DHCP Proxy for FOG

Wayne Workman

I’m going to send him to CloneDeploy Proxy DHCP

Sebastian Roth

Great to hear that he’s been onto this. But still I think it would be good to get our own proxy up as changes in dnsmasq will take months and years till they reach upstream in debian and all the other systems. What do you think?

Yeah pointing him to CloneDeploy Proxy DHCP is definitely a good hint. I am pretty sure that it has to do with PXE prompt which dnsmasq always sends (you cannot do PXE in proxy mode without it as far as I understand the source code) but most UEFI firmwares don’t seam to like it.

Edit: And dnsmasq does not allow dhcp-match in proxy mode which makes it impossible to use with Mac OS clients.

Wayne Workman

@Uncle-Frank I think we should still press forward with our own build of ProxyDHCP.

I just wanted to press the issue with dnsmasq and get the ball rolling - because I’d like to see a working ProxyDHCP included in Linux repos and OSs in the future.

More options are better than less options.

Sebastian Roth

There is a little update on this topic. Although I didn’t have much time I’ve been playing with Node.js/Javascript code in the last too weeks and I have a pre-alpha version of a DHCP Proxy running. It’s able to attend my local isc-dhcpd as a proxy to boot normal BIOS PCs via PXE. The code is a big mess and there are still a lot of things to consider (EFI, MacOS and so forth) but we are on our way.

Sebastian Roth

Next update on this: I ran into an annoying issue with the PXE ROM we have in most of our client PCs (Intel 82579LM GbE). Still working on this together with the iPXE devs. But BIOS and UEFI are both working!

Wayne Workman

This has FOG written all over it… just found this in my in-box from the dnsmasq newsletter (Simon sends them out about every day).

---------- Forwarded message ----------
From: <dnsmasq-discuss-request@lists.thekelleys.org.uk>
Date: Nov 18, 2015 1:28 PM
Subject: Dnsmasq-discuss Digest, Vol 126, Issue 14
To: <dnsmasq-discuss@lists.thekelleys.org.uk>
Cc: 

Send Dnsmasq-discuss mailing list submissions to
        dnsmasq-discuss@lists.thekelleys.org.uk

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
or, via email, send a message with subject or body 'help' to
        dnsmasq-discuss-request@lists.thekelleys.org.uk

You can reach the person managing the list at
        dnsmasq-discuss-owner@lists.thekelleys.org.uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dnsmasq-discuss digest..."


Today's Topics:

   1. Re: dnsmasq proxy with uefi pxe not working (Michael Kuron)
   2. Re: How small is a 'small network'? (Norman Gray)
   3. question about the host-record= example (Olaf Hering)
   4. Re: dnsmasq proxy with uefi pxe not working (Louis Garcia)


----------------------------------------------------------------------

Message: 1
Date: Wed, 18 Nov 2015 15:54:30 +0100
From: Michael Kuron <michael-lists@physcip.uni-stuttgart.de>
To: dnsmasq-discuss@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] dnsmasq proxy with uefi pxe not working
Message-ID:
        <4D80900C-DB61-4F15-8179-3ED0B4361308@physcip.uni-stuttgart.de>
Content-Type: text/plain; charset="utf-8"

In proxy mode, you can leave out the dhcp-boot lines. Also, note that some hardware incorrectly reports an architecture of 9 (BC_EFI) instead of 7 (X86-64_EFI), so in general you?ll need to have lines for both in your config.
I assume you?re using my patch from October 31st? The pxe-service line for EFI should not have a file extension, .efi is added automatically. Also, I?ve never needed dhcp-no-override or dhcp-option in proxy mode.

A Wireshark trace on UDP ports 67, 68, 69 and 4011 is generally the most useful thing to help you debug the issue. Check if the server address and file name are correctly sent to the client and make sure it requests the TFTP download correctly. The log output you sent looks fine.

Michael

> On 17.11.2015, at 20:48, Louis Garcia <louisgtwo@gmail.com> wrote:
>
> I have a dns proxy running on F23 and configured for older BIOS pxe and all is working. On newer uefi I get a ip assigned and get to the "Press F8 for the Menu." After that everything quits and returns to the bios. Here is some info. If there are more debugging options let me know? I am running dnsmasq-2.75 with a patch from Michael Kuron earlier on this list.
>
>
> /etc/dnsmasq.conf
>
> # Configuration file for dnsmasq:
>
> # Turn on the debugging
> log-dhcp
>
> # Don't function as a DNS server
> port=0
>
> # kill multicast
> dhcp-option=vendor:PXEClient,6,2b
>
> # Disable re-use of the DHCP servername and filename fields as extra
> # option space. That's to avoid confusing some old or broken DHCP clients.
> dhcp-no-override
>
> # This range(s) is for the public interface, where dnsmasq functions
> # as a proxy DHCP server providing boot information but no IP leases.
> # Any ip in the subnet will do, so you may just put your server NIC ip here.
> dhcp-range=192.168.0.5,proxy
>
> # Set the boot filename for netboot/PXE. You will only need this if you want to
> # boot machines over the network and you will need the built in TFTP server.
>
> # BIOS PXE clients
> dhcp-boot=pxelinux.0
>
> # UEFI PXE clients
> dhcp-match=set:efi-x86_64,option:client-arch,7
> dhcp-boot=tag:efi-x86_64,uefi/shim.efi
>
> #pxe-prompt="What system shall I netboot?", timeout before first available action is taken:
> pxe-prompt="Press F8 for the Menu.", 5
>
> #Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
> pxe-service=x86PC, "Install Fedora Workstation, (BIOS)", pxelinux
>
> #Loads <tftp-root>/uefi/shim.efi from dnsmasq TFTP server.
> pxe-service=X86-64_EFI, "Boot From Network, (UEFI)", uefi/shim.efi
>
> # Enable dnsmasq's built-in TFTP server
> enable-tftp
>
> # Set the root directory for files available via FTP.
> tftp-root=/srv/tftpboot
>
>
> logs:
>
> systemd[1]: Started DNS caching server..
> dnsmasq[1897]: started, version 2.75 DNS disabled
> systemd[1]: Starting DNS caching server....
> dnsmasq[1897]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
> dnsmasq-dhcp[1897]: DHCP, proxy on subnet 192.168.0.5
> dnsmasq-tftp[1897]: TFTP root is /srv/tftpboot
> dnsmasq-dhcp[1897]: 1005692705 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 1005692705 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 1005692705 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 1005692705 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 1005692705 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 1005692705 broadcast response
> dnsmasq-dhcp[1897]: 1005692705 sent size:  1 option: 53 message-type  2
> dnsmasq-dhcp[1897]: 1005692705 sent size:  4 option: 54 server-identifier  192.168.0.5
> dnsmasq-dhcp[1897]: 1005692705 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 1005692705 sent size: 17 option: 97 client-machine-id  00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 1005692705 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 1005692705 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 378552196 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 378552196 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 378552196 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 378552196 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 378552196 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 378552196 sent size:  1 option: 53 message-type  5
> dnsmasq-dhcp[1897]: 378552196 sent size:  4 option: 54 server-identifier  192.168.0.5
> dnsmasq-dhcp[1897]: 378552196 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 378552196 sent size: 17 option: 97 client-machine-id  00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 378552196 sent size: 38 option: 43 vendor-encap  06:01:08:0a:1d:05:50:72:65:73:73:20:46:38...
> dnsmasq-dhcp[1897]: 1005692706 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 1005692706 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 1005692706 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 1005692706 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 1005692706 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 1005692706 broadcast response
> dnsmasq-dhcp[1897]: 1005692706 sent size:  1 option: 53 message-type  2
> dnsmasq-dhcp[1897]: 1005692706 sent size:  4 option: 54 server-identifier  192.168.0.5
> dnsmasq-dhcp[1897]: 1005692706 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 1005692706 sent size: 17 option: 97 client-machine-id  00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 1005692706 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 1005692706 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 735833248 available DHCP subnet: 192.168.0.5/255.255.255.0 <http://192.168.0.5/255.255.255.0>
> dnsmasq-dhcp[1897]: 735833248 vendor class: PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 735833248 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 735833248 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 735833248 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 735833248 sent size:  1 option: 53 message-type  5
> dnsmasq-dhcp[1897]: 735833248 sent size:  4 option: 54 server-identifier  192.168.0.5
> dnsmasq-dhcp[1897]: 735833248 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 735833248 sent size: 17 option: 97 client-machine-id  00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 735833248 sent size: 38 option: 43 vendor-encap  06:01:08:0a:1d:05:50:72:65:73:73:20:46:38...
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151118/682d5089/attachment-0001.html>

------------------------------

Sebastian Roth

Thanks for sharing this! Interesting that this guy actually sees the “Press F8 for the Menu.” coming up. Most EFI machines don’t like the menu option sent by dnsmasq. See here: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q1/009296.html

There is a little update on the dhcproxy I am working on. I got Mac OS X working as well. Status: BIOS-ok, UEFI-ok, Mac OS X-ok

Code is still a mess and this is just my setup/machines. Hope someone is willing to give this a try at some point. Send me a message if you’re keen.

TheOverseer

@Sebastian-Roth Not sure if you’re still working on this but I’d really like to test. I’m building a server for my work and I have to use ProxyDHCP in our network.

Sebastian Roth

@TheOverseer Thanks for asking! I didn’t have much time for the proxy DHCP stuff lately (as I’ll be moving and changing my job soon). I will try to give the code a bit of a cleanup in the next couple of days and will let you know. It’s written in javascript to run with node.js. Are you familiar with node.js? Installing modules with npm…?

Sebastian Roth

@TheOverseer Sorry, took me a while to get things sorted. Here you can find the current version on github now (still alpha): https://github.com/FOGProject/node-dhcproxy

Should run on linux and windows after installing node.js. Extract the archive and take a look at README file for some more details. Run as root on linux (needed to listen on port 67).

Would be great if you can give some feedback on how this is working for you.