LTSP on Vlans Pfsense
-
@doguibnu said in LTSP on Vlans Pfsense:
When trying put server LTSP on Vlan: 10.10.202.x can not find the boot image ltsp server.
So not that? It's actually the clients that are on the VLAN and the server remains on LAN?
What options are you actually passing the clients via DHCP?
What error do you see when they try to boot?
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
@doguibnu said in LTSP on Vlans Pfsense:
When trying put server LTSP on Vlan: 10.10.202.x can not find the boot image ltsp server.
Hello Steve!
So not that? It's actually the clients that are on the VLAN and the server remains on LAN?
Yes, the clients are on vlans (10.10.202.x) and ltsp server on Lan (10.1.1.x)
What options are you actually passing the clients via DHCP?
So! follow the ltsp documentation here am using the command:
ltsp dnsmasq --proxy-dhcp=0
because pfsense side, is enable dhcp and only on NIC. I try insert at vlan, the IP address LTSP server that is lan side (10.1.1.x)
But, trying to client do the boot its can not find file name serer boot system.I did try n times configurations to pass to works well. But , nothing works!
Thank you
What error do you see when they try to boot?
Steve
-
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
What errors do you see on the clients when they try to boot?
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
At the screen I did try insert the value on TFTP: IP Ltsp server.
Select Enable Network Booting
Next server: Ltsp IP server too.
it does not work
What errors do you see on the clients when they try to boot?
The boot client ltsp try to find the system ltsp boot system. Can not find and give me the error: The system can not find filename boot.
I will try to get mobile cell phone picture and post the screen here.
Thanks help
Steve
-
Sorry, can not still get picture from ltsp client screen!
thanks@stephenw10 said in LTSP on Vlans Pfsense:
There's nothing listed for DHCP options there. So what DHCP values are you passing the clients on the VLAN from the pfSense DHCP server?
What errors do you see on the clients when they try to boot?
Steve
-
As long as the DHCP server is passing the address of the TFTP server to the client and other valid IP data I expect this to work. You do need firewall rules to allow that traffic of course.
TFTP generally doesn't work through NAT. If, for some reason, you're doing that you would need to enable the TFTP proxy:
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#tftp-proxyTry just testing directly using a client on the VLAN to pull a file via TFTP from the server.
Steve
-
Hello!
How are you?Can you explain or show us an example about what firewall rules we need to use?
Try just testing directly using a client on the VLAN to pull a file via TFTP from the server.
I will try this!
Very long time trying to do this work well but nothing. do not "conversation" betweeen vlans and LTSP and pFsense Tftp server.
So hard -
I would expect you to need at least UDP port 69 allowed from the VLAN to the LAN and probably any UDP traffic back the other way because the reply is on a random high port. For example:
OPT1 udp 172.21.16.8:35583 -> 192.168.126.11:69 SINGLE:NO_TRAFFIC 1 / 0 48 B / 0 B OPT1 udp 192.168.126.11:32770 -> 172.21.16.8:35583 SINGLE:MULTIPLE 1 / 1 46 B / 32 BThat is my client at 172.21.16.8 fetching a file from the server at 192.168.126.11.
If you enable the tftp proxy server though that takes care of the reply rules for you so you only need to allow udp from the client to the server on port 69.
As I showed above though it will work between subnets without the proxy if there is no NAT.
To test that I used the tftpd server package for pfSense running on a separate pfSense instance in the OPT1 subnet. Then connected to it from a Linux client on LAN:
steve@steve-NUC9i9QNX:~$ tftp tftp> connect 192.168.126.11 tftp> get test.txt Received 14 bytes in 0.0 secondsSteve
-
Hello Steve!
I can not understand how to enable proxy tftp? Where is this option in pfense.
I would you like show you some screens from my pfsense and to see if stay more clear to do the right configuration.
This is the Vlan:
Vlan configuration:
You can see all ports are enable to receive connections:
TFTP-server enable:
dhcp-server enable at this vlan:
And here, the IP from LTSP server. The configuration LTSP server side is disable dhcp server inside the ltsp network configuration because the vlan has enable dhcp-server:
So, after this, I did try to do the client ltsp find the ltsp server to boot. But can not find the filename image (this is the message from client ltsp boot sequence.
Thank you for help and attention
Douglas
-
The rules on LAN allow the LTSP server to reply?
You don't need the proxy if there is no NAT between the subnets but it is configured from System > Advanced > Firewall&NAT.
I only used the TFTP server in pfSense to test with. You don't need that, the LTSP server is the TFTP server.
However you absolutely do need the boot file name in the DHCP config. There is no way it can work without that. The client needs that to be passed to it so it knows what to boot.
Steve
-
@stephenw10 said in LTSP on Vlans Pfsense:
The rules on LAN allow the LTSP server to reply?
Yes, it is
You don't need the proxy if there is no NAT between the subnets but it is configured from System > Advanced > Firewall&NAT.
So, now I went to this menu and enable TFTP proxy for Lan!
I only used the TFTP server in pfSense to test with. You don't need that, the LTSP server is the TFTP server.
However you absolutely do need the boot file name in the DHCP config. There is no way it can work without that. The client needs that to be passed to it so it knows what to boot.
According Ltsp site project: It is not only one name, it is 3 names, separated. So, how to indicate the right way?
# This is the LTSP subnet declaration subnet 192.168.67.0 netmask 255.255.255.0 { range 192.168.67.20 192.168.67.250; option ipxe.no-pxedhcp 1; option routers 192.168.67.1; # On single-NIC setups, usually routers != next-server (=TFTP server) # option next-server 192.168.67.1 if exists ipxe.menu { filename "ltsp/ltsp.ipxe"; } elsif option arch = 00:00 { filename "ltsp/undionly.kpxe"; } elsif option arch = 00:07 { filename "ltsp/snponly.efi"; } elsif option arch = 00:09 { filename "ltsp/snponly.efi"; } else { filename "ltsp/unmatched-client"; } }Thank you
Douglas
Steve
-
Those are just for different machine types. And only if
ipxe.menuis not present.
What are your clients?
That should be in the LTSP docs though.Steve
-
Hello! @stephenw10
How are you?So, I would you like to show you more screenshots.
I Believe that we will win this way network hehehe. Still not works, but there are different results.Please, see these screen
And here, the client LTSP screenshot. Now appear it seeing the server and try run the image server. But, there is some wrong thing:
This client has old NIC onboard!
Thanks Steve!
Douglas
-
Ok, so that's mostly working. It is getting the values via DHCP, initiating the PXE boot and is correctly fetching the boot file from the tftp server.
What appears to be wrong is that it's trying to boot the wrong file. Though there is no actual error shown there, I'm just assuming it doesn't boot further than that.Steve
-
On the lan pfsense the project works great, but with Vlan, not!
- First question is why there is another DHCP set up on the server?
In normal you will be setting up it in the following order:
- Setting up the VLANs and a IP range inside of the VLANs
- pfSesen is routing then the entire VLAN traffic and this also inside one and between all the other VLANs (firewall rules)
- pfSense is routing the entire WAN traffic and the LAN switch it self is routing between the VLANs (Switch ACLs)
If so, the vlans owns their own DHCP range and ip net
each for it self. So why the Server is also offering via DHCP? -
Hello @Dobby_
@dobby_ said in LTSP on Vlans Pfsense:
On the lan pfsense the project works great, but with Vlan, not!
- First question is why there is another DHCP set up on the server? The configuration is:
ltsp dnsmasq --proxy-dhcp=0that means the ltsp server is not set up dhcp server
So no, there is not another DHCP set up on the LTSP server,
The last try we have this screenshot:
Pfsense :
And Ltsp Client:
But, after try the boot process, the client boot alone and can not up server image.
Lets go!
Thank you!
In normal you will be setting up it in the following order:
- Setting up the VLANs and a IP range inside of the VLANs
- pfSesen is routing then the entire VLAN traffic and this also inside one and between all the other VLANs (firewall rules)
- pfSense is routing the entire WAN traffic and the LAN switch it self is routing between the VLANs (Switch ACLs)
If so, the vlans owns their own DHCP range and ip net
each for it self. So why the Server is also offering via DHCP? -
Is that the last thing you see?
It's pulling the ipxe file and booting it correcetly. Usually ipex will then try to boot something else.
-
Hello!
@stephenw10 said in LTSP on Vlans Pfsense:
Is that the last thing you see?
Yes, after this, the client reboot alone.
It's pulling the ipxe file and booting it correcetly. Usually ipex will then try to boot something else.
so! I am lost. I am trying to works well a long time. I can not find the right way to fix the issue.
Thanks -
I would guess that ipxe is trying to boot something else and failing to find it. You can see it's trying to reach https://ipxe.org/28086011 but what it expects to find there is unclear.
Maybe it needs some additional dhcp parameters to know what to do next. -
@stephenw10 said in LTSP on Vlans Pfsense:
I would guess that ipxe is trying to boot something else and failing to find it. You can see it's trying to reach https://ipxe.org/28086011 but what it expects to find there is unclear.
https://ipxe.org/28086011this is an issue ipxe after "googling" about, but still not clear for me where go to fix this.
Maybe it needs some additional dhcp parameters to know what to do next.
So, I am trying follow isc dhcp
My ltsp server on proxmox, so add one more NIC to try boot up as the site tell about. But, still not fix it!
