PXE-E32: TFTP open time out on palo alto dhcp server
-
@Sebastian-Roth said in PXE-E32: TFTP open time out on palo alto dhcp server:
ls -al /tftpboot/
root@SRVOPTIFOGADMIN:~# ls -al /tftpboot/ total 7264 drwxrwxrwx 5 fogproject root 4096 feb 1 12:54 . drwxr-xr-x 26 root root 4096 ene 28 13:14 .. drwxrwxrwx 2 fogproject root 4096 ene 28 13:14 10secdelay -rwxrwxrwx 1 fogproject root 868 ene 28 13:14 boot.txt -rwxrwxrwx 1 root root 459 ene 28 13:14 default.ipxe drwxrwxrwx 2 fogproject root 4096 ene 28 13:14 i386-efi -rwxrwxrwx 1 fogproject root 226944 ene 28 13:14 intel.efi -rwxrwxrwx 1 fogproject root 98224 ene 28 13:14 intel.kkpxe -rwxrwxrwx 1 fogproject root 98272 ene 28 13:14 intel.kpxe -rwxrwxrwx 1 fogproject root 98356 ene 28 13:14 intel.pxe -rwxrwxrwx 1 fogproject root 1016960 ene 28 13:14 ipxe.efi -rwxrwxrwx 1 fogproject root 880640 ene 28 13:14 ipxe.iso -rwxrwxrwx 1 fogproject root 359745 ene 28 13:14 ipxe.kkpxe -rwxrwxrwx 1 fogproject root 359793 ene 28 13:14 ipxe.kpxe -rwxrwxrwx 1 fogproject root 359243 ene 28 13:14 ipxe.krn -rwxrwxrwx 1 fogproject root 359243 ene 28 13:14 ipxe.lkrn -rwxrwxrwx 1 fogproject root 359688 ene 28 13:14 ipxe.pxe -rwxrwxrwx 1 fogproject root 1409024 ene 28 13:14 ipxe.usb -rwxrwxrwx 1 fogproject root 123448 ene 28 13:14 ldlinux.c32 -rwxrwxrwx 1 fogproject root 187820 ene 28 13:14 libcom32.c32 -rwxrwxrwx 1 fogproject root 26468 ene 28 13:14 libutil.c32 -rwxrwxrwx 1 fogproject root 26140 ene 28 13:14 memdisk -rwxrwxrwx 1 fogproject root 29208 ene 28 13:14 menu.c32 -rwxrwxrwx 1 fogproject root 43210 ene 28 13:14 pxelinux.0.old drwxrwxrwx 2 fogproject root 4096 ene 28 13:14 pxelinux.cfg -rwxrwxrwx 1 fogproject root 225856 ene 28 13:14 realtek.efi -rwxrwxrwx 1 fogproject root 99051 ene 28 13:14 realtek.kkpxe -rwxrwxrwx 1 fogproject root 99099 ene 28 13:14 realtek.kpxe -rwxrwxrwx 1 fogproject root 99119 ene 28 13:14 realtek.pxe -rwxrwxrwx 1 fogproject root 225152 ene 28 13:14 snp.efi -rwxrwxrwx 1 fogproject root 225440 ene 28 13:14 snponly.efi -rwxrwxrwx 1 fogproject root 97740 ene 28 13:14 undionly.kkpxe -rwxrwxrwx 1 fogproject root 97788 ene 28 13:14 undionly.kpxe -rwxrwxrwx 1 fogproject root 97741 ene 28 13:14 undionly.pxe -rwxrwxrwx 1 fogproject root 29728 ene 28 13:14 vesamenu.c32
@george1421
this is my dnsmasq config
And this is the log, i don’t see the target computer 192.168.96.61
root@SRVOPTIFOGADMIN:/var/log# grep -R -i tftp * auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN groupadd[3428]: group added to /etc/group: name=tftp, GID=121 auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN groupadd[3428]: group added to /etc/gshadow: name=tftp auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN groupadd[3428]: new group: name=tftp, GID=121 auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN useradd[3432]: new user: name=tftp, UID=114, GID=121, home=/var auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN usermod[3437]: change user 'tftp' password auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN chage[3442]: changed password expiry for tftp auth.log:Jan 28 12:59:51 SRVOPTIFOGADMIN chfn[3445]: changed user 'tftp' information auth.log:Jan 29 13:25:00 SRVOPTIFOGADMIN polkitd(authority=local): Operator of unix-process:11807:770878 action org.freedesktop.systemd1.manage-units for system-bus-name::1.20 [systemctl restart tftpd-hpa] (o auth.log:Jan 29 13:27:23 SRVOPTIFOGADMIN polkitd(authority=local): Operator of unix-process:11967:772326 action org.freedesktop.systemd1.manage-units for system-bus-name::1.23 [systemctl restart tftpd-hpa] (o dpkg.log.1:2020-01-28 12:59:49 install tftpd-hpa:amd64 <ninguna> 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:49 status half-installed tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:49 status unpacked tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:49 status unpacked tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:50 configure tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 <ninguna> dpkg.log.1:2020-01-28 12:59:50 status unpacked tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:50 status unpacked tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:50 status unpacked tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:50 status half-configured tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:52 status installed tftpd-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:57 install tftp-hpa:amd64 <ninguna> 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:57 status half-installed tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:57 status unpacked tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:57 status unpacked tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:58 configure tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 <ninguna> dpkg.log.1:2020-01-28 12:59:58 status unpacked tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:58 status half-configured tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 dpkg.log.1:2020-01-28 12:59:58 status installed tftp-hpa:amd64 5.2+20150808-1ubuntu1.16.04.1 syslog:Feb 1 10:44:38 SRVOPTIFOGADMIN dnsmasq[25135]: opciones al compilar: IPv6 GNU-getopt DBus i18n I syslog:Feb 1 10:49:26 SRVOPTIFOGADMIN dnsmasq[25529]: opciones al compilar: IPv6 GNU-getopt DBus i18n I syslog:Feb 1 10:57:26 SRVOPTIFOGADMIN dnsmasq[1130]: opciones al compilar: IPv6 GNU-getopt DBus i18n ID syslog:Feb 1 10:57:26 SRVOPTIFOGADMIN systemd[1]: Starting LSB: HPA's tftp server... syslog:Feb 1 10:57:26 SRVOPTIFOGADMIN tftpd-hpa[1274]: * Starting HPA's tftpd in.tftpd syslog:Feb 1 10:57:26 SRVOPTIFOGADMIN tftpd-hpa[1274]: ...done. syslog:Feb 1 10:57:26 SRVOPTIFOGADMIN systemd[1]: Started LSB: HPA's tftp server. syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN systemd[1]: Stopping LSB: HPA's tftp server... syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN tftpd-hpa[8367]: * Stopping HPA's tftpd in.tftpd syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN tftpd-hpa[8367]: ...done. syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN systemd[1]: Stopped LSB: HPA's tftp server. syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN systemd[1]: Starting LSB: HPA's tftp server... syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN tftpd-hpa[8375]: * Starting HPA's tftpd in.tftpd syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN tftpd-hpa[8375]: ...done. syslog:Feb 1 12:45:05 SRVOPTIFOGADMIN systemd[1]: Started LSB: HPA's tftp server. syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN systemd[1]: Stopping LSB: HPA's tftp server... syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN tftpd-hpa[8591]: * Stopping HPA's tftpd in.tftpd syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN tftpd-hpa[8591]: ...done. syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN systemd[1]: Stopped LSB: HPA's tftp server. syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN systemd[1]: Starting LSB: HPA's tftp server... syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN tftpd-hpa[8600]: * Starting HPA's tftpd in.tftpd syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN tftpd-hpa[8600]: ...done. syslog:Feb 1 12:48:13 SRVOPTIFOGADMIN systemd[1]: Started LSB: HPA's tftp server.
-
FYI,
I have tried downloading “undionly.kpxe” whith this comand “tftp -i 192.168.96.204 get undionly.pxe” on my tftp windows client and it seems that I download it correctly.
Any idea? Thanks
-
@fernando-martinez Manual TFTP download on a Windows machine is a great test. Should have suggested that way earlier. Now we know TFTP is working.
Re-read the whole topic I noticed that we see
VMware, Inc.
in one of the pictures. Can you tell us more about your setup? I guess you have VMware Workstation or ESXi server running and try to PXE boot from the FOG server. Can you please try some physical machine within your network as well? Just your normal Windows PC will do, reboot and select PXE boot as temporary first boot. This won’t cause any trouble on the PC. Just to see if this is booting to the menu. -
@Sebastian-Roth
We are trying on ESXI VM Machine, but we have the same problem whith a physical machine from my network.We have another Fog Server on another networwk running correctly whith physicals and VM machines.
The only diference is the dhcp server, the first is Palo Alto and the other is Winows Server DHCP. -
@fernando-martinez There must be something we overlook here but I can seem to get it. You can manually download the file via Windows tftp command so it should work.
Would you please try to capture a network packet dump on your FOG server when this PXE issue happens so we see what is actually sent over the wire? https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
-
@Sebastian-Roth Collecting the pcap from a witness computer if the target is on a different vlan from the FOG server, or from the FOG server to get the best info if the target computer is on the same vlan as the FOG server.
@fernando-martinez if your target computer is on a different vlan than the fog server install wireshark on a witness computer and use the capture filter of
port 67 or port 68
If the target computers is on the same subnet as the fog server then use the instructions in the tutorial.
Upload the pcap to a file share site (i.e. google drive, dropbox, etc) and share as public read. Either post the link here or DM either Sebastian or myself and we will look at the pcap and tell you what we see. Be sure to use the capture filter outlined so we do see things we shouldn’t in your packet capture.
-
@george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:
uter is on a different vlan than the fog server install
this is de output.pcap.
Fog Server: 192.168.96.204
Fog Client: 192.168.96.182The server and client are in the same Vlan.
Do you need more info?Thanks
-
https://www.dropbox.com/s/fn4b256v81ttvlg/output.pcap?dl=0
here is the pcap file.
-
@fernando-martinez I’ll be able to look at the pcap file in detail in a few minutes.
The first pass at it I see a problem. The client is asking for
undionly.kpxe.0
which is an indication that you have a version of dnsmasq on your fog server that is older than version 2.75. Older versions than that always appended .0 for some legacy reason. You should upgrade to a newer version of dnsmaq, but you can trick it by creating a sym link between undionly.kpxe.0 and undionly.kpxe in the/tftpboot
directory. You will need to do the same for ipxe.efi to ipxe.efi.0 -
@fernando-martinez said in PXE-E32: TFTP open time out on palo alto dhcp server:
tftp -i 192.168.96.204 get undionly.pxe
Dnsmasq version is 2.75, I tried to create a sym link but i have the same problem.
-
@fernando-martinez would you grab another pcap with these links in place?
What I find strange is that why is it appending the .0 to the file name and why does it appear to request the file and appear to download it. From your picture of the pcap (it appears you deleted the original pcap) the client asks for the file size of undionly.kpxe.0 and it appears to get the file size because it asks for the file next from 96.204. If that file did not exist it should have not attempted to download it but fail on the file size request.
Edit: Ah I had the version wrong it needs to be 2.76 or later ref: https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server
That config file “should” work with 2.75 but we will see the .0 file name appended onto the file name like we see in the pcap.
-
@fernando-martinez said in PXE-E32: TFTP open time out on palo alto dhcp server:
I tried to create a sym link but i have the same problem.
From the picture we see you created the symlinks in the fogproject source directory. You need to create thos in
/tftpboot/
directory… -
Hello guys! we did it!!
I created sym link in /tftpboot directory and i’ts worked!!
Now we have to configure.Many thanks for your help!!!
-
Hi,
I have the same problem, can u help me?
-
@joanmarzo Are you using a PaloAlto dhcp server too?
What specifically do you have defined for dhcp options 66 and 67?
-
-
@joanmarzo So I take it that 192.168.96.162 is the IP address of the fog server?
This is me just making an educated guess. Has the IP address of the fog server changed since FOG was installed? The fog server needs to be configured to use a static IP address before FOG is installed. As I said this is an educated guess but a FOG server IP address of .162 is pretty close to the IP address assigned to the target computer of .206. I might guess they are in the same subnet dhcp scope range. That is why I’m asking if the fog server ip address has changed.
-
@george1421 said in PXE-E32: TFTP open time out on palo alto dhcp server:
This is me just making an educated guess. Has the IP address of the fog server changed since FOG was installed? The fog server needs to be configured to use a static IP address before FOG is installed. As I said this is an educated guess but a FOG server IP address of .162 is pretty close to the IP address assigned to the target computer of .206. I might guess they are in the same subnet dhcp scope range. That is why I’m asking if the fog server ip address has changed.
Yes, the IP of fogserver is 192.168.96.162 and I put it and static IP, If u want any information tell to me, thanks a lot
-
@joanmarzo Sorry about the slow response its been busy here this AM. So you put the static address in before you installed FOG? OK good. You can confirm that the IP address hasn’t changed between the time you installed FOG and now by inspecting the .fogsettings file
more < /opt/fog/.fogsettings
There is an IP field in there that indicates the IP address when FOG was installed.If the IP address hasn’t changed then we might suspect your dhcp server is doing something abnormal. If we follow this thread it looks like we used dnsmasq to make everything work in the end.
I think in your case since you are using a firewall for a dhcp server and we’ve had issues in the past with firewalls not sending out the right information needed for pxe booting that we go ahead and install dnsmasq on your fog server. In this configuration the dnsmasq program will ONLY supply the pxe booting information all other information will still come from your main dhcp server. The nice thing about this is if you install dnsmasq on your FOG server and then turn off the fog server then all pxe booting will be turned off too.
If you follow these instructions you will be up and running with dnsmasq on your fog server in about 10 minutes. https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server
If you have multiple subnets you will need to adjust an existing setting in your subnet router if you want to pxe boot on the subnets where your FOG server is not. Other than dealing with subnets, dnsmasq should just work. -
I do the dnsmasq but the fog doesn’t work, any idea? I paste an screenshot about the ltsp.conf