[Dnsmasq-discuss] dnsmasq proxy with uefi pxe not working

Louis Garcia louisgtwo at gmail.com
Wed Nov 18 18:39:09 GMT 2015 

Thank you Michael. Now my uefi client can boot to a grub prompt. Though my
client did not accept shim.efi to boot it did accept grubx64.efi in both
secure mode and unsecure mode, I thought shim.efi had the efi keys. Any
thoughts?

grub boots into a prompt not to a menu, I do have a grub.cfg in the same
location as grubx64.efi. I know this is outside the scope of this mailing
list. I read that grub needs to be rebuilt with the new cfg file. Would
this loose the efi keys?


# Configuration file for dnsmasq:

# Turn on the debugging
log-dhcp

# Don't function as a DNS server
port=0

# kill multicast
dhcp-option=vendor:PXEClient,6,2b

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
dhcp-range=192.168.0.5,proxy

# Set the boot filename for netboot/PXE. You will only need this if you
want to
# boot machines over the network and you will need the built in TFTP server.

#pxe-prompt="What system shall I netboot?", timeout before first available
action is taken:
pxe-prompt="Press F8 for the Menu.", 5

#Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
pxe-service=x86PC, "Install Fedora Workstation, (BIOS)", bios/pxelinux

#Loads <tftp-root>/uefi/shim.efi from dnsmasq TFTP server.
pxe-service=X86-64_EFI, "Boot From Network, (UEFI)", uefi/grubx64
pxe-service=BC_EFI, "Boot From Network, (UEFI)", uefi/grubx64

# Enable dnsmasq's built-in TFTP server
enable-tftp

# Set the root directory for files available via FTP.
tftp-root=/srv/tftpboot


On Wed, Nov 18, 2015 at 9:54 AM, Michael Kuron <
michael-lists at physcip.uni-stuttgart.de> wrote:

> In proxy mode, you can leave out the dhcp-boot lines. Also, note that some
> hardware incorrectly reports an architecture of 9 (BC_EFI) instead of 7
> (X86-64_EFI), so in general you’ll need to have lines for both in your
> config.
> I assume you’re using my patch from October 31st? The pxe-service line for
> EFI should not have a file extension, .efi is added automatically. Also,
> I’ve never needed dhcp-no-override or dhcp-option in proxy mode.
>
> A Wireshark trace on UDP ports 67, 68, 69 and 4011 is generally the most
> useful thing to help you debug the issue. Check if the server address and
> file name are correctly sent to the client and make sure it requests the
> TFTP download correctly. The log output you sent looks fine.
>
> Michael
>
> On 17.11.2015, at 20:48, Louis Garcia <louisgtwo at gmail.com> wrote:
>
> I have a dns proxy running on F23 and configured for older BIOS pxe and
> all is working. On newer uefi I get a ip assigned and get to the "Press F8
> for the Menu." After that everything quits and returns to the bios. Here is
> some info. If there are more debugging options let me know? I am running
> dnsmasq-2.75 with a patch from Michael Kuron earlier on this list.
>
>
> /etc/dnsmasq.conf
>
> # Configuration file for dnsmasq:
>
> # Turn on the debugging
> log-dhcp
>
> # Don't function as a DNS server
> port=0
>
> # kill multicast
> dhcp-option=vendor:PXEClient,6,2b
>
> # Disable re-use of the DHCP servername and filename fields as extra
> # option space. That's to avoid confusing some old or broken DHCP clients.
> dhcp-no-override
>
> # This range(s) is for the public interface, where dnsmasq functions
> # as a proxy DHCP server providing boot information but no IP leases.
> # Any ip in the subnet will do, so you may just put your server NIC ip
> here.
> dhcp-range=192.168.0.5,proxy
>
> # Set the boot filename for netboot/PXE. You will only need this if you
> want to
> # boot machines over the network and you will need the built in TFTP
> server.
>
> # BIOS PXE clients
> dhcp-boot=pxelinux.0
>
> # UEFI PXE clients
> dhcp-match=set:efi-x86_64,option:client-arch,7
> dhcp-boot=tag:efi-x86_64,uefi/shim.efi
>
> #pxe-prompt="What system shall I netboot?", timeout before first available
> action is taken:
> pxe-prompt="Press F8 for the Menu.", 5
>
> #Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
> pxe-service=x86PC, "Install Fedora Workstation, (BIOS)", pxelinux
>
> #Loads <tftp-root>/uefi/shim.efi from dnsmasq TFTP server.
> pxe-service=X86-64_EFI, "Boot From Network, (UEFI)", uefi/shim.efi
>
> # Enable dnsmasq's built-in TFTP server
> enable-tftp
>
> # Set the root directory for files available via FTP.
> tftp-root=/srv/tftpboot
>
>
> logs:
>
> systemd[1]: Started DNS caching server..
> dnsmasq[1897]: started, version 2.75 DNS disabled
> systemd[1]: Starting DNS caching server....
> dnsmasq[1897]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP
> DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
> dnsmasq-dhcp[1897]: DHCP, proxy on subnet 192.168.0.5
> dnsmasq-tftp[1897]: TFTP root is /srv/tftpboot
> dnsmasq-dhcp[1897]: 1005692705 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 1005692705 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 1005692705 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 1005692705 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 1005692705 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 1005692705 broadcast response
> dnsmasq-dhcp[1897]: 1005692705 sent size:  1 option: 53 message-type  2
> dnsmasq-dhcp[1897]: 1005692705 sent size:  4 option: 54 server-identifier
> 192.168.0.5
> dnsmasq-dhcp[1897]: 1005692705 sent size:  9 option: 60 vendor-class
> 50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 1005692705 sent size: 17 option: 97 client-machine-id
> 00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 1005692705 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 1005692705 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 378552196 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 378552196 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 378552196 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 378552196 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 378552196 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 378552196 sent size:  1 option: 53 message-type  5
> dnsmasq-dhcp[1897]: 378552196 sent size:  4 option: 54 server-identifier
> 192.168.0.5
> dnsmasq-dhcp[1897]: 378552196 sent size:  9 option: 60 vendor-class
> 50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 378552196 sent size: 17 option: 97 client-machine-id
> 00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 378552196 sent size: 38 option: 43 vendor-encap
> 06:01:08:0a:1d:05:50:72:65:73:73:20:46:38...
> dnsmasq-dhcp[1897]: 1005692706 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 1005692706 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 1005692706 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 1005692706 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 1005692706 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 1005692706 broadcast response
> dnsmasq-dhcp[1897]: 1005692706 sent size:  1 option: 53 message-type  2
> dnsmasq-dhcp[1897]: 1005692706 sent size:  4 option: 54 server-identifier
> 192.168.0.5
> dnsmasq-dhcp[1897]: 1005692706 sent size:  9 option: 60 vendor-class
> 50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 1005692706 sent size: 17 option: 97 client-machine-id
> 00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 1005692706 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 1005692706 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 735833248 available DHCP subnet:
> 192.168.0.5/255.255.255.0
> dnsmasq-dhcp[1897]: 735833248 vendor class:
> PXEClient:Arch:00007:UNDI:003016
> dnsmasq-dhcp[1897]: 735833248 PXE(enp0s25) b8:ae:ed:73:6f:9b proxy
> dnsmasq-dhcp[1897]: 735833248 tags: efi-x86_64, enp0s25
> dnsmasq-dhcp[1897]: 735833248 bootfile name: uefi/shim.efi
> dnsmasq-dhcp[1897]: 735833248 sent size:  1 option: 53 message-type  5
> dnsmasq-dhcp[1897]: 735833248 sent size:  4 option: 54 server-identifier
> 192.168.0.5
> dnsmasq-dhcp[1897]: 735833248 sent size:  9 option: 60 vendor-class
> 50:58:45:43:6c:69:65:6e:74
> dnsmasq-dhcp[1897]: 735833248 sent size: 17 option: 97 client-machine-id
> 00:00:3f:65:c8:77:72:e3:11:93:4d:b8:ae:ed...
> dnsmasq-dhcp[1897]: 735833248 sent size: 38 option: 43 vendor-encap
> 06:01:08:0a:1d:05:50:72:65:73:73:20:46:38...
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151118/67eae2e0/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list