PXE Boot over a routed network

J

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
In my VM lab I created an image for a bunch of PC's using Windows Deployment Services.

The PC's I want to deploy this image to are on a different subnet seperated by site to site OpenVPN.

I tried to just setup DHCP relay and point it to the DHCP/WDS server but that was a no go.

Any other idea on how to get it over there? Running pfsense 2.0.1
 
You're trying to image over a WAN?
What is your network equipment?
Doesn't WDS have a Transport Server role that would let you have a "local" WDS image server?
 
What's the bandwith of the tunnel like? WDS on a 10/10 link is slooooooow let alone anything lower. What's handing out DHCP? Can you configure option 67 to point to the IP of the WDS server?
 
Yea im trying to image over wan. Its mostly for lab. My problem is the broadcast not reaching it. Come to think of it I dont think the relay was working, I just tested it again and it didnt pull a normal IP address for the DHCP server. I have a scope for it in DHCP which is in the subnet of the remote network.
 
YMMV, but with a different OS (Solaris AI) and pfSense, I
1. upload a pxeboot file from the Solaris install .iso to pfSense TFTP server. (This pxeboot file will later on point the PXE target to the install server's IP and port, which could be anywhere).
2. Enable PXE on the target nic from BIOS on the target box. Connect everything physically.
3. Find the nic on pfSense, enable Wake On Lan for that nic's mac. (You may have to power cycle the target for pfSense Wake On Lan to find it.)
4. Send Magic Packet from pfSense Wake On LAN and watch the magic happen as the target gets the Magic Ping, wakes up, gets TFTP, finds the install server and starts to provision itself. (This works for 57 brand new boxes at a time to set up a university lab too. ;) )

As long as the interface enabled in pfSense's TFTP server is the same as the DHCP server listens to, you should be golden for Wake On LAN from any target machine that could ordinarily get DHCP.
 
Last edited:
paret0 said:
YMMV, but with a different OS (Solaris AI) and pfSense, I
1. upload a pxeboot file from the Solaris install .iso to pfSense TFTP server. (This pxeboot file will later on point the PXE target to the install server's IP and port, which could be anywhere).
2. Enable PXE on the target nic from BIOS on the target box. Connect everything physically.
3. Find the nic on pfSense, enable Wake On Lan for that nic's mac. (You may have to power cycle the target for pfSense Wake On Lan to find it.)
4. Send Magic Packet from pfSense Wake On LAN and watch the magic happen as the target gets the Magic Ping, wakes up, gets TFTP, finds the install server and starts to provision itself. (This works for 57 brand new boxes at a time to set up a university lab too. ;) )

As long as the interface enabled in pfSense's TFTP server is the same as the DHCP server listens to, you should be golden for Wake On LAN from any target machine that could ordinarily get DHCP.
Click to expand...

I'm not trying to PXE boot to the pfsense box though. The device I'm trying to boot from is on a different subnet. Thanks for the info though. Nice to see the n00bie's giving out good info and contributing to the board. ;)

I'm almost looking for an ip helper type function.
 
Quartz-1 said:
Don't you need BOOTP, rather than DHCP?
Click to expand...

Since its similar, i was hoping the DHCP relay forwarded this as well, however I see this in the system logs when I enable dhcp relay and point to a server on the other side of the vpn

Code: 
php: /services_dhcp_relay.php: The command '/usr/local/sbin/dhcrelay -i ovpnc1 -a -m replace 10.0.1.8' returned exit code '1', the output was 'Internet Systems Consortium DHCP Relay Agent 4.2.1-P1 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Unsupported device type 23 for "ovpnc1" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the [email protected] mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting.'
 
jadams said:
I'm not trying to PXE boot to the pfsense box though. The device I'm trying to boot from is on a different subnet.
Click to expand...

Right. But to avoid sum bullshit, the wakeup packet probably needs to come from DHCP server on that (PXE client's) subnet.
Then you can use TFTP from the DHCP server that just sent the wakeup to download a config to the still-PXE client that tells it to point to (or accept broadcasts from) the installer on your subnet throughf the VPN tunnel you've routed.
The installer on your subnet then goes on to download the image to the remote PXE client.
 
jadams said:
I'm almost looking for an ip helper type function.
Click to expand...
That's exactly what you're looking for. :rolleyes:
However you still haven't answered my question about what kind of networking equipment you're using.
If it's Cisco then I'd just tell you to put in the ip helper command.
 
If I had Cisco equipment that's exactly what I'd do. :rolleyes:

In my op I clearly said I had pfsense 2.0.1
 
Whats stopping you setting option 66 and 67 on the dhcp on the remote pfsense to point to the local WDS server and image path?

Unless you are looking to have the same subnet at the remote end with the addresses handed out by the local pfsense? Either way the dhcp relay doesn't look like it supports going over an ovpn interface.
 
bmh.01 said:
Whats stopping you setting option 66 and 67 on the dhcp on the remote pfsense to point to the local WDS server and image path?

Unless you are looking to have the same subnet at the remote end with the addresses handed out by the local pfsense? Either way the dhcp relay doesn't look like it supports going over an ovpn interface.
Click to expand...

The dhcp features in pfsense are a little basic and don't support options 66 and 67 like the dhcp server does on the other end.

My two roadblocks are no IP helper and not being able to relay over vpn. The 2nd one really baffles me. If I were to run a vm somewhere and setup a relay it would relay it over the vpn no problem; or so I assume. To me its routing packets, unless I'm missing something.

So that my next plan. To setup a relay, which almost begs the question why not just setup a deployment server locally.....
 
jadams said:
The dhcp features in pfsense are a little basic and don't support options 66 and 67 like the dhcp server does on the other end.
Click to expand...

It does support 66 and 67 and i've used it with WDS to great effect, the only thing I haven't done is have the server accross a wan. It wasn't there in v1 but is v2.

Enable Network Booting option almost at the bottom of the DHCP server page.
 
bmh.01 said:
It does support 66 and 67 and i've used it with WDS to great effect, the only thing I haven't done is have the server accross a wan. It wasn't there in v1 but is v2.

Enable Network Booting option almost at the bottom of the DHCP server page.
Click to expand...

Well ill be dammed. I must have been up and down that page 100 times yesterday. Ill cHeck this out a little later. Maybe I wont get the vpn error that was occurring with the relay! Thanks!
 
bmh.01 said:
It does support 66 and 67 and i've used it with WDS to great effect, the only thing I haven't done is have the server accross a wan. It wasn't there in v1 but is v2.

Enable Network Booting option almost at the bottom of the DHCP server page.
Click to expand...

Cool I'm getting closer.

I've been playing around with the two options at the end of the DHCP Server page. BOOTD/DHCP Options, and Enable Network Booting.

When I configure BOOTD/DHCP Options with 66 being the IP address of the WDS server, and 67 as the file to download from the TFTP as \boot\x86\wdsnbp.com

The TFTP server times out. WDS server never gets any traffic from the remote client verified by wireshark.

When I configure Enable Network Booting with "next-server" being the IP of the WDS server, and "filname" being \boot\x86\wdsnbp.com

I get some access denied, and wireshark indicates its because of a bad checksum each time.

With both options doing virtually the same thing, why would one not hit the WDS server?

Screenshot of bad checksum:
http://i.imgur.com/NdOlR.jpg
 
You must log in or register to reply here.
Back
Top