dnsmasq

dnsmasq has gained popularity in recent years. It can easily be configured to support iPXE.

DHCP proxy

If you can't modify your existing dhcp then a proxy is the way to go. It uses option 43 to display a menu and UDP port 4011 for the PXE configuration, while the IP and other information is given by your default DHCP server.

To use PXE chainloading, we will configure dnsmasq to give out undionly.kpxe or snponly.efi to legacy PXE clients, and then hand out the “real” boot configuration only to iPXE clients using tags. iPXE feature options will be used to verify that it has all features that we want, see dhcp page for all iPXE-specific options.

Things to modify:

  • 10.1.1.0 - your subnet
  • eth0 - interface to listen on, or switch to bind-dynamic
  • 10.1.1.2 - your tftp server ip
  • http://boot.ipxe.org/demo/boot.php - script to run once inside iPXE
# Known working dnsmasq version 2.85 config for iPXE proxydhcp usage
# Debug logging
log-debug

# Disable DNS server
port=0

# send disable multicast and broadcast discovery, and to download the boot file immediately
# DHCP_PXE_DISCOVERY_CONTROL, should be vendor option? Needs more understanding and source
dhcp-option=vendor:PXEClient,6,2b

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
dhcp-range=10.1.1.0,proxy

interface=eth0
# bind-dynamic - remove interface and use this instead to listen everywhere?
# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

#dhcp-match=set:<tag>,<option number>|option:<option name>|vi-encap:<enterprise>[,<value>]
#dhcp-boot=[tag:<tag>,]<filename>,[<servername>[,<server address>|<tftp_servername>]]

# Based on logic in https://gist.github.com/robinsmidsrod/4008017
# iPXE sends a 175 option, checking suboptions
dhcp-match=set:ipxe-http,175,19
dhcp-match=set:ipxe-https,175,20
dhcp-match=set:ipxe-menu,175,39
# pcbios specific
dhcp-match=set:ipxe-pxe,175,33
dhcp-match=set:ipxe-bzimage,175,24
dhcp-match=set:ipxe-iscsi,175,17
# efi specific
dhcp-match=set:ipxe-efi,175,36
# combination
# set ipxe-ok tag if we have correct combination
# http && menu && iscsi ((pxe && bzimage) || efi)
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi

#pxe-service=[tag:<tag>,]<CSA>,<menu text>[,<basename>|<bootservicetype>][,<server address>|<server_name>]
#pxe-prompt=[tag:<tag>,]<prompt>[,<timeout>]
# these create option 43 cruft, which is required in proxy mode
# TFTP IP is required on all dhcp-boot lines (unless dnsmasq itself acts as tftp server?)
pxe-service=tag:!ipxe-ok,X86PC,PXE,undionly.kpxe,10.1.1.2
pxe-service=tag:!ipxe-ok,IA32_EFI,PXE,snponlyx32.efi,10.1.1.2
pxe-service=tag:!ipxe-ok,BC_EFI,PXE,snponly.efi,10.1.1.2
pxe-service=tag:!ipxe-ok,X86-64_EFI,PXE,snponly.efi,10.1.1.2

# later match overrides previous, keep ipxe script last
# server address must be non zero, but can be anything as long as iPXE script is not fetched over TFTP
dhcp-boot=tag:ipxe-ok,http://boot.ipxe.org/demo/boot.php,,0.0.0.1

# To use internal TFTP server enabled these, recommended is otherwise atftp
#enable-tftp
#tftp-root=/tftproot/

This configuration is based on this gist

appnote/proxydhcp.txt · Last modified: 2021/08/05 20:53 by nikize
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL https://ipxe.org
References to "iPXE" may not be altered or removed.