2

I'm trying to setup a PXE server with dnsmasq as a dhcp-proxy.

It works well with client-arch=0 (x86 legacy clients) but UEFI client doesn't even terminate the DHCP packets exchange with the PXE server, and not even a pxe-prompt (setted with dnsmasq) appears on those newer clients.

I have made dumps of the DHCP dialog between PXE server and clients with Wireshark, I see some differences but I can't figure why only legacy clients connect successfully with my server.

Dump of DHCP messages between PXE server and legacy BIOS client (Works!)

Dump of DHCP messages between PXE server and UEFI client (Don't work :( )

I couldn't find a working configuration online: following a lot of examples, all I get is that UEFI systems don't exchange final REQUEST/ACK with PXE server.

Dnsmasq config:

port=0
interface=bond
log-dhcp
dhcp-range=192.168.1.200,proxy,255.255.255.0
dhcp-no-override

dhcp-option=vendor:,6,2b

pxe-prompt="Press any key for boot menu", 5

dhcp-match=set:x86PC, option:client-arch, 0
dhcp-match=set:BC_EFI, option:client-arch, 7

pxe-service=tag:x86PC,x86PC, "Legacy BIOS PXE", bios/pxelinux
pxe-service=tag:BC_EFI,BC_EFI, "UEFI PXE", efi64/syslinux.efi

dhcp-boot=tag:x86PC, bios/pxelinux.0
dhcp-boot=tag:BC_EFI, efi64/syslinux.efi

Is out there a solution?

EDIT: I'm using version 2.76, with UEFI support (see changelog on official site).

EDIT2: My UEFI client is classified as PXEClient:Arch:00007 (so, BC_EFI is the correct dnsmasq arch tag).

Patrick Roncagliolo
  • 121
  • 1
  • 1
  • 4

1 Answers1

2

DnsMasq proxyDHCP does not work on UEFI environments:

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q4/009907.html

EDIT_1 if you are using the new DnsMasq with UEFI suport then try adding the missing architecture 9

 dhcp-match=set:EFI_ x86-64, option:client-arch, 9

UEFI 64 clients also use 9 as architecture.

EDIT_2

please base your config on this one

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# The boot filename, Server name, Server Ip Address
dhcp-boot=bios/pxelinux,,192.168.1.200

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
# pxe-prompt="Booting PXE Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, ARM_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.

# PXEClient:Arch:00000
pxe-service=X86PC, "Boot BIOS PXE", bios/pxelinux

# PXEClient:Arch:00007
pxe-service=BC_EFI, "Boot UEFI PXE-BC", efi64/syslinux.efi

# PXEClient:Arch:00009
pxe-service=X86-64_EFI, "Boot UEFI PXE-64", efi64/syslinux.efi

dhcp-range=192.168.1.200,proxy,255.255.255.0

Source https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq (Adding UEFI support to the basic script)

Pat
  • 3,519
  • 2
  • 17
  • 17
  • http://www.thekelleys.org.uk/dnsmasq/CHANGELOG , version 2.76 actually supports EFI. You linked an old devs discussion (2015). – Patrick Roncagliolo Jan 27 '17 at 20:42
  • see my edited answer – Pat Jan 28 '17 at 10:56
  • My client is class 7, dnsqmask detects it correctly – Patrick Roncagliolo Jan 28 '17 at 10:58
  • then I would try configuring a plain PXE boot w/o menu; just the load of the NBP and run. Probably your UEFI client is not implementing PXE menu capabilities. – Pat Jan 29 '17 at 12:18
  • Yesterday, tried to remove pxe prompt message, still no good. – Patrick Roncagliolo Jan 29 '17 at 12:20
  • OK; keep it simple, forget about the menu and get a Wireshark traffic capture on BIOS and UEFI cases. Let's see what's going on. – Pat Jan 29 '17 at 12:22
  • Traffic captures are equal to the already linked captures here above. BIOS: 7 Dhcp messages (request, offer dhcp, offer pxe srv, request to dhcp, ack to client, request to pxe srv, ack from pxe srv). UEFI stops on 5th message, client do not talk to the pxe srv even if pxe srv made an offer. – Patrick Roncagliolo Jan 29 '17 at 12:26
  • Those are not captures. Please upload real pcap files where I can see what the DHCP and proxyDHCP are really answering to the client. – Pat Jan 29 '17 at 16:19
  • https://drive.google.com/open?id=0B-63LRUI0J4Ob2tPUUJqT1ptbTA (Google drive folders with two real .pcap files) :) Thank you for your time. – Patrick Roncagliolo Jan 29 '17 at 18:08
  • you added menus on that run and the proxyDHCP option 43 Suboption 6 (PXE Discovery Control) present errors. See my edited answer – Pat Jan 29 '17 at 20:20
  • How to fix suboptions 6 error? – Patrick Roncagliolo Jan 29 '17 at 20:24
  • see now `EDIT 2` – Pat Jan 29 '17 at 20:28
  • Arch 9 not needed, dnsmasq tells "tags: BC_EFI, bond" when EFI client request is detected. On another line, it tells "vendor class: PXEClient:Arch:0007", so definitely not an arch detection problem. Tried without pxe-prompt, nothing changed. – Patrick Roncagliolo Jan 29 '17 at 21:16
  • Please get a Wireshark capture with the new config; the only way to solve your problem is seeing that dnsmasq is providing a healthy proxyDHCP offer. – Pat Jan 29 '17 at 22:48