• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

UEFI PXE Boot - Pain

Scheduled Pinned Locked Moved
FOG Problems
3
33
4.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DBCountMan @RogerBrownTDL
    last edited by DBCountMan May 16, 2022, 9:23 AM May 16, 2022, 3:20 PM

    @rogerbrowntdl Yes very similar to Fortigate. So I have a Fortigate 70D in my offline lab, and have it set up same as you, but for ipxe (UEFI only) boot. DHCP option 67 can only specify one file name. My suggestion is to see if your DHCP server supports DHCP relay. If it does, specify your FOG server IP address. Since your FOG server is already set up to not hand out IP addresses, you should be good to go after that. We have DHCP relay set up on our prod network and both UEFI and Legacy pxe boot work just fine.

    Oh and unfortunately you cannot add UEFI to a legacy device as far as I know. Not sure if it is a hardware or firmware limitation.

    1 Reply Last reply Reply Quote 0
    • R
      RogerBrownTDL
      last edited by May 16, 2022, 3:34 PM

      @brakcounty How is your relay setup? Is it a different server or running from fortigate itself?

      G D 2 Replies Last reply May 16, 2022, 3:37 PM Reply Quote 0
      • G
        george1421 Moderator @RogerBrownTDL
        last edited by george1421 May 16, 2022, 9:39 AM May 16, 2022, 3:37 PM

        @rogerbrowntdl https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

        This is the easiest solution, it takes about 10 minutes to setup. If you are running subnets on your network you (after dnsmasq is installed and you remove the pxe boot info from your firewall/router) add the fog server’s IP address as the last server in your dhcp-relay /dhcp-helper service on your subnet router. This is only needed if you need to pxe boot computers not on the same subnet as the fog/dnsmasq server.

        A bit longer answer is that your firewall/routers dhcp server most likely doesn’t support dynamic pxe booting, in that it will change the boot file name based on bios or uefi pxe booting computer.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        R 1 Reply Last reply May 16, 2022, 3:42 PM Reply Quote 0
        • D
          DBCountMan @RogerBrownTDL
          last edited by May 16, 2022, 3:38 PM

          @rogerbrowntdl We have the Fortigate DHCP relay set up with the FOG server IP. I did however have to install dnsmasq on my FOG server and disable tftpd.service. Here is where I found the instructions: https://forums.fogproject.org/topic/12133/fog-on-existing-dhcp-server

          The code posted by @george1421 needed one line added which is marked below. Just remove the asterisks:

          # Don't function as a DNS server:
          port=0
          
          # Log lots of extra information about DHCP transactions.
          log-dhcp
          
          **# Enable TFTP
          enable-tftp**
          
          # Set the root directory for files available via FTP.
          tftp-root=/tftpboot
          
          # The boot filename, Server name, Server Ip Address
          dhcp-boot=undionly.kpxe,,<fog_server_IP>
          
          # Disable re-use of the DHCP servername and filename fields as extra
          # option space. That's to avoid confusing some old or broken DHCP clients.
          dhcp-no-override
          
          # inspect the vendor class string and match the text to set the tag
          dhcp-vendorclass=BIOS,PXEClient:Arch:00000
          
          R 1 Reply Last reply May 16, 2022, 6:20 PM Reply Quote 0
          • R
            RogerBrownTDL @george1421
            last edited by May 16, 2022, 3:42 PM

            @george1421 @brakcounty

            So the DHCP server runs off our Watchguard and is a separate network (we have one for our production lan and one for our build lab)

            I can change the Watchguard interface from a DHCP server to a relay server but that would mean it wouldnt hand out DHCP leases right?

            G 2 Replies Last reply May 16, 2022, 3:46 PM Reply Quote 0
            • G
              george1421 Moderator @RogerBrownTDL
              last edited by May 16, 2022, 3:46 PM

              @rogerbrowntdl With this setup the dnsmasq server only provides pxe boot information using the proxydhcp protocol. It does not manage ip address with this configuration. Its intended to augment your existing dhcp server.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              R 2 Replies Last reply May 16, 2022, 3:50 PM Reply Quote 0
              • G
                george1421 Moderator @RogerBrownTDL
                last edited by May 16, 2022, 3:47 PM

                @rogerbrowntdl We would typically use this if your dhcp server is managed by an outside party, or your dhcp server settings can’t be changed or your dhcp server does not support dynamic pxe booting (pfsense router does by the way so dnsmasq on the fog server isn’t needed here).

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • R
                  RogerBrownTDL @george1421
                  last edited by May 16, 2022, 3:50 PM

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • R
                    RogerBrownTDL @george1421
                    last edited by May 16, 2022, 4:23 PM

                    @george1421 So in effect, I just leave the Watchguard as a DHCP server, set option 66 and 150 to point to my FOG box, remove option 67 and then install DNSMasq? Or do I remove ALL options from my Watchguard and install DNSMasq?

                    Forgive my lack of knowledge on the subject lol. How does the PXE request then get to the FOG server? Does the client, send a DHCP request to the Watchguard and then a broadcast for PXE or do I need to leave something in the Watchguard to tell the client to go to FOG?

                    D 1 Reply Last reply May 16, 2022, 4:27 PM Reply Quote 0
                    • D
                      DBCountMan @RogerBrownTDL
                      last edited by DBCountMan May 16, 2022, 10:29 AM May 16, 2022, 4:27 PM

                      @rogerbrowntdl dnsmasq runs on the FOG server to detect architecture and boot type then serve the boot files over tftp. This is my understanding of how it all works:
                      PC sends DHCP server a request for an IP address with a pxe packet.
                      DHCP assigns an IP address then directs (relays) the PC to the FOG server.
                      FOG Server handles this request by sending either undionly.kpxe or ipxe.efi depending on the architecture of the PC (dnsmasq tftp service).
                      PC downloads and executes the correct file.
                      After that FOG loads the boot menus.

                      R 1 Reply Last reply May 16, 2022, 4:30 PM Reply Quote 1
                      • R
                        RogerBrownTDL @DBCountMan
                        last edited by May 16, 2022, 4:30 PM

                        @brakcounty Thats my question really, do I need to leave a setting in (66 67 or 150) to tell the Watchguard to send the PXE request to FOG? I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot

                        G 2 Replies Last reply May 16, 2022, 4:38 PM Reply Quote 0
                        • G
                          george1421 Moderator @RogerBrownTDL
                          last edited by May 16, 2022, 4:38 PM

                          @rogerbrowntdl said in UEFI PXE Boot - Pain:

                          do I need to leave a setting in (66 67 or 150)

                          For clarity I would remove them from watchguard dhcp. Actually dhcp option 150 is not a thing at least for pxe booting. From a functional standpoint proxydhcp will override the values provided in the dhcp packet. The advantage of running dnsmasq on the FOG server is that when the fog server is not running, no pxe boot information will be handed out. All clients will boot normally, but this is also the issue with leaving unmanaged settings in dhcp where sometime down the road if the fog server isn’t running things might behave a bit unexpected if the old dhcp settings are found by the client computers.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                          1 Reply Last reply Reply Quote 0
                          • G
                            george1421 Moderator @RogerBrownTDL
                            last edited by May 16, 2022, 4:39 PM

                            @rogerbrowntdl said in UEFI PXE Boot - Pain:

                            I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot

                            With the proxy dhcp response that tells the target computer once you have an ip address speak to this server (the fog server’s dnsmasq) to get the pxe boot information. Other than setting up dnsmasq there is nothing else that needs to be touched (as long as the fog server and pxe booting clients are on the same subnet)

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                            1 Reply Last reply Reply Quote 0
                            • R
                              RogerBrownTDL @DBCountMan
                              last edited by May 16, 2022, 6:20 PM

                              @brakcounty You mention you had to disable tftpd.service and yet your line in that code says “enable-tftp” Are they different things? (Yes I’m a noob to all this but up until recently FOG was a mint replacement to the shitty MDT box we had - Just damn manufacturers now stopping legacy option in bios means i’m forced to change this to UEFI)

                              D 1 Reply Last reply May 16, 2022, 6:23 PM Reply Quote 0
                              • D
                                DBCountMan @RogerBrownTDL
                                last edited by May 16, 2022, 6:23 PM

                                @rogerbrowntdl Yes they are two different services. tftpd is what FOG uses by default. The TFTP protocol listens on TCP port 69, so two services cannot listen on the same port at the same time.

                                R 1 Reply Last reply May 16, 2022, 6:39 PM Reply Quote 0
                                • R
                                  RogerBrownTDL @DBCountMan
                                  last edited by May 16, 2022, 6:39 PM

                                  @brakcounty Okay makes sense… dnsmasq was already installed and configured… Weird that it wouldnt boot before (hence we had to go the legacy option I believe) however now when I try and start dnsmasq it tells me to piss off because 69 is already in use?

                                  "[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server…
                                  [624]: dnsmasq: syntax check OK.
                                  [678]: dnsmasq: failed to create listening socket for port 69: Address already >
                                  [678]: failed to create listening socket for port 69: Address already in use
                                  [678]: FAILED to start up
                                  [1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGU>
                                  [1]: dnsmasq.service: Failed with result ‘exit-code’.
                                  [1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.

                                  G D 2 Replies Last reply May 16, 2022, 6:51 PM Reply Quote 0
                                  • G
                                    george1421 Moderator @RogerBrownTDL
                                    last edited by george1421 May 16, 2022, 12:52 PM May 16, 2022, 6:51 PM

                                    @rogerbrowntdl said in UEFI PXE Boot - Pain:

                                    [678]: dnsmasq: failed to create listening socket for port 69: Address already >

                                    This kind of indicates you did not follow the config file exactly. Since dnsmasq should not attempt to use tftp port with this configuraiton. Please post your complete ltsp.conf file here for review.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                    R 1 Reply Last reply May 16, 2022, 6:55 PM Reply Quote 0
                                    • D
                                      DBCountMan @RogerBrownTDL
                                      last edited by DBCountMan May 16, 2022, 12:54 PM May 16, 2022, 6:54 PM

                                      @rogerbrowntdl Ok so it seems that tftpd might still be running.
                                      First stop and disable the tftpd service

                                      sudo systemctl stop tftpd.service && sudo systemctl disable tftpd.service
                                      

                                      Make sure dnsmasq isn’t running

                                      sudo systemctl stop dnsmasq.service
                                      

                                      Edit/Create a file called ltsp.conf in the /etc/dnsmasq.d directory

                                      sudo nano /etc/dnsmasq.d/ltsp.conf
                                      

                                      Paste the following code and replace <fog_server_IP> with your FOG server’s IP address

                                      # Don't function as a DNS server:
                                      port=0
                                      
                                      # Log lots of extra information about DHCP transactions.
                                      log-dhcp
                                      
                                      # Enable TFTP
                                      enable-tftp
                                      
                                      # Set the root directory for files available via FTP.
                                      tftp-root=/tftpboot
                                      
                                      # The boot filename, Server name, Server Ip Address
                                      dhcp-boot=undionly.kpxe,,<fog_server_IP>
                                      
                                      # Disable re-use of the DHCP servername and filename fields as extra
                                      # option space. That's to avoid confusing some old or broken DHCP clients.
                                      dhcp-no-override
                                      
                                      # inspect the vendor class string and match the text to set the tag
                                      dhcp-vendorclass=BIOS,PXEClient:Arch:00000
                                      

                                      Then start dnsmasq

                                      sudo systemctl start dnsmasq.service
                                      

                                      Let me know how that works out for you.

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        RogerBrownTDL @george1421
                                        last edited by george1421 May 16, 2022, 12:56 PM May 16, 2022, 6:55 PM

                                        @george1421 My ltsp file:

                                        # Don't function as a DNS server:
                                        port=0
                                        
                                        # Log lots of extra information about DHCP transactions.
                                        log-dhcp
                                        
                                        # Enable TFTP 
                                        enable-tftp <<<<<<I added this bit as per @brakcounty suggested from his config
                                        
                                        # Set the root directory for files available via FTP.
                                        tftp-root=/tftpboot
                                        
                                        # The boot filename, Server name, Server Ip Address
                                        dhcp-boot=undionly.kpxe,,192.168.15.251
                                        
                                        # Disable re-use of the DHCP servername and filename fields as extra
                                        # option space. That's to avoid confusing some old or broken DHCP clients.
                                        dhcp-no-override
                                        
                                        # inspect the vendor class string and match the text to set the tag
                                        dhcp-vendorclass=BIOS,PXEClient:Arch:00000
                                        dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
                                        dhcp-vendorclass=UEFI,PXEClient:Arch:00007
                                        dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
                                        
                                        # Set the boot file name based on the matching tag from the vendor class (above)
                                        dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.15.251
                                        dhcp-boot=net:UEFI,ipxe.efi,,192.168.15.251
                                        dhcp-boot=net:UEFI64,ipxe.efi,,192.168.15.251
                                        
                                        # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
                                        pxe-prompt="Booting FOG Client", 1
                                        
                                        # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
                                        # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
                                        # This option is first and will be the default if there is no input from the user.
                                        pxe-service=X86PC, "Boot to FOG", undionly.kpxe
                                        pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
                                        pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
                                        
                                        dhcp-range=192.168.15.251,proxy
                                        
                                        G 1 Reply Last reply May 16, 2022, 6:57 PM Reply Quote 0
                                        • G
                                          george1421 Moderator @RogerBrownTDL
                                          last edited by george1421 May 16, 2022, 12:58 PM May 16, 2022, 6:57 PM

                                          @rogerbrowntdl said in UEFI PXE Boot - Pain:

                                           # Enable TFTP 
                                          enable-tftp <<<<<<I added this bit as per @brakcounty suggested from his config
                                          

                                          Yeah, lets go and take that out of your config file. FOG installs a tftp service where this setting will conflict. Go ahead and restart dnsmasq after that.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                          D R 2 Replies Last reply May 16, 2022, 6:58 PM Reply Quote 0
                                          • 1
                                          • 2
                                          • 1 / 2
                                          1 / 2
                                          • First post
                                            13/33
                                            Last post

                                          245

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project