Issue: PXE Boot fails with FOG, DHCP same subnet

ismith.hpu

DHCP Server’s dhcpd.conf:

========================================

log-facility local7;

default-lease-time 7776000;
max-lease-time 31536000;
ddns-update-style none;
not authoritative;

option subnet-mask xxxxxxxxxx;;
option broadcast-address xxxxxxxxxx;
option routers xxxxxxxxxx;;
#option domain-name "redact.xxx";
#option domain-name-servers xxxxxxxxxxxxx;
option domain-name "wsoe.redact.xxx";
option domain-name-servers xxxxxxxxx;
#option domain-search "wsoe.redact.xxx","redact.xxx";

option space PXE;
option PXE.mtftp-ip               code 1 = ip-address;
option PXE.mtftp-cport            code 2 = unsigned integer 16;
option PXE.mtftp-sport            code 3 = unsigned integer 16;
option PXE.mtftp-tmout            code 4 = unsigned integer 8;
option PXE.mtftp-delay            code 5 = unsigned integer 8;
option PXE.discovery-control      code 6 = unsigned integer 8;
option PXE.discovery-mcast-addr   code 7 = ip-address;

subnet xxxxxxxx0 netmask xxxxxxxxx.0 {

#   pool {
#      range ##.##.##.100 ##.##.##.199;
#      allow unknown-clients;
#   }

   allow bootp;
   deny unknown-clients;

   range dynamic-bootp ##.##.##.100 ##.##.##.255;

   # PXE specific options
   class "pxeclients" {
      match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
      option vendor-class-identifier "PXEClient";
      vendor-option-space PXE;
      # At least one of the vendor-specific options must be set in order
      # for the boot ROM on the client to recognize us as a PXE
      # compliant server. We set the MCAST IP address to 0.0.0.0 to tell
      # the boot ROM we can't provide multicast TFTP, so it will have to
      # use just plain ol' TFTP instead (address 0.0.0.0 is considered
      # as "no address").
      option PXE.mtftp-ip 0.0.0.0;
   }

#   filename "pxelinux.0";
#   next-server ##.##.##.43;

#New Fog-Project PXE server
        filename undionly.kpxe;
#       filename ipxe.kpxe;
#       filename "pxelinux.0;
        next-server ##.##.##.251;

#SysAdmin-Svrs
   host sysdocu {
      hardware ethernet XX:XX:XX:XX:XX:XX;
      fixed-address ##.##.##.250;
      option host-name "sysdocu.redact.xxx";
   }
   host fog-server {
      hardware ethernet XX:XX:XX:XX:XX:XX;
      fixed-address ##.##.##.251;
      option host-name "fog-server.redact.xxx";

Fog Server’s /etc/dnsmasq.d/ltsp.conf

========================================

Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,##.##.##.251

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,##.##.##.251
dhcp-boot=net:UEFI,ipxe.efi,,##.##.##.251
dhcp-boot=net:UEFI64,ipxe.efi,,##.##.##.251

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

dhcp-range=##.##.##.251,proxy

george1421

Let me first say you have WAY to many things going on here to find the issue.

Lets start at the very beginning.

What device do you want to be your dhcp server? Ideally this would be a windows 2012 (or later) or a linux server running isc-dhcp.

ismith.hpu

@george1421

What device do you want to be your dhcp server?
We have a DHCP server already at x.x.96.43 and works with CloneZilla currently and is utilizing isc-dhcp

george1421

@ismith-hpu Ok lets play 20 questions so I can get up to speed quickly here. Understand I’m coming into the is cold not knowing anything about your infrastructure.

1. Everything is on the same subnet FOG server, DHCP server, and PXE booting client?

2. Where is the dnsmasq server in regards to the dhcp server and the fog server?

3. When you took the pcap of the dhcp/pxe boot process what computer did you do that from? The fog server?

4. Why are you using a linux dhcp server AND a dnsmasq? What was your end goal in using that?

5. The ltsp.conf file looks similar to my tutorial, is that where you got the configuration for dnsmasq from?

6. Is your dhcp server running on the fog server or some other linux system?

Just a comment here, there is little hacker value if your ip addresses in the configuration files are all IANA internal (i.e 10.0.0.0/8, 172.16-31.0.0/16, 192.168.0.0/24). Masking them actually makes it harder to predict what is going wrong in your environment.

ismith.hpu

@george1421

I have narrowed it down to specifically the undionly.pxe

If I copy the Fog-Server@undionly.pxe to CloneZilla-Server same results happen with DHCP not being applied.

If I copy the CloneZilla@pxelinux.0 to Fog-Server, it works fine.

ismith.hpu

@george1421

Everything is on the same subnet FOG server, DHCP server, and PXE booting client?

• yes everything is on 10.33.96.0/22. DHCP-10.33.96.43 & Fog-10.33.97.251 and they can communicate

Where is the dnsmasq server in regards to the dhcp server and the fog server?

• the dnsmasq server is on the Fog-Server which then forwards to the same IP to catch any DHCP requests. I deleted it and disabled it after no affect.

When you took the pcap of the dhcp/pxe boot process what computer did you do that from? The fog server?

• From the fog server. Same stuff on the DHCP server as well.

Why are you using a linux dhcp server AND a dnsmasq? What was your end goal in using that?

• It wasn’t working, it to forward it towards the server that is serving the pxe file.

The ltsp.conf file looks similar to my tutorial, is that where you got the configuration for dnsmasq from?

• Yup, I tried a lot of things.

Is your dhcp server running on the fog server or some other linux system?

• It is running on the other Linux server, 10.33.96.43 which is also a DNS server as well.

george1421

@ismith-hpu Ok thanks for updating my questions.

So the first thing I noticed strange is in your pcap. You are not getting any dhcp offers from anything. Also it appears your pxe booting client is an apple something?

ismith.hpu

@george1421 dhcpSvr-output.pcap

Attached is from the DHCP-server:

ismith@dhcp-svr:/etc/dhcp$ sudo tcpdump -w dhcpSvr-output.pcap port 67 or port 68 or port 69 or port 4011
tcpdump: listening on macvtap0, link-type EN10MB (Ethernet), capture size 262144 bytes
6 packets captured
11 packets received by filter
0 packets dropped by kernel
ismith@dhcp-svr:/etc/dhcp$ mv dhcpSvr-output.pcap /home/faculty/ismith

with dhcpd.conf:

##Old CloneZilla PXE Server ##
#       filename "pxelinux.0";
#       next-server 10.33.96.43;

## New Fog-Project PXE server ##
        filename undionly.kpxe;
        next-server 10.33.97.251;

george1421

@ismith-hpu Just for reference here is a pcap from my home network with a soho router and dnsmasq running on my FOG-Pi server.

output.pcap

ismith.hpu

Solution was

    filename "undionly.kpxe";
    next-server 10.33.97.251; 

VERSUS

    filename undionly.kpxe;
    next-server 10.33.97.251;