Fog and Pfsense 2.7
-
hello, does fog work on a LAN with a pfsense version 2.7 as dhcp server. I tried to configure it but no client can boot in PXE.
Thanks in advance,
El Chapulin -
@elchapulin Yes it does. (saying these instructions from memory) in the dhcp server there is a section under advanced for netbooting (its not called pxe booting). There was 4 or 5 fields. One for bios, that takes the value of: undionly.kpxe, one for 64 bit uefi: ipxe.efi, and one for 32 bit efi: i386/ipxe.efi and maybe one for ARM processors. There should be a field for next server or boot server IP. That will be the IP address of your fog server.
I seem to recall a section on tftp, that section is not used for net booting.
-
Thank you for your answer, below is the configuration on my Pfsense
-
@elchapulin This should work for pxe booting except the 32 bit field is bad. It should be i386/ipxe.efi but that probably isn’t your problem since 32 bit uefi systems are rare.
So when you say the pxe client can’t boot, what errors do you see?
Is the fog server, dhcp server and pxe booting client on the same subnet? If yes then we should grab a pcap of the pxe booting process from the fog server using: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue?_=1694459465428 You can look at the output with wireshark.In the DISCOVER statement in dhcp options 93 or 94 the pxe booting computer will tell its arch. The dhcp server will take that statement and then (should) seen the proper boot file info in dhcp options 67 as well as the boot-file field in the ethernet header of the OFFER statement. The OFFER statement comes from the dhcp server. If you have only pfsense as your dhcp server then you should have only one OFFER statement, if you see more than one you have multiple dhcp servers on your network.
If you can’t figure it out with wireshark, upload the pcap to a file share site and post the link here or DM me the link with FOG forum chat. I’ll take a look at it.
Also one additional comment, if you have uefi system make sure secure boot is turned off or the firmware will reject ipxe from loading.
-
@elchapulin
Hello, thank you for your feedback.I modified it for 32 bis, the problem remains the same.
In PXE UEFI nothing happens.
In BIOS, here is the error message
DHCP (pfsense) and FOG are in the same network.
THANKS
-
@elchapulin Ok follow the instructions to get the pcap. That will tell us what the target computer is being asked to do. With a bios computer it should just work.
-
Sorry I’m new to Linux, I hope it workedoutput.pcap
-
@elchapulin You created the pcap perfectly.
I can see the pxe booting computer is in bios mode.
Looking at the dhcp OFFER packet, I see in the header the next-server is 192.168.1.22 and the boot file is undionly.kpxe. What is strange is in the dhcp options there is only dhcp option 66 which again points to 192.168.1.22. The issue is there is no dhcp option 67. All 4 fields need to be filled out. Its strange that pfsense is doing this…
Lets try this, in your screen shot the tftp server field is filled out, but that is in a different section than netbooting. Lets remove the tftp server value under the tftp section, but lets leave the next-server field set correctly under network booting. I think the tftp section is overriding the netbooting section.
-
@george1421 Hello, I deleted the TFTP section but it doesn’t work, sorry
-
I am experiencing this problem also. Same setup in hyper-v environment.
-
These should be the steps needed to configure network/pxe booting using pfsense firewall: https://forums.fogproject.org/topic/17021/how-to-configure-pfsense-for-netbooting
-
@george1421
Thanks
Im pretty sure i have those settings in place but i will check them when im back at office next monday.
Pfsense, Fogserver and workstarion are in same lan segment so problem cannot be in firewall rules either. -
I reinstalled Fog server according to this video: https://www.youtube.com/watch?v=uleFAPmCo7Y
Adjusted Pfsense settings for fog (Thanks for these george) :
Enable DHCP server on LAN interface
Enable network booting
Next Server: FOG palvelimen IP
Default BIOS file name: undionly.kpxe
UEFI 32 bit file name: i386-efi/snponly.efi
UEFI 64 bit file name: snponly.efi
ARM 64 bit file name: arm64-efi/snponly.efiNote: In Hyper-V 1 generation (BIOS) virtual machines work just fine… BUT you have to disable secure boot if you use 2nd gen virtual machines.
-
I also noticed that if you use Windows Server DHCP you need to add Server options for DHCP as follows:
066 Boot Server Host Name:: ip or host name of FOG server
067 Bootfile Name: ipxe.efi (for UEFI system)So do not use snponly.efi (for efi systems) or undionly.kpxe (for bios systems) as you would use if using pfsense as dhcp server.
Googlein around gave different options for 067 Bootfile Name but as im usin EFI in Hyper-V ipxe.efi seems to work. Also you need to disable secure boot in Hyper-V settings in client virtual machines.
-
@jouni-jokelainen said in Fog and Pfsense 2.7:
Adjusted Pfsense settings for fog (Thanks for these george) :
I guess this topic is solved then. Please open a new issue if you have more questions (not related to pfSense).
-