UEFI PXE Boot - Pain
@brakcounty Thats my question really, do I need to leave a setting in (66 67 or 150) to tell the Watchguard to send the PXE request to FOG? I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot
@rogerbrowntdl dnsmasq runs on the FOG server to detect architecture and boot type then serve the boot files over tftp. This is my understanding of how it all works:
PC sends DHCP server a request for an IP address with a pxe packet.
DHCP assigns an IP address then directs (relays) the PC to the FOG server.
FOG Server handles this request by sending either undionly.kpxe or ipxe.efi depending on the architecture of the PC (dnsmasq tftp service).
PC downloads and executes the correct file.
After that FOG loads the boot menus.
@george1421 So in effect, I just leave the Watchguard as a DHCP server, set option 66 and 150 to point to my FOG box, remove option 67 and then install DNSMasq? Or do I remove ALL options from my Watchguard and install DNSMasq?
Forgive my lack of knowledge on the subject lol. How does the PXE request then get to the FOG server? Does the client, send a DHCP request to the Watchguard and then a broadcast for PXE or do I need to leave something in the Watchguard to tell the client to go to FOG?
This post is deleted!
@rogerbrowntdl We would typically use this if your dhcp server is managed by an outside party, or your dhcp server settings can’t be changed or your dhcp server does not support dynamic pxe booting (pfsense router does by the way so dnsmasq on the fog server isn’t needed here).
@rogerbrowntdl With this setup the dnsmasq server only provides pxe boot information using the proxydhcp protocol. It does not manage ip address with this configuration. Its intended to augment your existing dhcp server.
@rogerbrowntdl We have the Fortigate DHCP relay set up with the FOG server IP. I did however have to install dnsmasq on my FOG server and disable tftpd.service. Here is where I found the instructions: https://forums.fogproject.org/topic/12133/fog-on-existing-dhcp-server
The code posted by @george1421 needed one line added which is marked below. Just remove the asterisks:
# Don't function as a DNS server: port=0 # Log lots of extra information about DHCP transactions. log-dhcp **# Enable TFTP enable-tftp** # Set the root directory for files available via FTP. tftp-root=/tftpboot # The boot filename, Server name, Server Ip Address dhcp-boot=undionly.kpxe,,<fog_server_IP> # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000
This is the easiest solution, it takes about 10 minutes to setup. If you are running subnets on your network you (after dnsmasq is installed and you remove the pxe boot info from your firewall/router) add the fog server’s IP address as the last server in your dhcp-relay /dhcp-helper service on your subnet router. This is only needed if you need to pxe boot computers not on the same subnet as the fog/dnsmasq server.
A bit longer answer is that your firewall/routers dhcp server most likely doesn’t support dynamic pxe booting, in that it will change the boot file name based on bios or uefi pxe booting computer.
@brakcounty How is your relay setup? Is it a different server or running from fortigate itself?
@rogerbrowntdl Yes very similar to Fortigate. So I have a Fortigate 70D in my offline lab, and have it set up same as you, but for ipxe (UEFI only) boot. DHCP option 67 can only specify one file name. My suggestion is to see if your DHCP server supports DHCP relay. If it does, specify your FOG server IP address. Since your FOG server is already set up to not hand out IP addresses, you should be good to go after that. We have DHCP relay set up on our prod network and both UEFI and Legacy pxe boot work just fine.
Oh and unfortunately you cannot add UEFI to a legacy device as far as I know. Not sure if it is a hardware or firmware limitation.
Currently configured as:
Code Name Type Kind Value
150 TFTP Server IP IP Address(es) Predefined 192.168.15.251
66 TFTP Server Name Text Predefined 192.168.15.251
67 TFTP Boot Filename Text Predefined undionly.kpxe
@rogerbrowntdl How is your DHCP server currently configured for PXE boot?