LTSP on Vlans Pfsense
-
Hello!
How are you?We have a LTSP server working well in Lan. The LTSP is in the same subnet network. Ok!
But, when we trying reflect or pass to some Vlan, the client LTSP ca not find the boot ltsp image boot on the server side.
For example: LTSP is on 10.1.1.x lan, and all clients ltsp up in this subnet, works nice and well. When trying put server LTSP on Vlan: 10.10.202.x can not find the boot image ltsp server.
Follow the screenshot
Other question: Do We need insert the ip address LTSP server and file path from image boot ltsp server?
We are trying many time to do work,, nothing configuration works or client ltsp can boot up.
On the other hand, maybe is necessary to do specific ipxe configuration (that no knowledge to do it)
Thank you for attention and help
Douglas
-
https://ltsp.org ?
-
-
@doguibnu my guess is you you prob need to look here
https://ltsp.org/guides/isc-dhcp-server/
This talks about setting it up when you use a different dhcp server.
-
@doguibnu You'd probably be better off asking the question over in their chat room.
-
@johnpoz
yes!at the chatroom ltsp ask me to follow the same link hehehe
thank you!
need to do works well. -
The clients are still in the LAN subnet though I assume?
What net-boot options are you passing to them in the LAN DHCP server settings? They will need to be passed the IP address of the boot server there.
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
The clients are still in the LAN subnet though I assume?
The LTSP server is on the lan (10.1.1.x) it has the IP 10.1.1.11
So the clients that need access from lan, works nice and well.Others ltsp clients need access from our vlan for example: 10.10.201.x
At this point that I would like to know what or how to configure on vlan to access the LTSP server boot image (10.1.1.11)
Inside vlan, I did put ltsp server IP but, it is not works. The client ltsp on vlan does not find the (server and file name server boot - this message is show in ltsp client boot from vlan)
What net-boot options are you passing to them in the LAN DHCP server settings? They will need to be passed the IP address of the boot server there.
Steve
Thank you
Douglas
-
@doguibnu said in LTSP on Vlans Pfsense:
When trying put server LTSP on Vlan: 10.10.202.x can not find the boot image ltsp server.
So not that? It's actually the clients that are on the VLAN and the server remains on LAN?
What options are you actually passing the clients via DHCP?
What error do you see when they try to boot?
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
@doguibnu said in LTSP on Vlans Pfsense:
When trying put server LTSP on Vlan: 10.10.202.x can not find the boot image ltsp server.
Hello Steve!
So not that? It's actually the clients that are on the VLAN and the server remains on LAN?
Yes, the clients are on vlans (10.10.202.x) and ltsp server on Lan (10.1.1.x)
What options are you actually passing the clients via DHCP?
So! follow the ltsp documentation here am using the command:
ltsp dnsmasq --proxy-dhcp=0
because pfsense side, is enable dhcp and only on NIC. I try insert at vlan, the IP address LTSP server that is lan side (10.1.1.x)
But, trying to client do the boot its can not find file name serer boot system.I did try n times configurations to pass to works well. But , nothing works!
Thank you
What error do you see when they try to boot?
Steve
-
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
What errors do you see on the clients when they try to boot?
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
At the screen I did try insert the value on TFTP: IP Ltsp server.
Select Enable Network Booting
Next server: Ltsp IP server too.
it does not work
What errors do you see on the clients when they try to boot?
The boot client ltsp try to find the system ltsp boot system. Can not find and give me the error: The system can not find filename boot.
I will try to get mobile cell phone picture and post the screen here.
Thanks help
Steve
-
Sorry, can not still get picture from ltsp client screen!
thanks@stephenw10 said in LTSP on Vlans Pfsense:
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
What errors do you see on the clients when they try to boot?
Steve
-
stephenw10 Netgate Administratorlast edited by stephenw10 Sep 23, 2022, 12:14 PM Sep 23, 2022, 12:13 PM
As long as the DHCP server is passing the address of the TFTP server to the client and other valid IP data I expect this to work. You do need firewall rules to allow that traffic of course.
TFTP generally doesn't work through NAT. If, for some reason, you're doing that you would need to enable the TFTP proxy:
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#tftp-proxyTry just testing directly using a client on the VLAN to pull a file via TFTP from the server.
Steve
-
Hello!
How are you?Can you explain or show us an example about what firewall rules we need to use?
Try just testing directly using a client on the VLAN to pull a file via TFTP from the server.
I will try this!
Very long time trying to do this work well but nothing. do not "conversation" betweeen vlans and LTSP and pFsense Tftp server.
So hard -
I would expect you to need at least UDP port 69 allowed from the VLAN to the LAN and probably any UDP traffic back the other way because the reply is on a random high port. For example:
OPT1 udp 172.21.16.8:35583 -> 192.168.126.11:69 SINGLE:NO_TRAFFIC 1 / 0 48 B / 0 B OPT1 udp 192.168.126.11:32770 -> 172.21.16.8:35583 SINGLE:MULTIPLE 1 / 1 46 B / 32 BThat is my client at 172.21.16.8 fetching a file from the server at 192.168.126.11.
If you enable the tftp proxy server though that takes care of the reply rules for you so you only need to allow udp from the client to the server on port 69.
As I showed above though it will work between subnets without the proxy if there is no NAT.
To test that I used the tftpd server package for pfSense running on a separate pfSense instance in the OPT1 subnet. Then connected to it from a Linux client on LAN:
steve@steve-NUC9i9QNX:~$ tftp tftp> connect 192.168.126.11 tftp> get test.txt Received 14 bytes in 0.0 secondsSteve
-
Hello Steve!
I can not understand how to enable proxy tftp? Where is this option in pfense.
I would you like show you some screens from my pfsense and to see if stay more clear to do the right configuration.
This is the Vlan:
Vlan configuration:
You can see all ports are enable to receive connections:
TFTP-server enable:
dhcp-server enable at this vlan:
And here, the IP from LTSP server. The configuration LTSP server side is disable dhcp server inside the ltsp network configuration because the vlan has enable dhcp-server:
So, after this, I did try to do the client ltsp find the ltsp server to boot. But can not find the filename image (this is the message from client ltsp boot sequence.
Thank you for help and attention
Douglas
-
The rules on LAN allow the LTSP server to reply?
You don't need the proxy if there is no NAT between the subnets but it is configured from System > Advanced > Firewall&NAT.
I only used the TFTP server in pfSense to test with. You don't need that, the LTSP server is the TFTP server.
However you absolutely do need the boot file name in the DHCP config. There is no way it can work without that. The client needs that to be passed to it so it knows what to boot.
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
The rules on LAN allow the LTSP server to reply?
Yes, it is
You don't need the proxy if there is no NAT between the subnets but it is configured from System > Advanced > Firewall&NAT.
So, now I went to this menu and enable TFTP proxy for Lan!
I only used the TFTP server in pfSense to test with. You don't need that, the LTSP server is the TFTP server.
However you absolutely do need the boot file name in the DHCP config. There is no way it can work without that. The client needs that to be passed to it so it knows what to boot.
According Ltsp site project: It is not only one name, it is 3 names, separated. So, how to indicate the right way?
# This is the LTSP subnet declaration subnet 192.168.67.0 netmask 255.255.255.0 { range 192.168.67.20 192.168.67.250; option ipxe.no-pxedhcp 1; option routers 192.168.67.1; # On single-NIC setups, usually routers != next-server (=TFTP server) # option next-server 192.168.67.1 if exists ipxe.menu { filename "ltsp/ltsp.ipxe"; } elsif option arch = 00:00 { filename "ltsp/undionly.kpxe"; } elsif option arch = 00:07 { filename "ltsp/snponly.efi"; } elsif option arch = 00:09 { filename "ltsp/snponly.efi"; } else { filename "ltsp/unmatched-client"; } }Thank you
Douglas
Steve
-
Those are just for different machine types. And only if
ipxe.menuis not present.
What are your clients?
That should be in the LTSP docs though.Steve