dnsmasq ProxyDHCP BIOS and UEFI coexistence



  • Hi everyone,
    I’ve been following the wiki guide to set this up
    https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq

    The basic script example works fine but when I try to follow the second example it stops working.

    Adding (a bit more complex) UEFI support to the basic script
    We’ll start with our basic configuration file again. Note: we removed the pxe-service entries we added previously.

    Soon as I remove the pxe-service entries I cannot UEFI boot and the dhcp-boot option doesn’t seem to do anything:

    Set the boot file name based on the matching tag from the vendor class (above)

    dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
    dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
    dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24

    Can anyone tell me what I could be missing?

    There are powerful matching rules in dnsmasq’s configuration syntax. Here is an example of how this could be used to distingush between BIOS and UEFI. Note: This will NOT work in proxy mode!!
    dhcp-match=set:bios,60,PXEClient:Arch:00000
    dhcp-boot=tag:bios,undionly.kpxe,x.x.x.x,x.x.x.x # x.x.x.x = TFTP/FOG server IP

    Does that mean dhcp-boot will never work in an unmodifiable dnsmasq proxy setting?

    I would like to specify options per model and it seems to be working but dhcp-service is required. Certain laptops can’t boot into legacy No configuration methods succeeded (http://ipxe.org/040ee119)



  • @george1421

    Thanks for clearing stuff up with me. Appreciate it


  • Moderator

    @Pikmin let try this config file:

    # Don't function as a DNS server:
    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
    
    
    dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da
    
    ##### Without this one I get asked to enter TFTP Address
    dhcp-boot=undionly.kpxe,,192.168.131.149
    
    pxe-prompt="Press F8 for boot menu", 10
    
    pxe-service=tag:HP210,X86PC, "HP-210 NOT COMPATIBLE WITH BIOS",
    
    # PXEClient:Arch:00000
    pxe-service=X86PC, "Boot BIOS Legacy PXE", undionly ###########.kpxe
    
    # PXEClient:Arch:00007
    pxe-service=BC_EFI, "Boot UEFI PXE-BC", bipxe.efi
    
    # HP210 UEFI Test
    pxe-service=tag:HP210,tag:X86-64_EFI, "HP-210", tipxe.efi
    
    # HP210 UEFI Test
    pxe-service=tag:HP210,tag:UEFI, "HP-210", gipxe.efi
    
    # PXEClient:Arch:00009
    pxe-service=X86-64_EFI, "Boot UEFI PXE-64", eipxe.efi
    
    
    dhcp-range=192.168.131.149,proxy,255.255.0.0
    

    Note this one will NOT boot your computer. I’m interested in what was matched. Some is an educated guess so lets see what is matched.


  • Moderator

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    My bad, I was trying something from your previous post, with the intel.efi setup same thing

    Great, so now we know the “match” part is working. We just need to get the target computer to believe the proxydhcp response.


  • Moderator

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    I also have ip helper on the switch so I can netboot from other vlans

    This raises a question if the dnsmasq server is on the same subnet as the pxe booting client computers. If not did you add the dnsmasq server as the last dhcp server in your dhcp helper list? dnsmasq will not supply any dhcp addresses it just needs to be made aware that a dhcp request was places so it can reply with its proxydhcp answer.



  • @george1421 said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    bootfile name: snp.efi

    Also looking at your log file snp.efi is being sent. If you used my config file it should have sent intel.efi (right not I’m not saying its right or wrong kernel for that system I’m just looking for the same as I told it).

    My bad, I was trying something from your previous post, with the intel.efi setup same thing

    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 vendor class: PXEClient:Arch:00007:UNDI:003016
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 PXE(ens160) b0:5a:da:9e:d8:b8 proxy
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 tags: UEFI, HP210, ens160
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 bootfile name: intel.efi
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 next server: 192.168.131.149
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 broadcast response
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size:  1 option: 53 message-type  2
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size:  4 option: 54 server-identifier  192.168.131.149
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
    Jun 20 10:30:27 ndfog dnsmasq-dhcp[13167]: 1636139832 sent size: 17 option: 97 client-machine-id  00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da...
    

  • Moderator

    @george1421 Using the configuration file that created the PXE error 21.

    Lets grab a pcap of the pxe booting process. This works the best if the FOG server and the target computers are on the same subnet. https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

    Since you have an IP helper, your fog server may not be on the same subnet. It would be ideal if they were on the same subnet since the filter we will use looks for dhcp, proxydhcp, and tftp communications. If this can’t happen then use wireshark on a computer plugged into the same subnet as the target computer.

    Understand this is part helping you and part adding to the collective knowledge of the forums. It would also be nice to know what your dhcp server is for background info.



  • @george1421 said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    Last message I get is
    PXE-E21: Remote boot cancelled?

    Ah ok then your dhcp server is sending out info too and the client is getting confused. Do you have time to debug this so we can see exactly what’s going on?

    You will need the pxe-service commands but lets understand what’s going on first.
    The Windows DHCP Server is set to PXE Boot SCCM

    Also note that without using the netmask in the range directive PXE boot doesn’t work
    dhcp-range=192.168.131.149,proxy,255.255.0.0

    I also have ip helper on the switch so I can netboot from other vlans


  • Moderator

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    Last message I get is
    PXE-E21: Remote boot cancelled?

    Ah ok then your dhcp server is sending out info too and the client is getting confused. Do you have time to debug this so we can see exactly what’s going on?

    You will need the pxe-service commands but lets understand what’s going on first.


  • Moderator

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    bootfile name: snp.efi

    Also looking at your log file snp.efi is being sent. If you used my config file it should have sent intel.efi (right not I’m not saying its right or wrong kernel for that system I’m just looking for the same as I told it).


  • Moderator

    @Pikmin said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    it gets to the boot menu but doesn’t seem to know what to boot,

    Please explain, are you getting to the FOG iPXE boot menu?



  • @george1421

    I’ve tried that but didn’t work for me, it gets to the boot menu but doesn’t seem to know what to boot, so the menu counts down and nothing happens
    EDIT:
    Last message I get is
    PXE-E21: Remote boot cancelled?

    This is what I get in the log

    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 vendor class: PXEClient:Arch:00007:UNDI:003016
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 PXE(ens160) b0:5a:da:9e:d8:b8 proxy
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 tags: UEFI, HP210, ens160
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 bootfile name: snp.efi
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 next server: 192.168.131.149
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 broadcast response
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size:  1 option: 53 message-type  2
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size:  4 option: 54 server-identifier  192.168.131.149
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
    Jun 20 10:14:40 ndfog dnsmasq-dhcp[12339]: 2701847451 sent size: 17 option: 97 client-machine-id  00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da...
    

  • Moderator

    It would be interesting to know how well this one works.

    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
    
    dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da
    
    # Set the boot file name based on the matching tag from the vendor class (above)
    dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.131.149
    dhcp-boot=net:UEFI,ipxe.efi,,192.168.131.149
    dhcp-boot=net:UEFI64,ipxe.efi,,192.168.131.149
    
    # Our test to ensure both the UEFI and e6230 tags are set. 
    dhcp-boot=tag:UEFI,tag:HP210, intel.efi, 192.168.131.149, 192.168.131.149
    
    # The boot filename, Server name, Server Ip Address
    dhcp-boot=undionly.kpxe,,192.168.131.149
    
    # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
    pxe-prompt="Booting FOG Client", 1
    
    dhcp-range=192.168.131.149,proxy
    

  • Moderator

    @Pikmin I just looked at my dev box and I still had this structure in the ltsp.conf file.

    dhcp-match=set:e6230,97,00:44:45:4c:4c:38:00:10:36:80:4e:c4:c0:4f:4a:58:31
    
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    
    dhcp-boot=tag:UEFI,tag:e6230, snp.efi, 192.168.112.24, 192.168.112.24
    

    With no pxe-service lines. Note for the dhcp-boot line I had to use tag: to identify both tags and to create the and condition.


  • Moderator

    @Pikmin We find depending on your network setup (if your real dhcp server sends out some of the boot information) the pxe-service fields are needed.



  • @george1421
    Hello, can you confirm that the following fields are meant to be enough to boot into UEFI, not the basic but advanced option
    Set the boot file name based on the matching tag from the vendor class (above)
    dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
    dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
    dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24

    They don’t appear to be enough in my case, once again pxe-service is needed but you say in the guide to remove it :
    Adding (a bit more complex) UEFI support to the basic script
    We’ll start with our basic configuration file again. Note: we removed the pxe-serivce entries we added previously.

    This is what my config looks like now, I’ve added a match for HP 210 and have been testing stuff out, BIOS doesn’t work with this model: No configuration methods succeeded (http://ipxe.org/040ee119) I have added a BIOS menu that boots nothing (removed the undionly line) because it fails anyway.

    I have a separate HP210 UEFI menu

    HP210 UEFI Test

    pxe-service=tag:HP210,X86-64_EFI, “HP-210”, ipxe.efi

    when I push F8 I get two options HP-210 and Boot UEFI PXE-64
    Without the pxe-service and only dhcp-boot options, the boot fails

    # Don't function as a DNS server:
    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
    
    
    dhcp-match=set:HP210,97,00:4e:fc:b7:3e:58:32:11:e5:8b:16:b0:5a:da
    
    
    ##### Without this one I get asked to enter TFTP Address
    dhcp-boot=undionly.kpxe,,192.168.131.149
    
    
    pxe-prompt="Press F8 for boot menu", 10
    
    
    pxe-service=tag:HP210,X86PC, "HP-210 NOT COMPATIBLE WITH BIOS",
    
    # PXEClient:Arch:00000
    pxe-service=X86PC, "Boot BIOS Legacy PXE", undionly ###########.kpxe
    
    # PXEClient:Arch:00007
    pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi
    
    # HP210 UEFI Test
    pxe-service=tag:HP210,X86-64_EFI, "HP-210", ipxe.efi
    
    # PXEClient:Arch:00009
    pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi
    
    
    dhcp-range=192.168.131.149,proxy,255.255.0.0
    

  • Moderator

    @Pikmin Are you still having an issue? You last post seems to offer an answer. Did that resolve your issue?

    What does your ltsp.conf file look like. The tutorial the wiki was based on is here: https://forums.fogproject.org/topic/8725/compiling-dnsmasq-2-76-if-you-need-uefi-support/6 at the end of this post there is an example ltsp.conf file that has been proven to work.

    I also have an other tutorial that may add some value: https://forums.fogproject.org/topic/8726/advanced-dnsmasq-techniques

    You must have at least dnsmasq 2.76 to get uefi / bios auto switching to work.



  • @Sebastian-Roth said in dnsmasq ProxyDHCP BIOS and UEFI coexistence:

    2.76
    Hey Sebastian,
    Yeah I’ve compiled 2.76
    dnsmasq -v
    Dnsmasq version 2.76 Copyright © 2000-2016 Simon Kelley
    Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

    It doesn’t appear to be an issue with not being able to boot UEFI rather ignoring the dhcp-boot fields.
    Without the pxe-service=X86-64_EFI, “Boot UEFI PXE-64”, ipxe.efi, the boot fails


  • Developer

    @Pikmin Which version of dnsmasq are you using? I am sure you’ve read the section “Compiling dnsmasq 2.76 if you need uefi support” in the wiki article you posted!?!


Log in to reply
 

359
Online

38982
Users

10712
Topics

101678
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.