dnsmasq ProxyDHCP BIOS and UEFI coexistence
-
Hi everyone,
I’ve been following the wiki guide to set this up
https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasqThe basic script example works fine but when I try to follow the second example it stops working.
Adding (a bit more complex) UEFI support to the basic script
We’ll start with our basic configuration file again. Note: we removed the pxe-service entries we added previously.Soon as I remove the pxe-service entries I cannot UEFI boot and the dhcp-boot option doesn’t seem to do anything:
Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24Can anyone tell me what I could be missing?
There are powerful matching rules in dnsmasq’s configuration syntax. Here is an example of how this could be used to distingush between BIOS and UEFI. Note: This will NOT work in proxy mode!!
dhcp-match=set:bios,60,PXEClient:Arch:00000
dhcp-boot=tag:bios,undionly.kpxe,x.x.x.x,x.x.x.x # x.x.x.x = TFTP/FOG server IPDoes that mean dhcp-boot will never work in an unmodifiable dnsmasq proxy setting?
I would like to specify options per model and it seems to be working but dhcp-service is required. Certain laptops can’t boot into legacy No configuration methods succeeded (http://ipxe.org/040ee119)
-
@Pikmin Which version of dnsmasq are you using? I am sure you’ve read the section “Compiling dnsmasq 2.76 if you need uefi support” in the wiki article you posted!?!
-
@Sebastian-Roth said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
2.76
Hey Sebastian,
Yeah I’ve compiled 2.76
dnsmasq -v
Dnsmasq version 2.76 Copyright
2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotifyIt doesn’t appear to be an issue with not being able to boot UEFI rather ignoring the dhcp-boot fields.
Without the pxe-service=X86-64_EFI, “Boot UEFI PXE-64”, ipxe.efi, the boot fails -
@Pikmin Are you still having an issue? You last post seems to offer an answer. Did that resolve your issue?
What does your ltsp.conf file look like. The tutorial the wiki was based on is here: https://forums.fogproject.org/topic/8725/compiling-dnsmasq-2-76-if-you-need-uefi-support/6 at the end of this post there is an example ltsp.conf file that has been proven to work.
I also have an other tutorial that may add some value: https://forums.fogproject.org/topic/8726/advanced-dnsmasq-techniques
You must have at least dnsmasq 2.76 to get uefi / bios auto switching to work.
-
@george1421
Hello, can you confirm that the following fields are meant to be enough to boot into UEFI, not the basic but advanced option
Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24They don’t appear to be enough in my case, once again pxe-service is needed but you say in the guide to remove it :
Adding (a bit more complex) UEFI support to the basic script
We’ll start with our basic configuration file again. Note: we removed the pxe-serivce entries we added previously.This is what my config looks like now, I’ve added a match for HP 210 and have been testing stuff out, BIOS doesn’t work with this model: No configuration methods succeeded (http://ipxe.org/040ee119) I have added a BIOS menu that boots nothing (removed the undionly line) because it fails anyway.
I have a separate HP210 UEFI menu
HP210 UEFI Test
pxe-service=tag:HP210,X86-64_EFI, “HP-210”, ipxe.efi
when I push F8 I get two options HP-210 and Boot UEFI PXE-64
Without the pxe-service and only dhcp-boot options, the boot fails# Don't function as a DNS server: port=0 # Log lots of extra information about DHCP transactions. log-dhcp # Set the root directory for files available via FTP. tftp-root=/tftpboot # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000 dhcp-vendorclass=UEFI32,PXEClient:Arch:00006 dhcp-vendorclass=UEFI,PXEClient:Arch:00007 dhcp-vendorclass=UEFI64,PXEClient:Arch:00009 dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da ##### Without this one I get asked to enter TFTP Address dhcp-boot=undionly.kpxe,,192.168.131.149 pxe-prompt="Press F8 for boot menu", 10 pxe-service=tag:HP210,X86PC, "HP-210 NOT COMPATIBLE WITH BIOS", # PXEClient:Arch:00000 pxe-service=X86PC, "Boot BIOS Legacy PXE", undionly ###########.kpxe # PXEClient:Arch:00007 pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi # HP210 UEFI Test pxe-service=tag:HP210,X86-64_EFI, "HP-210", ipxe.efi # PXEClient:Arch:00009 pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi dhcp-range=192.168.131.149,proxy,255.255.0.0 -
@Pikmin We find depending on your network setup (if your real dhcp server sends out some of the boot information) the pxe-service fields are needed.
-
@Pikmin I just looked at my dev box and I still had this structure in the ltsp.conf file.
dhcp-match=set:e6230,97,00:44:45:4c:4c:38:00:10:36:80:4e:c4:c0:4f:4a:58:31 dhcp-vendorclass=UEFI,PXEClient:Arch:00007 dhcp-boot=tag:UEFI,tag:e6230, snp.efi, 192.168.112.24, 192.168.112.24With no pxe-service lines. Note for the dhcp-boot line I had to use
tag:to identify both tags and to create theandcondition.Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
-
It would be interesting to know how well this one works.
port=0 # Log lots of extra information about DHCP transactions. log-dhcp # Set the root directory for files available via FTP. tftp-root=/tftpboot # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000 dhcp-vendorclass=UEFI32,PXEClient:Arch:00006 dhcp-vendorclass=UEFI,PXEClient:Arch:00007 dhcp-vendorclass=UEFI64,PXEClient:Arch:00009 dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da # Set the boot file name based on the matching tag from the vendor class (above) dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.131.149 dhcp-boot=net:UEFI,ipxe.efi,,192.168.131.149 dhcp-boot=net:UEFI64,ipxe.efi,,192.168.131.149 # Our test to ensure both the UEFI and e6230 tags are set. dhcp-boot=tag:UEFI,tag:HP210, intel.efi, 192.168.131.149, 192.168.131.149 # The boot filename, Server name, Server Ip Address dhcp-boot=undionly.kpxe,,192.168.131.149 # PXE menu. The first part is the text displayed to the user. The second is the timeout, in seconds. pxe-prompt="Booting FOG Client", 1 dhcp-range=192.168.131.149,proxy -
I’ve tried that but didn’t work for me, it gets to the boot menu but doesn’t seem to know what to boot, so the menu counts down and nothing happens
EDIT:
Last message I get is
PXE-E21: Remote boot cancelled?This is what I get in the log
Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 vendor class: PXEClient:Arch:00007:UNDI:003016 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 PXE(ens160) b0:5a:da:9e:d8:b8 proxy Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 tags: UEFI, HP210, ens160 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 bootfile name: snp.efi Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 next server: 192.168.131.149 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 broadcast response Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size: 1 option: 53 message-type 2 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size: 4 option: 54 server-identifier 192.168.131.149 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size: 9 option: 60 vendor-class 50:58:45:43:6c:69:65:6e:74 Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size: 17 option: 97 client-machine-id 00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da... -
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
it gets to the boot menu but doesn’t seem to know what to boot,
Please explain, are you getting to the FOG iPXE boot menu?
-
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
bootfile name: snp.efi
Also looking at your log file snp.efi is being sent. If you used my config file it should have sent intel.efi (right not I’m not saying its right or wrong kernel for that system I’m just looking for the same as I told it).
-
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
Last message I get is
PXE-E21: Remote boot cancelled?Ah ok then your dhcp server is sending out info too and the client is getting confused. Do you have time to debug this so we can see exactly what’s going on?
You will need the pxe-service commands but lets understand what’s going on first.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
-
@george1421 said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
Last message I get is
PXE-E21: Remote boot cancelled?Ah ok then your dhcp server is sending out info too and the client is getting confused. Do you have time to debug this so we can see exactly what’s going on?
You will need the pxe-service commands but lets understand what’s going on first.
The Windows DHCP Server is set to PXE Boot SCCMAlso note that without using the netmask in the range directive PXE boot doesn’t work
dhcp-range=192.168.131.149,proxy,255.255.0.0I also have ip helper on the switch so I can netboot from other vlans
-
@george1421 Using the configuration file that created the PXE error 21.
Lets grab a pcap of the pxe booting process. This works the best if the FOG server and the target computers are on the same subnet. https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
Since you have an IP helper, your fog server may not be on the same subnet. It would be ideal if they were on the same subnet since the filter we will use looks for dhcp, proxydhcp, and tftp communications. If this can’t happen then use wireshark on a computer plugged into the same subnet as the target computer.
Understand this is part helping you and part adding to the collective knowledge of the forums. It would also be nice to know what your dhcp server is for background info.
-
@george1421 said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
bootfile name: snp.efi
Also looking at your log file snp.efi is being sent. If you used my config file it should have sent intel.efi (right not I’m not saying its right or wrong kernel for that system I’m just looking for the same as I told it).
My bad, I was trying something from your previous post, with the intel.efi setup same thing
Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 vendor class: PXEClient:Arch:00007:UNDI:003016 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 PXE(ens160) b0:5a:da:9e:d8:b8 proxy Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 tags: UEFI, HP210, ens160 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 bootfile name: intel.efi Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 next server: 192.168.131.149 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 broadcast response Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size: 1 option: 53 message-type 2 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size: 4 option: 54 server-identifier 192.168.131.149 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size: 9 option: 60 vendor-class 50:58:45:43:6c:69:65:6e:74 Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size: 17 option: 97 client-machine-id 00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da... -
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
I also have ip helper on the switch so I can netboot from other vlans
This raises a question if the dnsmasq server is on the same subnet as the pxe booting client computers. If not did you add the dnsmasq server as the last dhcp server in your dhcp helper list? dnsmasq will not supply any dhcp addresses it just needs to be made aware that a dhcp request was places so it can reply with its proxydhcp answer.
-
@Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:
My bad, I was trying something from your previous post, with the intel.efi setup same thing
Great, so now we know the “match” part is working. We just need to get the target computer to believe the proxydhcp response.
-
@Pikmin let try this config file:
# Don't function as a DNS server: port=0 # Log lots of extra information about DHCP transactions. log-dhcp # Set the root directory for files available via FTP. tftp-root=/tftpboot # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000 dhcp-vendorclass=UEFI32,PXEClient:Arch:00006 dhcp-vendorclass=UEFI,PXEClient:Arch:00007 dhcp-vendorclass=UEFI64,PXEClient:Arch:00009 dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da ##### Without this one I get asked to enter TFTP Address dhcp-boot=undionly.kpxe,,192.168.131.149 pxe-prompt="Press F8 for boot menu", 10 pxe-service=tag:HP210,X86PC, "HP-210 NOT COMPATIBLE WITH BIOS", # PXEClient:Arch:00000 pxe-service=X86PC, "Boot BIOS Legacy PXE", undionly ###########.kpxe # PXEClient:Arch:00007 pxe-service=BC_EFI, "Boot UEFI PXE-BC", bipxe.efi # HP210 UEFI Test pxe-service=tag:HP210,tag:X86-64_EFI, "HP-210", tipxe.efi # HP210 UEFI Test pxe-service=tag:HP210,tag:UEFI, "HP-210", gipxe.efi # PXEClient:Arch:00009 pxe-service=X86-64_EFI, "Boot UEFI PXE-64", eipxe.efi dhcp-range=192.168.131.149,proxy,255.255.0.0Note this one will NOT boot your computer. I’m interested in what was matched. Some is an educated guess so lets see what is matched.
-
Thanks for clearing stuff up with me. Appreciate it
