• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Kea DHCP UEFI PXE boot sends wrong boot file

Scheduled Pinned Locked Moved DHCP and DNS
14 Posts 7 Posters 5.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TheNetStriker
    last edited by TheNetStriker Nov 23, 2023, 11:50 AM Nov 23, 2023, 11:33 AM

    I'm using netboot.xyz for network booting and I just switched to Kea DHCP. After the migration I noticed that network booting from UEFI bios does not work anymore, but legacy bios boot still does work.

    Here are the configuration values I set in pfSense:

    TFTP Server: IP of my netboot server
    Next Server: IP of my netboot server
    Default BIOS File Name: netboot.xyz.kpxe
    UEFI 32 bit File Name: netboot.xyz.efi
    UEFI 64 bit File Name: netboot.xyz.efi
    ARM 64 bit File Name: netboot.xyz-arm64.efi

    For some reason the Kea DHCP server always offers the default netboot.xyz.kpxe file to UEFI machines. I checked the DHCP packages and the UEFI bios sets the DHCP option 93 correctly to 0x0007, but receives the legacy bios image.

    Also if I set Default BIOS File Name to netboot.xyz.efi UEFI booting works, but this again breaks booting in legacy bios.

    Here are the logs from Kea DHCP:

    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcp4.0x3e2f2f5b9300] EVAL_RESULT Expression ipxe_64_lan_pool_0 evaluated to 1
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcp4.0x3e2f2f5b9300] EVAL_RESULT Expression ipxe_legacy_lan_pool_0 evaluated to 1
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcp4.0x3e2f2f5b9300] EVAL_RESULT Expression ipxe_64_lan evaluated to 1
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcp4.0x3e2f2f5b9300] EVAL_RESULT Expression ipxe_legacy_lan evaluated to 1
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.leases.0x3e2f2f5b9300] DHCP4_LEASE_ALLOC [hwtype=1 46:15:16:cd:59:84], cid=[no info], tid=0xaccc68dd: lease 172.17.128.2 has been allocated for 86400 seconds
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcpsrv.0x3e2f2f5b9300] EVAL_RESULT Expression pool_opt1_0 evaluated to 1
    Nov 23 12:23:55	kea-dhcp4	14098	INFO [kea-dhcp4.dhcpsrv.0x3e2f2f5b9300] EVAL_RESULT Expression pool_lan_0 evaluated to 1
    

    It seems that the ipxe_legacy_lan and ipxe_legacy_lan_pool_0 class is evaluated before the ipxe_64_lan and ipxe_64_lan_pool_0 class. And as far as I could see in the Kea configuration the legacy classes need the other classes to run first to get the correct tags.

    Here is the kea-dhcp4.conf file. (I just removed the reservations)

    {
        "Dhcp4": {
            "interfaces-config": {
                "interfaces": [
                    "mlxen0",
                    "mlxen0.2"
                ]
            },
            "lease-database": {
                "type": "memfile",
                "persist": true,
                "name": "/var/lib/kea/dhcp4.leases"
            },
            "loggers": [
                {
                    "name": "kea-dhcp4",
                    "output_options": [
                        {
                            "output": "syslog"
                        }
                    ],
                    "severity": "INFO"
                }
            ],
            "valid-lifetime": 7200,
            "max-valid-lifetime": 86400,
            "ip-reservations-unique": false,
            "echo-client-id": false,
            "option-data": [
                {
                    "name": "domain-name",
                    "data": "mydomain"
                }
            ],
            "option-def": [
                {
                    "space": "dhcp4",
                    "name": "ldap-server",
                    "code": 95,
                    "type": "string"
                }
            ],
            "hooks-libraries": [
                {
                    "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
                }
            ],
            "control-socket": {
                "socket-type": "unix",
                "socket-name": "/tmp/kea4-ctrl-socket"
            },
            "authoritative": true,
            "client-classes": [
                {
                    "name": "ipxe_32_lan_pool_0",
                    "test": "option[93].hex == 0x0006",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_64_lan_pool_0",
                    "test": "option[93].hex == 0x0007 or option[93].hex == 0x0009",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_64arm_lan_pool_0",
                    "test": "option[93].hex == 0x000b",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz-arm64.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_legacy_lan_pool_0",
                    "test": "not member('ipxe_32_lan_pool_0') and not member('ipxe_64_lan_pool_0') and not member('ipxe_64arm_lan_pool_0')",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.kpxe"
                        }
                    ]
                },
                {
                    "name": "pool_lan_0",
                    "test": "member('ALL')"
                },
                {
                    "name": "ipxe_32_lan",
                    "test": "option[93].hex == 0x0006",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_64_lan",
                    "test": "option[93].hex == 0x0007 or option[93].hex == 0x0009",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_64arm_lan",
                    "test": "option[93].hex == 0x000b",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz-arm64.efi"
                        }
                    ]
                },
                {
                    "name": "ipxe_legacy_lan",
                    "test": "not member('ipxe_32_lan') and not member('ipxe_64_lan') and not member('ipxe_64arm_lan')",
                    "only-if-required": true,
                    "option-data": [
                        {
                            "name": "boot-file-name",
                            "data": "netboot.xyz.kpxe"
                        }
                    ]
                },
                {
                    "name": "pool_opt1_0",
                    "test": "member('ALL')"
                }
            ],
            "subnet4": [
                {
                    "id": 1,
                    "subnet": "172.17.0.0/16",
                    "option-data": [
                        {
                            "name": "domain-name",
                            "data": "mydomain"
                        },
                        {
                            "name": "domain-search",
                            "data": "mydomain"
                        },
                        {
                            "name": "domain-name-servers",
                            "data": "172.17.1.1"
                        },
                        {
                            "name": "routers",
                            "data": "172.17.1.1"
                        },
                        {
                            "name": "netbios-name-servers",
                            "data": "172.17.2.1"
                        },
                        {
                            "name": "netbios-node-type",
                            "data": "8"
                        }
                    ],
                    "pools": [
                        {
                            "pool": "172.17.128.0 - 172.17.128.199",
                            "client-class": "pool_lan_0",
                            "option-data": [
                                {
                                    "name": "domain-name-servers",
                                    "data": "172.17.1.1"
                                },
                                {
                                    "name": "tftp-server-name",
                                    "data": "172.17.2.17"
                                }
                            ],
                            "require-client-classes": [
                                "ipxe_legacy_lan_pool_0",
                                "ipxe_32_lan_pool_0",
                                "ipxe_64_lan_pool_0",
                                "ipxe_64arm_lan_pool_0"
                            ]
                        }
                    ],
                    "valid-lifetime": 86400,
                    "next-server": "172.17.2.17",
                    "require-client-classes": [
                        "ipxe_legacy_lan",
                        "ipxe_32_lan",
                        "ipxe_64_lan",
                        "ipxe_64arm_lan"
                    ],
                    "reservations-in-subnet": true
                },
                {
                    "id": 2,
                    "subnet": "172.20.0.0/16",
                    "option-data": [
                        {
                            "name": "domain-name-servers",
                            "data": "172.20.1.1"
                        },
                        {
                            "name": "routers",
                            "data": "172.20.1.1"
                        }
                    ],
                    "pools": [
                        {
                            "pool": "172.20.128.0 - 172.20.128.255",
                            "client-class": "pool_opt1_0",
                            "option-data": [
                                {
                                    "name": "domain-name-servers",
                                    "data": "172.20.1.1"
                                }
                            ]
                        }
                    ],
                    "valid-lifetime": 86400,
                    "reservations-in-subnet": true
                }
            ]
    }
    

    Any idea what could cause this problem?

    M 1 Reply Last reply Nov 24, 2023, 7:27 AM Reply Quote 0
    • M
      Misterb @TheNetStriker
      last edited by Nov 24, 2023, 7:27 AM

      @TheNetStriker said in Kea DHCP UEFI PXE boot sends wrong boot file:

      I checked the DHCP packages and the UEFI bios sets the DHCP option 93 correctly to 0x0007, but receives the legacy bios image.

      My understanding is that KEA does not yet support DHCP options.

      T 1 Reply Last reply Nov 24, 2023, 11:40 AM Reply Quote 1
      • T
        TheNetStriker @Misterb
        last edited by Nov 24, 2023, 11:40 AM

        @Misterb said in Kea DHCP UEFI PXE boot sends wrong boot file:

        @TheNetStriker said in Kea DHCP UEFI PXE boot sends wrong boot file:

        I checked the DHCP packages and the UEFI bios sets the DHCP option 93 correctly to 0x0007, but receives the legacy bios image.

        My understanding is that KEA does not yet support DHCP options.

        What exactly do you mean with DHCP options? Regading the logs the client classes are working as expected. When I start a computer with legacy bios the ipxe_64_lan and ipxe_64_lan_pool_0 are evaluated to 0, so this seem to work correctly. But the order in which those classes are evaluated seem to be reversed. As far as I understand the ipxe_legacy_lan and ipxe_legacy_lan_pool_0 should be evaluated after the other classes.

        M 1 Reply Last reply Nov 24, 2023, 12:10 PM Reply Quote 0
        • M
          Misterb @TheNetStriker
          last edited by Nov 24, 2023, 12:10 PM

          @TheNetStriker said in Kea DHCP UEFI PXE boot sends wrong boot file:

          What exactly do you mean with DHCP options?

          The following excerpt is taken from a Netgate blog post about KEA:

          Basic functionality is present in version 23.09, but the Kea implementation lacks the following DHCP server features:

          Local DNS Resolver/Forwarder Registration for static and dynamic DHCP clients
          Remote DNS server registration
          DHCPv6 Prefix Delegation
          High Availability Failover
          Lease statistics/graphs
          Custom DHCP options
          

          So I assume that UEFI setting the DHCP option 93 will be ignored by KEA.

          T 1 Reply Last reply Nov 24, 2023, 1:23 PM Reply Quote 0
          • T
            TheNetStriker @Misterb
            last edited by Nov 24, 2023, 1:23 PM

            @Misterb I guess just found what is causing this problem. The order of the client-classes are correct, but the order of the require-client-classes is wrong. I just put the ipxe_legacy... class in both require-client-classes arrays to the bottom and restarted the DHCP service and now booting works for legacy and uefi bios.

            I would have found this sooner, but for some reason the DHCP restart button in pfSense does not work. I had to restart the service over the command line.

            I will take a look at the config generator for this config file. Maybe I can fix the problem myself and upload a pull request on GitHub to fix this.

            B 1 Reply Last reply Jan 23, 2024, 3:29 PM Reply Quote 0
            • T
              TheNetStriker
              last edited by Nov 24, 2023, 2:37 PM

              I think I found the problem. In the services.inc file is an array_unshift command for the legacy classes which puts the legacy class at the top of the array. I just changed this to add the class to the end of the array and now booting from legacy and uefi works!

              I also created a patch file for the services.inc file:

              --- /etc/inc/services.inc.save	2023-11-24 15:19:26.797541000 +0100
              +++ /etc/inc/services.inc	2023-11-24 15:24:17.000000000 +0100
              @@ -1548,7 +1548,7 @@
               					if (!is_array($keapool['require-client-classes'])) {
               						$keapool['require-client-classes'] = [];
               					}
              -					array_unshift($keapool['require-client-classes'], $name);
              +					$keapool['require-client-classes'][] = $name;
               				}
               
               				if (!empty($poolconf['rootpath'])) {
              @@ -1719,7 +1719,7 @@
               				if (!is_array($keasubnet['require-client-classes'])) {
               					$keasubnet['require-client-classes'] = [];
               				}
              -				array_unshift($keasubnet['require-client-classes'], $name);
              +				$keasubnet['require-client-classes'][] = $name;
               			}
               
               			if (!empty($dhcpifconf['rootpath'])) {
              

              Just add this to the system patches and set the "Path Strip Count" to 0.

              Can we somehow get a pfSense developer to take a look at this if this is the correct solution?

              S 1 Reply Last reply Nov 24, 2023, 9:00 PM Reply Quote 1
              • S
                SteveITS Galactic Empire @TheNetStriker
                last edited by Nov 24, 2023, 9:00 PM

                @TheNetStriker you can open a Redmine.pfsense.org issue.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                T 1 Reply Last reply Nov 25, 2023, 3:15 PM Reply Quote 0
                • T
                  TheNetStriker @SteveITS
                  last edited by TheNetStriker Nov 25, 2023, 3:16 PM Nov 25, 2023, 3:15 PM

                  @SteveITS I just created a bug report:
                  https://redmine.pfsense.org/issues/15032

                  C 1 Reply Last reply Jun 6, 2024, 6:16 AM Reply Quote 1
                  • nockdownN
                    nockdown
                    last edited by Dec 18, 2023, 11:54 AM

                    We also have a problem with network boot and Kea DHCP server. We use Fog Project as our network boot server.

                    Setting in pfSense that works with ISC DHCP:

                    TFTP Server: IP of my netboot server (Fog Project)
                    Enable Network Booting: yes
                    Next Server: IP of my netboot server (Fog Project)
                    Default BIOS File Name: ipxe.kpxe
                    UEFI 32 bit File Name: i386-efi/snponly.efi
                    UEFI 64 bit File Name: snponly.efi
                    Root Path: /tftpboot

                    But if we change DHCP Server Backend to Kea DHCP, clients receive such error:

                    NBP filename is ipxe.kpxeÿ
                    NBP filesize is 0 Bytes
                    PXE-E23: Client received TFTP error from server.
                    kea_fog2.jpeg
                    As you can see client receive wrong Default BIOS File Name from Kea DHCP Server.

                    T 1 Reply Last reply Dec 18, 2023, 12:16 PM Reply Quote 0
                    • T
                      TheNetStriker @nockdown
                      last edited by Dec 18, 2023, 12:16 PM

                      @nockdown Have you tried to apply the patch I posted under System -- Patches? This should fix the problem with the wrong pxe file until this is fixed by Netgate.

                      1 Reply Last reply Reply Quote 0
                      • B
                        bctit @TheNetStriker
                        last edited by Jan 23, 2024, 3:29 PM

                        @TheNetStriker We are having the exact same problem. I've not been able to prove the solution still as I'm finding that my edits to /usr/local/etc/kea/kea-dhcp4.conf to move the legacy to the bottom of each of the arrays are reverted when the DHCP service restarts. Am I missing something?

                        Thanks!
                        Tony

                        B 1 Reply Last reply Jan 23, 2024, 4:23 PM Reply Quote 0
                        • B
                          bctit @bctit
                          last edited by Jan 23, 2024, 4:23 PM

                          I've now realised that services.inc creates the conf file. I've edited services.inc and can now see that legacy is the lowest priority and the problem seems to be solved.

                          Thanks!

                          1 Reply Last reply Reply Quote 0
                          • M
                            Max 1
                            last edited by Max 1 May 16, 2024, 5:59 AM May 16, 2024, 5:57 AM

                            I dont want to create more like this theme, i'm asking here
                            pfsense
                            Current Base System2.7.2
                            Latest Base System2.7.2
                            Kea DHCP
                            legacy BIOS

                            ~~May 16 10:48:41	kea-dhcp4	1713	INFO [kea-dhcp4.dhcpsrv.0x5b893e15f00] EVAL_RESULT Expression pool_lan_0 evaluated to 1
                            May 16 10:48:41	kea-dhcp4	1713	INFO [kea-dhcp4.leases.0x5b893e15f00] DHCP4_LEASE_ADVERT [hwtype=1 00:21:97:93:09:13], cid=[no info], tid=0x98930913: lease 192.168.110.3 will be advertised
                            May 16 10:48:41	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] EVAL_RESULT Expression ipxe_legacy_lan evaluated to 1
                            May 16 10:48:41	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] EVAL_RESULT Expression ipxe_legacy_lan_pool_0 evaluated to 1
                            May 16 10:48:43	kea-dhcp4	1713	INFO [kea-dhcp4.dhcpsrv.0x5b893e15f00] EVAL_RESULT Expression pool_lan_0 evaluated to 1
                            May 16 10:48:43	kea-dhcp4	1713	INFO [kea-dhcp4.leases.0x5b893e15f00] DHCP4_LEASE_ALLOC [hwtype=1 00:21:97:93:09:13], cid=[no info], tid=0x98930913: lease 192.168.110.3 has been allocated for 7200 seconds
                            May 16 10:48:43	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] EVAL_RESULT Expression ipxe_legacy_lan evaluated to 1
                            May 16 10:48:43	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] EVAL_RESULT Expression ipxe_legacy_lan_pool_0 evaluated to 1
                            May 16 10:48:47	kea-dhcp4	1713	INFO [kea-dhcp4.dhcpsrv.0x5b893e15f00] EVAL_RESULT Expression pool_lan_0 evaluated to 1
                            May 16 10:48:47	kea-dhcp4	1713	INFO [kea-dhcp4.leases.0x5b893e15f00] DHCP4_LEASE_ADVERT [hwtype=1 00:21:97:93:09:13], cid=[no info], tid=0x98930913: lease 192.168.110.3 will be advertised
                            May 16 10:48:47	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] **EVAL_RESULT Expression ipxe_legacy_lan evaluated to 1**
                            May 16 10:48:47	kea-dhcp4	1713	INFO [kea-dhcp4.dhcp4.0x5b893e15f00] **EVAL_RESULT Expression ipxe_legacy_lan_pool_0 evaluated to 1**~~
                            
                            1 Reply Last reply Reply Quote 0
                            • C
                              CZvacko @TheNetStriker
                              last edited by Jun 6, 2024, 6:16 AM

                              @TheNetStriker Your patch resolved order, so UEFI client can get .efi boot file.
                              I edited services.inc file (by Diagnostics / Edit File) and changed mentioned lines.
                              But similar as @nockdown now my UEFI client receive boot file with addtional ÿ.
                              Not sure if I should do anything related to "Path Strip Count" ? And how to do it...

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received