network boot uefi opnsense iso (or root fs!)

Szeraax

I’m stuck. Which isn’t hard to get to.

Trying to boot Opnsense (a fork of pfSense using HardenedBSD) via Fog. Tried via tftp, nfs, http. Lots of things that don’t seem to be going anywhere after several hours on multiple days, so I think I’m finally ready to ask for some help.

My primary readings:
https://forums.fogproject.org/topic/12689/imaging-with-iso-files-with-fog-1-5-5
https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/16
https://wiki.netbsd.org/tutorials/how_to_install__40__boot__41___netbsd_using_pxelinux/
https://forums.fogproject.org/topic/12097/ipxe-setup-for-many-os-s-under-bios-and-uefi

I really liked how clean George had it with:

set tftp-path tftp://${fog-ip}
set pe-path ${tftp-path}/os/winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

But, I’m not sure what I should be putting in here… There is no BCD or sdi or wim (obviosuly, this isn’t windows!). Here’s what I do have in the mounted ISO’s /boot folder:

   3497 Mar  9 19:42 beastie.4th
   8192 Mar  9 19:42 boot
    512 Mar  9 19:42 boot0
    512 Mar  9 19:42 boot0sio
    512 Mar  9 19:42 boot1
  96768 Mar  9 19:42 boot1.efi
 819200 Mar  9 19:42 boot1.efifat
   7680 Mar  9 19:42 boot2
   2735 Mar  9 19:42 brand.4th
   2050 Mar  9 19:42 brand-fbsd.4th
   2201 Mar  9 19:42 brand-hbsd.4th
   2074 Mar 10 21:35 brand-opnsense.4th
   1185 Mar  9 19:42 cdboot
   6197 Mar  9 19:42 check-password.4th
   1796 Mar  9 19:42 color.4th
   4096 Mar  9 19:42 defaults
   3985 Mar  9 19:42 delay.4th
    754 Mar  9 19:42 device.hints
   4096 Mar  9 19:41 dtb
   4096 Mar 13 01:10 entropy
   4096 Mar  9 19:41 firmware
   4104 Mar  9 19:42 frames.4th
  66082 Mar  9 19:42 gptboot
 114754 Mar  9 19:42 gptzfsboot
  14755 Mar  9 19:42 isoboot
  32768 Mar 13 01:09 kernel
 331776 Mar  9 19:42 loader
   7356 Mar  9 19:42 loader.4th
   1678 Mar 13 01:10 loader.conf
 404480 Mar  9 19:42 loader.efi
  15084 Mar  9 19:42 loader.help
    350 Mar  9 19:42 loader.rc
   3032 Mar  9 19:42 logo-beastie.4th
   2556 Mar  9 19:42 logo-beastiebw.4th
   2137 Mar  9 19:42 logo-fbsdbw.4th
   2367 Mar  9 19:42 logo-hardenedbsd.4th
   2289 Mar  9 19:42 logo-hardenedbsdbw.4th
   2387 Mar 10 21:35 logo-hourglass.4th
   2557 Mar  9 19:42 logo-orb.4th
   2278 Mar  9 19:42 logo-orbbw.4th
    512 Mar  9 19:42 mbr
  35953 Mar  9 19:42 menu.4th           
   9178 Mar  9 19:42 menu-commands.4th
   6259 Mar  9 19:42 menu.rc
  18523 Mar  9 19:42 menusets.4th
   4096 Mar  9 19:41 modules
    512 Mar  9 19:42 pmbr
 333824 Mar  9 19:42 pxeboot
   2603 Mar  9 19:42 screen.4th
   2538 Mar  9 19:42 shortcuts.4th
  36212 Mar  9 19:42 support.4th
 329249 Mar  9 19:42 userboot.so
   2992 Mar  9 19:42 version.4th
   4096 Mar  9 19:41 zfs
 262656 Mar  9 19:42 zfsboot
 389120 Mar  9 19:42 zfsloader

Any thoughts on what solutions I have? Thank you so much.

Szeraax

I should add here’s what opnsense looks like when loaded via EFI:

george1421

Right what you have here is a bsd system. What you need to look into is netbooting a bsd based system. I don’t have any experience with bsd, but linux yes. I might expect comparable files.

In linux there is two parts (like FOS Linux that is used to capture and deploy images on target computers). There is the kernel in FOS’ case its called bzImage. That is the heart of the OS. Then there is the virtual hard drive called init.xz in FOS. Both of those are needed to make a bootable system. So for BSD there should be a bsd kernel and a virtual hard drive (initrd).

Szeraax

That’s what I figured, but I too am not familiar with BSD. I hope to update soon with an answer for future generations.

george1421

@george1421 The other way is for a live install such as sharing the install media or live boot media via NFS and booting from that. The ubuntu live boot examples shows this in the tutorial.

I’ve familiar with pfsense in that you install it to a local hard drive or media. I’m not sure if its capable to be netbooted… (thinking). The issue is that the virtual hard drive is expanded into memory and would be lost once the system is rebooted. You need non-volitale storage. In that case you will need to map an nfs share…

What is your goal to netboot opnsense? Just to install it on the target computer?

george1421

@george1421 The answer may be in here: https://matt.simerson.net/computing/freebsd.netboot-1.0.shtml but after being at work at 5a, working a 12hr and its now 10:30p my brain is not running on all cylinders to decipher what is needed. But on a quick check it seems to have what is needed for feebsd which is the foundation for pfsense.

Szeraax

Based on the third link, I expect BSD to be able to netboot OK. OpnSense basically runs just off a normal hardenedBSD install, so I expect netboot to continue to work.

When you boot to the image, it’ll popup in a live CD mode. Full functionality with no HDD needed. Then, if you login with installer user, it’ll do setup.

My ultimate goal is to learn more about net booting iso files to [u]efi systems and install Opnsense on this laptop (usb and DVD install keeps not working!!).

However, I installed Opnsense to a local VM and captured it after the installer was done. I then deployed to this computer and now its all up and running! Woo.

So all that’s left is however much academic value I get out of it (Read: Masochism).

Following the last answer on this serverfault page (https://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server/141890#141890), I set the root-path dhcpd option and tried to do a chain to fogip/opnsense/boot/pxeboot (of course with the extracted image contents sitting in my tftp folder) and seemed to not work. I will probably try this method a bit more. I’d love to just chain it. Maybe pxe from this link and chain aren’t the same thing…

Szeraax

Thanks for that link. I’ll peruse it as well. At least Fog is old faithful and got my test computer up and running when USB/DVD both failed me miserably!