Issue: PXE Boot fails with FOG, DHCP same subnet



  • Hello,

    We are migrating from CloneZilla.

    The DHCP server & CloneZilla server use linuxpxe.0 on ##.##.#6.43/22 to boot and works well and gives out DHCP. This is a baremetal server but also hosts a couple VMs ontop of it.

    Migrating to Fog-Projec we do not need to provide DHCP from this box. This server is #7.251/22 is hosting Fog-Project and the virtualization is as:
    Machine
    ||ProxMox
    ||||Documentation VM
    ||||Fog-Server
    ||||Test Machine

    These are not NAT but bridged.
    UFW is disabled.
    ProxMox firewall is disabled.

    Additionally, I can tftp files from the DHCP server., but using TCPDump I am just seeing 4x DHCP discovery packets being sent with src: 0.0.0.0 and dst:255.255.255.255.

    The documentation server can also pull the .kpxe via TFTP.

    DNSMASQ is enabled and configured but is not making any changes.

    I have tried other PXE modules to boot, no changes.

    The screenshot is what I am seeing when I am booting into the test-vm to confirm functionality.

    Any idea?

    See attached files.

    b73d0f03-4665-4b5a-aa75-95967e844ddd-image.png

    output.pcap

    EDIT: The issue was as follows

        filename "undionly.kpxe";
        next-server 10.33.97.251; 
    

    VERSUS

        filename undionly.kpxe;
        next-server 10.33.97.251;


  • Solution was

        filename "undionly.kpxe";
        next-server 10.33.97.251; 
    

    VERSUS

        filename undionly.kpxe;
        next-server 10.33.97.251;


  • Solution was

        filename "undionly.kpxe";
        next-server 10.33.97.251; 
    

    VERSUS

        filename undionly.kpxe;
        next-server 10.33.97.251;

  • Moderator

    @ismith-hpu Just for reference here is a pcap from my home network with a soho router and dnsmasq running on my FOG-Pi server.

    output.pcap



  • @george1421 dhcpSvr-output.pcap

    Attached is from the DHCP-server:

    ismith@dhcp-svr:/etc/dhcp$ sudo tcpdump -w dhcpSvr-output.pcap port 67 or port 68 or port 69 or port 4011
    tcpdump: listening on macvtap0, link-type EN10MB (Ethernet), capture size 262144 bytes
    6 packets captured
    11 packets received by filter
    0 packets dropped by kernel
    ismith@dhcp-svr:/etc/dhcp$ mv dhcpSvr-output.pcap /home/faculty/ismith

    with dhcpd.conf:

    ##Old CloneZilla PXE Server ##
    #       filename "pxelinux.0";
    #       next-server 10.33.96.43;
    
    ## New Fog-Project PXE server ##
            filename undionly.kpxe;
            next-server 10.33.97.251;
    

  • Moderator

    @ismith-hpu Ok thanks for updating my questions.

    So the first thing I noticed strange is in your pcap. You are not getting any dhcp offers from anything. Also it appears your pxe booting client is an apple something?



  • @george1421

    Everything is on the same subnet FOG server, DHCP server, and PXE booting client?

    • yes everything is on 10.33.96.0/22. DHCP-10.33.96.43 & Fog-10.33.97.251 and they can communicate

    Where is the dnsmasq server in regards to the dhcp server and the fog server?

    • the dnsmasq server is on the Fog-Server which then forwards to the same IP to catch any DHCP requests. I deleted it and disabled it after no affect.

    When you took the pcap of the dhcp/pxe boot process what computer did you do that from? The fog server?

    • From the fog server. Same stuff on the DHCP server as well.

    Why are you using a linux dhcp server AND a dnsmasq? What was your end goal in using that?

    • It wasn’t working, it to forward it towards the server that is serving the pxe file.

    The ltsp.conf file looks similar to my tutorial, is that where you got the configuration for dnsmasq from?

    • Yup, I tried a lot of things.

    Is your dhcp server running on the fog server or some other linux system?

    • It is running on the other Linux server, 10.33.96.43 which is also a DNS server as well.


  • @george1421

    I have narrowed it down to specifically the undionly.pxe

    If I copy the Fog-Server@undionly.pxe to CloneZilla-Server same results happen with DHCP not being applied.

    If I copy the CloneZilla@pxelinux.0 to Fog-Server, it works fine.


  • Moderator

    @ismith-hpu Ok lets play 20 questions so I can get up to speed quickly here. Understand I’m coming into the is cold not knowing anything about your infrastructure.

    1. Everything is on the same subnet FOG server, DHCP server, and PXE booting client?

    2. Where is the dnsmasq server in regards to the dhcp server and the fog server?

    3. When you took the pcap of the dhcp/pxe boot process what computer did you do that from? The fog server?

    4. Why are you using a linux dhcp server AND a dnsmasq? What was your end goal in using that?

    5. The ltsp.conf file looks similar to my tutorial, is that where you got the configuration for dnsmasq from?

    6. Is your dhcp server running on the fog server or some other linux system?

    Just a comment here, there is little hacker value if your ip addresses in the configuration files are all IANA internal (i.e 10.0.0.0/8, 172.16-31.0.0/16, 192.168.0.0/24). Masking them actually makes it harder to predict what is going wrong in your environment.



  • @george1421

    What device do you want to be your dhcp server?
    We have a DHCP server already at x.x.96.43 and works with CloneZilla currently and is utilizing isc-dhcp


  • Moderator

    Let me first say you have WAY to many things going on here to find the issue.

    Lets start at the very beginning.

    What device do you want to be your dhcp server? Ideally this would be a windows 2012 (or later) or a linux server running isc-dhcp.



  • DHCP Server’s dhcpd.conf:

    ========================================

    log-facility local7;
    
    default-lease-time 7776000;
    max-lease-time 31536000;
    ddns-update-style none;
    not authoritative;
    
    option subnet-mask xxxxxxxxxx;;
    option broadcast-address xxxxxxxxxx;
    option routers xxxxxxxxxx;;
    #option domain-name "redact.xxx";
    #option domain-name-servers xxxxxxxxxxxxx;
    option domain-name "wsoe.redact.xxx";
    option domain-name-servers xxxxxxxxx;
    #option domain-search "wsoe.redact.xxx","redact.xxx";
    
    option space PXE;
    option PXE.mtftp-ip               code 1 = ip-address;
    option PXE.mtftp-cport            code 2 = unsigned integer 16;
    option PXE.mtftp-sport            code 3 = unsigned integer 16;
    option PXE.mtftp-tmout            code 4 = unsigned integer 8;
    option PXE.mtftp-delay            code 5 = unsigned integer 8;
    option PXE.discovery-control      code 6 = unsigned integer 8;
    option PXE.discovery-mcast-addr   code 7 = ip-address;
    
    subnet xxxxxxxx0 netmask xxxxxxxxx.0 {
    
    #   pool {
    #      range ##.##.##.100 ##.##.##.199;
    #      allow unknown-clients;
    #   }
    
       allow bootp;
       deny unknown-clients;
    
       range dynamic-bootp ##.##.##.100 ##.##.##.255;
    
       # PXE specific options
       class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          option vendor-class-identifier "PXEClient";
          vendor-option-space PXE;
          # At least one of the vendor-specific options must be set in order
          # for the boot ROM on the client to recognize us as a PXE
          # compliant server. We set the MCAST IP address to 0.0.0.0 to tell
          # the boot ROM we can't provide multicast TFTP, so it will have to
          # use just plain ol' TFTP instead (address 0.0.0.0 is considered
          # as "no address").
          option PXE.mtftp-ip 0.0.0.0;
       }
    
    #   filename "pxelinux.0";
    #   next-server ##.##.##.43;
    
    #New Fog-Project PXE server
            filename undionly.kpxe;
    #       filename ipxe.kpxe;
    #       filename "pxelinux.0;
            next-server ##.##.##.251;
    
    #SysAdmin-Svrs
       host sysdocu {
          hardware ethernet XX:XX:XX:XX:XX:XX;
          fixed-address ##.##.##.250;
          option host-name "sysdocu.redact.xxx";
       }
       host fog-server {
          hardware ethernet XX:XX:XX:XX:XX:XX;
          fixed-address ##.##.##.251;
          option host-name "fog-server.redact.xxx";
    

    Fog Server’s /etc/dnsmasq.d/ltsp.conf

    ========================================

    Don't function as a DNS server:
    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # The boot filename, Server name, Server Ip Address
    dhcp-boot=undionly.kpxe,##.##.##.251
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
    
    # Set the boot file name based on the matching tag from the vendor class (above)
    dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,##.##.##.251
    dhcp-boot=net:UEFI,ipxe.efi,,##.##.##.251
    dhcp-boot=net:UEFI64,ipxe.efi,,##.##.##.251
    
    # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
    pxe-prompt="Booting FOG Client", 1
    
    # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
    # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
    # This option is first and will be the default if there is no input from the user.
    pxe-service=X86PC, "Boot to FOG", undionly.kpxe
    pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
    pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
    
    dhcp-range=##.##.##.251,proxy
    

Log in to reply
 

320
Online

7.4k
Users

14.5k
Topics

136.5k
Posts