• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

PXE-E32: TFTP open time out on palo alto dhcp server

Scheduled Pinned Locked Moved Solved
FOG Problems
4
43
7.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Sebastian Roth Moderator
    last edited by Feb 3, 2020, 5:51 PM

    @fernando-martinez There must be something we overlook here but I can seem to get it. You can manually download the file via Windows tftp command so it should work.

    Would you please try to capture a network packet dump on your FOG server when this PXE issue happens so we see what is actually sent over the wire? https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

    G 1 Reply Last reply Feb 3, 2020, 5:56 PM Reply Quote 0
    • G
      george1421 Moderator @Sebastian Roth
      last edited by Feb 3, 2020, 5:56 PM

      @Sebastian-Roth Collecting the pcap from a witness computer if the target is on a different vlan from the FOG server, or from the FOG server to get the best info if the target computer is on the same vlan as the FOG server.

      @fernando-martinez if your target computer is on a different vlan than the fog server install wireshark on a witness computer and use the capture filter of port 67 or port 68

      If the target computers is on the same subnet as the fog server then use the instructions in the tutorial.

      Upload the pcap to a file share site (i.e. google drive, dropbox, etc) and share as public read. Either post the link here or DM either Sebastian or myself and we will look at the pcap and tell you what we see. Be sure to use the capture filter outlined so we do see things we shouldn’t in your packet capture.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 1
      • F
        fernando.martinez
        last edited by Feb 5, 2020, 4:24 PM

        @george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:

        uter is on a different vlan than the fog server install

        @Sebastian-Roth

        85d82d40-b39a-493c-9c7b-cf2a62657089-image.png

        this is de output.pcap.
        Fog Server: 192.168.96.204
        Fog Client: 192.168.96.182

        The server and client are in the same Vlan.
        Do you need more info?

        Thanks

        1 Reply Last reply Reply Quote 0
        • F
          fernando.martinez
          last edited by Feb 5, 2020, 4:29 PM

          @george1421 @Sebastian-Roth

          https://www.dropbox.com/s/fn4b256v81ttvlg/output.pcap?dl=0

          here is the pcap file.

          G 1 Reply Last reply Feb 5, 2020, 4:54 PM Reply Quote 0
          • G
            george1421 Moderator @fernando.martinez
            last edited by george1421 Feb 6, 2020, 4:42 AM Feb 5, 2020, 4:54 PM

            @fernando-martinez I’ll be able to look at the pcap file in detail in a few minutes.

            The first pass at it I see a problem. The client is asking for undionly.kpxe.0 which is an indication that you have a version of dnsmasq on your fog server that is older than version 2.75. Older versions than that always appended .0 for some legacy reason. You should upgrade to a newer version of dnsmaq, but you can trick it by creating a sym link between undionly.kpxe.0 and undionly.kpxe in the /tftpboot directory. You will need to do the same for ipxe.efi to ipxe.efi.0

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 1
            • F
              fernando.martinez
              last edited by Feb 5, 2020, 10:54 PM

              @fernando-martinez said in PXE-E32: TFTP open time out on palo alto dhcp server:

              tftp -i 192.168.96.204 get undionly.pxe

              Dnsmasq version is 2.75, I tried to create a sym link but i have the same problem.

              4738098c-dd6b-4781-b446-d2652f97b756-image.png

              G 1 Reply Last reply Feb 5, 2020, 11:17 PM Reply Quote 0
              • G
                george1421 Moderator @fernando.martinez
                last edited by george1421 Feb 5, 2020, 5:19 PM Feb 5, 2020, 11:17 PM

                @fernando-martinez would you grab another pcap with these links in place?

                What I find strange is that why is it appending the .0 to the file name and why does it appear to request the file and appear to download it. From your picture of the pcap (it appears you deleted the original pcap) the client asks for the file size of undionly.kpxe.0 and it appears to get the file size because it asks for the file next from 96.204. If that file did not exist it should have not attempted to download it but fail on the file size request.

                Edit: Ah I had the version wrong it needs to be 2.76 or later ref: https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

                That config file “should” work with 2.75 but we will see the .0 file name appended onto the file name like we see in the pcap.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by Feb 6, 2020, 7:57 AM

                  @fernando-martinez said in PXE-E32: TFTP open time out on palo alto dhcp server:

                  I tried to create a sym link but i have the same problem.

                  From the picture we see you created the symlinks in the fogproject source directory. You need to create thos in /tftpboot/ directory…

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • F
                    fernando.martinez
                    last edited by Feb 6, 2020, 9:14 AM

                    @Sebastian-Roth @george1421

                    Hello guys! we did it!!
                    I created sym link in /tftpboot directory and i’ts worked!!
                    Now we have to configure.

                    51659567-2d9e-4c67-8b86-ff7ffdc94bee-image.png

                    Many thanks for your help!!!

                    1 Reply Last reply Reply Quote 0
                    • J
                      joanmarzo
                      last edited by Apr 12, 2022, 10:10 AM

                      Hi,

                      I have the same problem, can u help me?

                      1d108129-0540-49bc-a493-aafbced408e0-image.png

                      G 1 Reply Last reply Apr 12, 2022, 12:37 PM Reply Quote 0
                      • G
                        george1421 Moderator @joanmarzo
                        last edited by Apr 12, 2022, 12:37 PM

                        @joanmarzo Are you using a PaloAlto dhcp server too?

                        What specifically do you have defined for dhcp options 66 and 67?

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        J 1 Reply Last reply Apr 12, 2022, 1:05 PM Reply Quote 0
                        • J
                          joanmarzo @george1421
                          last edited by joanmarzo Apr 12, 2022, 7:08 AM Apr 12, 2022, 1:05 PM

                          @george1421 cefe2755-8654-4aaa-8c2f-489ee708622c-image.png

                          Yes, I use palo alto dhcp too and I put this in 66 and 67 options!

                          Thanks!

                          G 1 Reply Last reply Apr 12, 2022, 1:59 PM Reply Quote 0
                          • G
                            george1421 Moderator @joanmarzo
                            last edited by Apr 12, 2022, 1:59 PM

                            @joanmarzo So I take it that 192.168.96.162 is the IP address of the fog server?

                            This is me just making an educated guess. Has the IP address of the fog server changed since FOG was installed? The fog server needs to be configured to use a static IP address before FOG is installed. As I said this is an educated guess but a FOG server IP address of .162 is pretty close to the IP address assigned to the target computer of .206. I might guess they are in the same subnet dhcp scope range. That is why I’m asking if the fog server ip address has changed.

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                            J 1 Reply Last reply Apr 12, 2022, 2:04 PM Reply Quote 0
                            • J
                              joanmarzo @george1421
                              last edited by Apr 12, 2022, 2:04 PM

                              @george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:

                              This is me just making an educated guess. Has the IP address of the fog server changed since FOG was installed? The fog server needs to be configured to use a static IP address before FOG is installed. As I said this is an educated guess but a FOG server IP address of .162 is pretty close to the IP address assigned to the target computer of .206. I might guess they are in the same subnet dhcp scope range. That is why I’m asking if the fog server ip address has changed.

                              7e26fdf0-4086-4ba2-b52c-50a2f3105907-image.png

                              Yes, the IP of fogserver is 192.168.96.162 and I put it and static IP, If u want any information tell to me, thanks a lot

                              G 1 Reply Last reply Apr 12, 2022, 3:02 PM Reply Quote 0
                              • G
                                george1421 Moderator @joanmarzo
                                last edited by Apr 12, 2022, 3:02 PM

                                @joanmarzo Sorry about the slow response its been busy here this AM. So you put the static address in before you installed FOG? OK good. You can confirm that the IP address hasn’t changed between the time you installed FOG and now by inspecting the .fogsettings file more < /opt/fog/.fogsettings There is an IP field in there that indicates the IP address when FOG was installed.

                                If the IP address hasn’t changed then we might suspect your dhcp server is doing something abnormal. If we follow this thread it looks like we used dnsmasq to make everything work in the end.

                                I think in your case since you are using a firewall for a dhcp server and we’ve had issues in the past with firewalls not sending out the right information needed for pxe booting that we go ahead and install dnsmasq on your fog server. In this configuration the dnsmasq program will ONLY supply the pxe booting information all other information will still come from your main dhcp server. The nice thing about this is if you install dnsmasq on your FOG server and then turn off the fog server then all pxe booting will be turned off too.

                                If you follow these instructions you will be up and running with dnsmasq on your fog server in about 10 minutes. https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server
                                If you have multiple subnets you will need to adjust an existing setting in your subnet router if you want to pxe boot on the subnets where your FOG server is not. Other than dealing with subnets, dnsmasq should just work.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                J 1 Reply Last reply Apr 12, 2022, 3:20 PM Reply Quote 0
                                • J
                                  joanmarzo @george1421
                                  last edited by Apr 12, 2022, 3:20 PM

                                  @george1421 cea8d40c-0e07-4284-9a87-659cf73d6a44-image.png

                                  I do the dnsmasq but the fog doesn’t work, any idea? I paste an screenshot about the ltsp.conf

                                  G 1 Reply Last reply Apr 12, 2022, 3:44 PM Reply Quote 0
                                  • G
                                    george1421 Moderator @joanmarzo
                                    last edited by Apr 12, 2022, 3:44 PM

                                    @joanmarzo Did you make sure that the dnsmasq service is running? It should appear here with this command ps aux | grep dnsmasq

                                    It should show you the service name and give you an ip address. If that doesn’t work make sure that you have the linux server firewall turned off. DNSMASQ is a simple tool, it should just work. Your ltsp.conf file looks good. It should just work.

                                    If it not work then we can do some more deeper debugging. We are not out of options now.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                    J 1 Reply Last reply Apr 12, 2022, 3:58 PM Reply Quote 0
                                    • J
                                      joanmarzo @george1421
                                      last edited by Apr 12, 2022, 3:58 PM

                                      @george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:

                                      ps aux | grep dnsmasq

                                      Yes, the dnsmasq it’s work but I have the same error:( if u want we can do an remote session haha

                                      3323e285-cc69-410e-ae5e-c1df9d0e90bc-image.png

                                      G 1 Reply Last reply Apr 12, 2022, 4:01 PM Reply Quote 0
                                      • G
                                        george1421 Moderator @joanmarzo
                                        last edited by Apr 12, 2022, 4:01 PM

                                        @joanmarzo Sorry its not running. Use systemctl enable dnsmasq and then systemctl start dnsmasq to start it. When you do, there will be a second line to the ps command. If it still not running then we need to look at the server log to see what it’s not happy about grep dnsmasq /var/log/messages or grep dnsmasq /var/log/syslog to see of it complains about your ltsp.conf file. I did not see anything wrong with it but I maybe missed something too.

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                        J 1 Reply Last reply Apr 12, 2022, 4:08 PM Reply Quote 0
                                        • J
                                          joanmarzo @george1421
                                          last edited by Apr 12, 2022, 4:08 PM

                                          @george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:

                                          grep dnsmasq /var/log/messages

                                          570ce771-4609-41a2-9c95-8448b9719e59-image.png

                                          I try to initiate the dnsmasq but it doesn’t work

                                          G 1 Reply Last reply Apr 12, 2022, 4:13 PM Reply Quote 0
                                          • 1
                                          • 2
                                          • 3
                                          • 2 / 3
                                          • First post
                                            Last post

                                          147

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project