• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

PXE boot under Fortigate 40C

Scheduled Pinned Locked Moved Solved
FOG Problems
3
10
5.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    Kpax
    last edited by Kpax May 10, 2017, 10:09 AM May 10, 2017, 4:01 PM

    Server
    • FOG Version: 1.3.5 svn Revision 6067
    • OS: Ubuntu 16.04.2 LTS
    Client
    • Service Version:
    • OS: Windows 10 64bit
    Description

    Greetings,

    We got around 80 hosts running win1064bit
    when setup fog as DHCP server all works and able to deploy and capture an image from and too.
    the backwards that its kills the network and i prefer using my FGT to handle traffic and provide DHCP service instead.

    Attache my FGT40C config file:
    FGT firmware version 5.2.5 build 701 (GA)
    0_1494431795737_Capture.JPG

    0_1494432505500_Capture2.JPG

    thanks in advance,
    Kpax

    1 Reply Last reply Reply Quote 0
    • K
      Kpax @george1421
      last edited by May 16, 2017, 12:56 PM

      @george1421

      Hey george1421 some update: ๐Ÿ™‚
      all PC getting IP and seeing the Fog menu for deployment and registration much appreciated again, for direction.

      might be its for new post but wondering I notice one thing that after Deploy image when PC rebooting he is looking for pxe instead load OS, so I need change the BIOS manually to UEFI enabled.
      before the change it was done automatically enable/disable UEFI on BIOS

      thanks ,
      Kpax

      1 Reply Last reply Reply Quote 0
      • G
        george1421 Moderator
        last edited by george1421 May 10, 2017, 1:13 PM May 10, 2017, 7:10 PM

        <edit> Looking at the Fortigate configuration closer I can see one BIG mistake that is causing fog to not be happy. FOG no longer uses pxelinux.0 as a boot kernel. You MUST use one of the current iPXE kernels of undionly.kpxe or ipxe.kpxe or ipxe.efi [for uefi systems]. If you do not follow this warning you will have no joy. </edit>

        We had someone else in the last month or so with the same configuration. What I want you to do is to switch back to using your Fortigate as your dhcp server. Make sure in your environment works as it should (except fog). Once you are sure your Fortigate is functioning as it did then we can work on makeing fog behave like we need. Note: Make sure you disable the dhcp server in FOG or you will have unexpected results

        When your main dhcp server is setup we will install a service on the fog server called dnsmasq. DNSMasq is a ProxyDHCP server, in that we will use dnsmasq to provide the missing pxe boot information that your Fortigate canโ€™t provide.

        Install dnsmasq using your FOG servers linux distribution repository. I think this is the right command for ubuntu sudo apt-get install dnsmasq

        Once that is installed run sudo chkconfig dnsmasq on

        Then paste the contents of the following into /etc/dnsmasq.d/ltsp.conf

        # Don't function as a DNS server:
        port=0
        
        # Log lots of extra information about DHCP transactions.
        log-dhcp
        
        # Set the root directory for files available via FTP.
        tftp-root=/tftpboot
        
        # The boot filename, Server name, Server Ip Address
        dhcp-boot=undionly.kpxe,,<fog_server_IP>
        
        # Disable re-use of the DHCP servername and filename fields as extra
        # option space. That's to avoid confusing some old or broken DHCP clients.
        dhcp-no-override
        
        # inspect the vendor class string and match the text to set the tag
        dhcp-vendorclass=BIOS,PXEClient:Arch:00000
        dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
        dhcp-vendorclass=UEFI,PXEClient:Arch:00007
        dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
        
        # Set the boot file name based on the matching tag from the vendor class (above)
        dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,<fog_server_IP>
        dhcp-boot=net:UEFI,ipxe.efi,,<fog_server_IP>
        dhcp-boot=net:UEFI64,ipxe.efi,,<fog_server_IP>
        
        # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
        pxe-prompt="Booting FOG Client", 1
        
        # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
        # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
        # This option is first and will be the default if there is no input from the user.
        pxe-service=X86PC, "Boot to FOG", undionly.kpxe
        pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
        pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
        
        dhcp-range=<fog_server_ip>,proxy
        

        Donโ€™t forget to replace <fog_server_ip> in the above text with the IP address of your fog server. The tag appears many times.

        Now before you start dnsmasq I want you to run the following command and post the results here dnsmasq -v If the version is not 2.76 then we need to compile 2.76 to get bios and uefi compatibility.

        https://forums.fogproject.org/topic/8725/compiling-dnsmasq-2-76-if-you-need-uefi-support

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        K 1 Reply Last reply May 11, 2017, 7:17 AM Reply Quote 0
        • K
          Kpax @george1421
          last edited by May 11, 2017, 7:17 AM

          @george1421
          awesome mate, will follow instruction and update.

          much appreciated

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by May 12, 2017, 11:29 AM

            @Kpax I donโ€™t know much about the FGT config itself but what jumps at me is that you are trying to use pxelinux.0 instead of undionly.kpxeโ€ฆ Why that?

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            K 1 Reply Last reply May 13, 2017, 2:21 PM Reply Quote 1
            • K
              Kpax
              last edited by May 13, 2017, 2:15 PM

              greetings,

              some update, following your instruction, thanks againโ€ฆ

              1.FGT configuration

              config system dhcp server
                  edit 1
                      set dns-service default
                      set default-gateway 10.0.0.136
                      set next-server 10.0.0.140
                      set netmask 255.255.255.0
                      set interface "internal"
                          config ip-range
                              edit 1
                                  set start-ip 10.0.0.110
                                  set end-ip 10.0.0.190
                              next
                          end
                      set filename "undionly.kpxe" /* been tested with the value of undionly.kpxe or ipxe.kpxe or ipxe.efi */
                      set option1 67 '0A00008C'
                      set option2 66
                          config reserved-address
                              edit 1
                                  set ip 10.0.0.140
                                  set mac 00:00:00:00:00:00
                              next
                          end
                  next
              end
              
              1. FGT is functioning well as DHCP server all hosts are receiving the correct IP and able access to the internet

              0_1494682897742_Caaapture.JPG

              1. FOG DHCP server role has been uninstalled (without dependent packages)
              sudo apt-get remove isc-dhcp-server
              
              1. DNSMasq is been installed
              sudo apt-get install dnsmasq
              
              1. chekconfig command is no longer in use under Ubuntu 16.04.2 LTS
                the equivalent command is update-rc.d
              fogadmin@fog-srv:~$ sudo update-rc.d dnsmasq on
              usage: update-rc.d [-n] [-f] <basename> remove
                     update-rc.d [-n] <basename> disable|enable [S|2|3|4|5]
                              -n: not really
                              -f: force
              
              The disable|enable API is not stable and might change in the future.
              fogadmin@fog-srv:~$ sudo update-rc.d dnsmasq on^C
              fogadmin@fog-srv:~$ /etc/init.d/dnsmasq start
              [....] Starting dnsmasq (via systemctl): dnsmasq.service==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
              Authentication is required to start 'dnsmasq.service'.
              Authenticating as: fogadmin,,, (fogadmin)
              Password:
              ==== AUTHENTICATION COMPLETE ===
              . ok
              fogadmin@fog-srv:~$
              
              1. ltsp.conf file wasnt exsist on that directory to i just create and paste the content with the change of IP_ADDRESS
              drwxr-xr-x   2 root root  4096 ืžืื™ 13 05:20 .
              drwxr-xr-x 133 root root 12288 ืžืื™ 11 19:26 ..
              -rw-r--r--   1 root root  1429 ืžืื™ 11 19:41 ltsp.conf
              -rw-r--r--   1 root root   202 ืกืคื˜ 27  2016 network-manager
              -rw-r--r--   1 root root   211 ืžืจืฅ 28 03:22 README
              
              # Don't function as a DNS server:
              port=0
              
              # Log lots of extra information about DHCP transactions.
              log-dhcp
              
              # Set the root directory for files available via FTP.
              tftp-root=/tftpboot
              
              # The boot filename, Server name, Server Ip Address
              dhcp-boot=undionly.kpxe,,10.0.0.140
              
              # Disable re-use of the DHCP servername and filename fields as extra
              # option space. That's to avoid confusing some old or broken DHCP clients.
              dhcp-no-override
              
              # inspect the vendor class string and match the text to set the tag
              dhcp-vendorclass=BIOS,PXEClient:Arch:00000
              dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
              dhcp-vendorclass=UEFI,PXEClient:Arch:00007
              dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
              
              # Set the boot file name based on the matching tag from the vendor class (above)
              dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,10.0.0.140
              dhcp-boot=net:UEFI,ipxe.efi,,10.0.0.140
              dhcp-boot=net:UEFI64,ipxe.efi,,10.0.0.140
              
              # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
              pxe-prompt="Booting FOG Client", 1
              
              # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
              # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
              # This option is first and will be the default if there is no input from the user.
              pxe-service=X86PC, "Boot to FOG", undionly.kpxe
              pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
              pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
              
              dhcp-range=10.0.0.140,proxy
              
              1. dnsmasq -v
              fogadmin@fog-srv:/etc/dnsmasq.d$ dnsmasq -v
              Dnsmasq version 2.75  Copyright (c) 2000-2015 Simon Kelley
              Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
              
              This software comes with ABSOLUTELY NO WARRANTY.
              Dnsmasq is free software, and you are welcome to redistribute it
              under the terms of the GNU General Public License, version 2 or 3.
              

              Additional method:
              I update the BIOS firmware on most pcโ€™s, try both UEFI enable/disable or choose legacy mode
              Hosts now getting IP only from FGT (act as a dhcp server)
              the output from Hosts at the moment is:
              0_1494684559061_aaaaaa.jpg

              it was long ๐Ÿ™‚

              thanks in advance,
              Kpax

              G 1 Reply Last reply May 13, 2017, 2:37 PM Reply Quote 0
              • K
                Kpax @Sebastian Roth
                last edited by May 13, 2017, 2:21 PM

                @Sebastian-Roth said in PXE boot under Fortigate 40C:

                @Kpax I donโ€™t know much about the FGT config itself but what jumps at me is that you are trying to use pxelinux.0 instead of undionly.kpxeโ€ฆ Why that?

                its an mistake as George1421 said ๐Ÿ™‚

                1 Reply Last reply Reply Quote 0
                • G
                  george1421 Moderator @Kpax
                  last edited by george1421 May 13, 2017, 8:39 AM May 13, 2017, 2:37 PM

                  @Kpax said in PXE boot under Fortigate 40C:

                  Dnsmasq version 2.75 Copyright ยฉ 2000-2015 Simon Kelley

                  OK dnsmasq 2.75 is not new enough to enable both uefi and bios booting. UEFI booting is broken in 2.75. But now that you have 2.75 installed you can follow this process to compile 2.76: https://forums.fogproject.org/topic/8725/compiling-dnsmasq-2-76-if-you-need-uefi-support/6

                  There is more in the thread, but that is the actions part.

                  You will compile 2.76 and then just swap out the binary for 2.75 with 2.76. Restart dnsmasq, confirm that 2.76 is running with dnsmasq -v, then try to pxe boot your target computer again.

                  No worries, this is progressing just as I had planned. Your just distribution hasnโ€™t released the latest version of dnsmasq yet, so you will compile it.

                  Also in your fortigate remove the line that contains the undionly.kpxe value, and then restart your dhcp server on your fortigate. We want dnsmasq to provide everything for pxe booting. This way the target computer only gets pxe booting instructions from dnsmasq

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                  K 2 Replies Last reply May 14, 2017, 3:54 AM Reply Quote 0
                  • K
                    Kpax @george1421
                    last edited by May 14, 2017, 3:54 AM

                    @george1421

                    much appreciated will check and update

                    thanks in advance
                    Kpax

                    K 1 Reply Last reply May 15, 2017, 8:36 AM Reply Quote 0
                    • K
                      Kpax @Kpax
                      last edited by May 15, 2017, 8:36 AM

                      @Kpax
                      Hey george1421

                      Thank you for lighting the wayโ€ฆ

                      some update

                      1. FGT config (line set filename โ€˜undionly.kpxeโ€™ has been removed)
                          edit 1
                              set dns-service default
                              set default-gateway 10.0.0.136
                              set next-server 10.0.0.140
                              set netmask 255.255.255.0
                              set interface "internal"
                                  config ip-range
                                      edit 1
                                          set start-ip 10.0.0.110
                                          set end-ip 10.0.0.190
                                      next
                                  end
                              set option1 67 '0A00008C'
                              set option2 66
                                  config reserved-address
                                      edit 1
                                          set ip 10.0.0.140
                                          set mac 00:00:00:00:00:00
                                      next
                                  end
                          next
                      end
                      
                      1. dnsmasq been compile to version 2.76 succefuly with no error
                      Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
                      Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
                      
                      This software comes with ABSOLUTELY NO WARRANTY.
                      Dnsmasq is free software, and you are welcome to redistribute it
                      under the terms of the GNU General Public License, version 2 or 3.
                      

                      3.additional check
                      dnsmasq status

                      ystemd/system/dnsmasq.service; enabled; vendor preset: enabled)
                        Drop-In: /run/systemd/generator/dnsmasq.service.d
                                 โ””โ”€50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
                         Active: active (running) since ื‘' 2017-05-15 11:04:34 IDT; 13min ago
                        Process: 1097 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
                        Process: 1054 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
                        Process: 976 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
                       Main PID: 1096 (dnsmasq)
                         CGroup: /system.slice/dnsmasq.service
                                 โ””โ”€1096 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local
                      
                      ืžืื™ 15 11:04:33 fog-vm systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
                      ืžืื™ 15 11:04:33 fog-vm dnsmasq[976]: dnsmasq: syntax check OK.
                      ืžืื™ 15 11:04:33 fog-vm dnsmasq[1096]: started, version 2.76 DNS disabled
                      ืžืื™ 15 11:04:33 fog-vm dnsmasq[1096]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
                      ืžืื™ 15 11:04:33 fog-vm dnsmasq[1096]: DNS service limited to local subnets
                      ืžืื™ 15 11:04:33 fog-vm dnsmasq-dhcp[1096]: DHCP, proxy on subnet 10.0.0.140
                      ืžืื™ 15 11:04:34 fog-vm systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
                      ืžืื™ 15 11:12:47 fog-vm systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
                      
                      

                      route

                      Kernel IP routing table
                      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
                      default         10.0.0.136      0.0.0.0         UG    100    0        0 ens33
                      10.0.0.0        *               255.255.255.0   U     100    0        0 ens33
                      link-local      *               255.255.0.0     U     1000   0        0 ens33
                      

                      Config.h file

                      /* Build options which require external libraries.
                      
                         Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically.
                      
                         You can use "make COPTS=-DHAVE_<opt>" instead of editing these.
                      */
                      
                      /* #define HAVE_LUASCRIPT */
                      /* #define HAVE_DBUS */
                      /* #define HAVE_IDN */
                      /* #define HAVE_CONNTRACK */
                      /* #define HAVE_DNSSEC */
                      
                      /* Default locations for important system files. */
                      #define HAVE_DBUS
                      #define HAVE_IDN
                      #define HAVE_IDN_STATIC
                      #define HAVE_CONNTRACK
                      #define HAVE_DNSSEC
                      
                      #ifndef LEASEFILE
                      #   if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
                      

                      will update shortly I still have users around.

                      thanks in advance,
                      Kpax

                      1 Reply Last reply Reply Quote 0
                      • K
                        Kpax @george1421
                        last edited by May 16, 2017, 12:56 PM

                        @george1421

                        Hey george1421 some update: ๐Ÿ™‚
                        all PC getting IP and seeing the Fog menu for deployment and registration much appreciated again, for direction.

                        might be its for new post but wondering I notice one thing that after Deploy image when PC rebooting he is looking for pxe instead load OS, so I need change the BIOS manually to UEFI enabled.
                        before the change it was done automatically enable/disable UEFI on BIOS

                        thanks ,
                        Kpax

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        1 / 1
                        • First post
                          10/10
                          Last post

                        208

                        Online

                        12.0k

                        Users

                        17.3k

                        Topics

                        155.2k

                        Posts
                        Copyright ยฉ 2012-2024 FOG Project