a static entry for the remote host in the ARP table so that the packet can be delivered appropriately, even if it has been off for a while.

See here for a more in-depth explanation of why this works.

Windows Ping Response

In order to get the power-on status of a Windows computer running in a separate VLAN from UpSnap, it must be able to respond to UpSnap's pings.

In order to do this, first make sure that ICMP packets are allowed through your firewall (if applicable) from the UpSnap host to the Windows computer. Then, in Windows, open the Windows Defender Firewall with Advanced Security. Go to the Inbound Rules tab and click on New Rule... on the right hand side.

Select Custom as the rule type, All programs as the program to apply the rule to, ICMPv4 as the Protocol type". Next, under the Which remote IP addresses does this rule apply to?heading on theScopepage, selectThese IP addressesand click theAddbutton. In theThis IP address or subnetbox, type the IP address (or subnet in CIDR notation, such as10.0.10.0/24) of the UpSnap server and select OK. Add any other subnets or IP addresses you wish to be able to ping the Windows computer here and then click Next. Select Allow the connectionas theAction, select at least the network type in use under the Profilesection, give the rule a reasonable name, and clickFinish`. Double check that the rule is enabled in the list.

You should now be able to ping the machine from your UpSnap host and see its status in the dashboard.