• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    UEFI PXE Boot - Pain

    Scheduled Pinned Locked Moved
    FOG Problems
    3
    33
    4.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RogerBrownTDL
      last edited by

      You guys will have already had this as a topic alot I imagine however mine has a little twist. I have a DHCP server running from a Watchguard firewall rather than a Windows server. PXE works fine for legacy boot but we are finding more and more that the option to change laptops to legacy boot are missing and only support UEFI. Is there a way to change/add UEFI option to allow us to continue using FOG?

      D 1 Reply Last reply Reply Quote 0
      • D
        DBCountMan @RogerBrownTDL
        last edited by

        @rogerbrowntdl How is your DHCP server currently configured for PXE boot?

        R 1 Reply Last reply Reply Quote 0
        • R
          RogerBrownTDL @DBCountMan
          last edited by

          @brakcounty

          Currently configured as:
          Code Name Type Kind Value
          150 TFTP Server IP IP Address(es) Predefined 192.168.15.251
          66 TFTP Server Name Text Predefined 192.168.15.251
          67 TFTP Boot Filename Text Predefined undionly.kpxe

          D 1 Reply Last reply Reply Quote 0
          • D
            DBCountMan @RogerBrownTDL
            last edited by DBCountMan

            @rogerbrowntdl Yes very similar to Fortigate. So I have a Fortigate 70D in my offline lab, and have it set up same as you, but for ipxe (UEFI only) boot. DHCP option 67 can only specify one file name. My suggestion is to see if your DHCP server supports DHCP relay. If it does, specify your FOG server IP address. Since your FOG server is already set up to not hand out IP addresses, you should be good to go after that. We have DHCP relay set up on our prod network and both UEFI and Legacy pxe boot work just fine.

            Oh and unfortunately you cannot add UEFI to a legacy device as far as I know. Not sure if it is a hardware or firmware limitation.

            1 Reply Last reply Reply Quote 0
            • R
              RogerBrownTDL
              last edited by

              @brakcounty How is your relay setup? Is it a different server or running from fortigate itself?

              george1421G D 2 Replies Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @RogerBrownTDL
                last edited by george1421

                @rogerbrowntdl https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

                This is the easiest solution, it takes about 10 minutes to setup. If you are running subnets on your network you (after dnsmasq is installed and you remove the pxe boot info from your firewall/router) add the fog server’s IP address as the last server in your dhcp-relay /dhcp-helper service on your subnet router. This is only needed if you need to pxe boot computers not on the same subnet as the fog/dnsmasq server.

                A bit longer answer is that your firewall/routers dhcp server most likely doesn’t support dynamic pxe booting, in that it will change the boot file name based on bios or uefi pxe booting computer.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                R 1 Reply Last reply Reply Quote 0
                • D
                  DBCountMan @RogerBrownTDL
                  last edited by

                  @rogerbrowntdl We have the Fortigate DHCP relay set up with the FOG server IP. I did however have to install dnsmasq on my FOG server and disable tftpd.service. Here is where I found the instructions: https://forums.fogproject.org/topic/12133/fog-on-existing-dhcp-server

                  The code posted by @george1421 needed one line added which is marked below. Just remove the asterisks:

                  # Don't function as a DNS server:
                  port=0
                  
                  # Log lots of extra information about DHCP transactions.
                  log-dhcp
                  
                  **# Enable TFTP
                  enable-tftp**
                  
                  # Set the root directory for files available via FTP.
                  tftp-root=/tftpboot
                  
                  # The boot filename, Server name, Server Ip Address
                  dhcp-boot=undionly.kpxe,,<fog_server_IP>
                  
                  # Disable re-use of the DHCP servername and filename fields as extra
                  # option space. That's to avoid confusing some old or broken DHCP clients.
                  dhcp-no-override
                  
                  # inspect the vendor class string and match the text to set the tag
                  dhcp-vendorclass=BIOS,PXEClient:Arch:00000
                  
                  R 1 Reply Last reply Reply Quote 0
                  • R
                    RogerBrownTDL @george1421
                    last edited by

                    @george1421 @brakcounty

                    So the DHCP server runs off our Watchguard and is a separate network (we have one for our production lan and one for our build lab)

                    I can change the Watchguard interface from a DHCP server to a relay server but that would mean it wouldnt hand out DHCP leases right?

                    george1421G 2 Replies Last reply Reply Quote 0
                    • george1421G
                      george1421 Moderator @RogerBrownTDL
                      last edited by

                      @rogerbrowntdl With this setup the dnsmasq server only provides pxe boot information using the proxydhcp protocol. It does not manage ip address with this configuration. Its intended to augment your existing dhcp server.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      R 2 Replies Last reply Reply Quote 0
                      • george1421G
                        george1421 Moderator @RogerBrownTDL
                        last edited by

                        @rogerbrowntdl We would typically use this if your dhcp server is managed by an outside party, or your dhcp server settings can’t be changed or your dhcp server does not support dynamic pxe booting (pfsense router does by the way so dnsmasq on the fog server isn’t needed here).

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        1 Reply Last reply Reply Quote 0
                        • R
                          RogerBrownTDL @george1421
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • R
                            RogerBrownTDL @george1421
                            last edited by

                            @george1421 So in effect, I just leave the Watchguard as a DHCP server, set option 66 and 150 to point to my FOG box, remove option 67 and then install DNSMasq? Or do I remove ALL options from my Watchguard and install DNSMasq?

                            Forgive my lack of knowledge on the subject lol. How does the PXE request then get to the FOG server? Does the client, send a DHCP request to the Watchguard and then a broadcast for PXE or do I need to leave something in the Watchguard to tell the client to go to FOG?

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              DBCountMan @RogerBrownTDL
                              last edited by DBCountMan

                              @rogerbrowntdl dnsmasq runs on the FOG server to detect architecture and boot type then serve the boot files over tftp. This is my understanding of how it all works:
                              PC sends DHCP server a request for an IP address with a pxe packet.
                              DHCP assigns an IP address then directs (relays) the PC to the FOG server.
                              FOG Server handles this request by sending either undionly.kpxe or ipxe.efi depending on the architecture of the PC (dnsmasq tftp service).
                              PC downloads and executes the correct file.
                              After that FOG loads the boot menus.

                              R 1 Reply Last reply Reply Quote 1
                              • R
                                RogerBrownTDL @DBCountMan
                                last edited by

                                @brakcounty Thats my question really, do I need to leave a setting in (66 67 or 150) to tell the Watchguard to send the PXE request to FOG? I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot

                                george1421G 2 Replies Last reply Reply Quote 0
                                • george1421G
                                  george1421 Moderator @RogerBrownTDL
                                  last edited by

                                  @rogerbrowntdl said in UEFI PXE Boot - Pain:

                                  do I need to leave a setting in (66 67 or 150)

                                  For clarity I would remove them from watchguard dhcp. Actually dhcp option 150 is not a thing at least for pxe booting. From a functional standpoint proxydhcp will override the values provided in the dhcp packet. The advantage of running dnsmasq on the FOG server is that when the fog server is not running, no pxe boot information will be handed out. All clients will boot normally, but this is also the issue with leaving unmanaged settings in dhcp where sometime down the road if the fog server isn’t running things might behave a bit unexpected if the old dhcp settings are found by the client computers.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                  1 Reply Last reply Reply Quote 0
                                  • george1421G
                                    george1421 Moderator @RogerBrownTDL
                                    last edited by

                                    @rogerbrowntdl said in UEFI PXE Boot - Pain:

                                    I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot

                                    With the proxy dhcp response that tells the target computer once you have an ip address speak to this server (the fog server’s dnsmasq) to get the pxe boot information. Other than setting up dnsmasq there is nothing else that needs to be touched (as long as the fog server and pxe booting clients are on the same subnet)

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      RogerBrownTDL @DBCountMan
                                      last edited by

                                      @brakcounty You mention you had to disable tftpd.service and yet your line in that code says “enable-tftp” Are they different things? (Yes I’m a noob to all this but up until recently FOG was a mint replacement to the shitty MDT box we had - Just damn manufacturers now stopping legacy option in bios means i’m forced to change this to UEFI)

                                      D 1 Reply Last reply Reply Quote 0
                                      • D
                                        DBCountMan @RogerBrownTDL
                                        last edited by

                                        @rogerbrowntdl Yes they are two different services. tftpd is what FOG uses by default. The TFTP protocol listens on TCP port 69, so two services cannot listen on the same port at the same time.

                                        R 1 Reply Last reply Reply Quote 0
                                        • R
                                          RogerBrownTDL @DBCountMan
                                          last edited by

                                          @brakcounty Okay makes sense… dnsmasq was already installed and configured… Weird that it wouldnt boot before (hence we had to go the legacy option I believe) however now when I try and start dnsmasq it tells me to piss off because 69 is already in use?

                                          "[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server…
                                          [624]: dnsmasq: syntax check OK.
                                          [678]: dnsmasq: failed to create listening socket for port 69: Address already >
                                          [678]: failed to create listening socket for port 69: Address already in use
                                          [678]: FAILED to start up
                                          [1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGU>
                                          [1]: dnsmasq.service: Failed with result ‘exit-code’.
                                          [1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.

                                          george1421G D 2 Replies Last reply Reply Quote 0
                                          • george1421G
                                            george1421 Moderator @RogerBrownTDL
                                            last edited by george1421

                                            @rogerbrowntdl said in UEFI PXE Boot - Pain:

                                            [678]: dnsmasq: failed to create listening socket for port 69: Address already >

                                            This kind of indicates you did not follow the config file exactly. Since dnsmasq should not attempt to use tftp port with this configuraiton. Please post your complete ltsp.conf file here for review.

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                            R 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post

                                            188

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project