Bug #3421
closeddhcpv6 server Netboot/next-server causes dhcpv6 not to start, and reports an error message.
100%
Description
Attempting to get uEFI boots working across ipv6.
I'm attempting to do this with a private ipv6 range (no native connectivity available, not wanting to use broker).
I am using fde1:a880:1e86:2cf8/64 as randomly assigned by some page in the internet
(I see in the draft 2.1 book, you recommend fc00::/7)
(I should also mention, I'm still a ipv6 n00b, however have established HE.net tunnels for others).
On lan interface in dhcpv6 server, I check the box to enable network booting., enter the ip address of my host.
"fde1:a880:1e86:2cf8::12" for reference. pfsense is "fde1:a880:1e86:2cf8::1". and specify my filename "efi/bootmgfw.efi"
for this instance.
and Save.
Dhcp does not respond to requests/RA assigns temporary addresses. Looking at System logs get the following:
"php: /services_dhcpv6.php: The command '/usr/local/sbin/dhcpd 6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid em0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.5-P1 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 20: semicolon expected. next-server fde1: ^ /etc/dhcpdv6.conf line 20: expecting a parameter or declaration next-server fde1:a880:1e86:2cf8::12; ^ Configuration file errors encountered - exiting If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc"
Okay, I know I may need to wrap the address in [] brackets. Click save, pfsense spits out the following header:
"The following input errors were detected:
A valid IPv6 address must be specified for the network boot server."
googling around, I'm not confident next-server is even a valid option for ipv6? it looks like the replacement is:
option boot-file-url "tftp://[fde1:a880:1e86:2cf8::12]/efi/bootmgfw.efi"
for 2.1.1 at the very least, I believe network booting should be removed, since it appears broken (I didn't try manually editing the dhcpv6.conf to add [] brackets around the ip to see if that would be supported), although I'd appreciate if it could be confirmed that option boot-file-url is the correct way to go, and have it implemented. It seems like it would be a minor patch.
P.S. Assuming it's not too late / nor planned. Could a small blurb be added to the 2.1 book regarding setting up ipv6 "private" (fc00::) networks? I followed the suggestions for the HE.net tunnel referencing setting up the Lan Interface / DHCPv6/RA, but even a paragraph stating that is what I should have done, would make me more confident about how I have things setup.
If you're interested in my use case:
I love network booting. It's my thing. I allow pfsense to manage my dhcp, and as such I can't set the client architecture to specify different boot files for different architectures. I've been setting static hosts for each machine I wanted to boot uEFI, but that is error prone. I figured I could (ab)use ipv6 and set the boot file there for uEFI since we aren't using ipv6 for anything else at this time.
Updated by Andrew Stuart almost 11 years ago
I've been fiddling around with this more. Having used ps auxw I found dhcpv6 running as:
"/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid em0"
Killing the process, hand modifying dhcpv6.conf and adding [] to the ip for next-server caused the same error message to appear (with the obvious addition of the []'s in the output).
Adding option dhcp6.bootfile-url alone didn't seem to work (although I am not 100% positive).
Adding:
option dhcp6.bootfile-url code 59 = string; under option domain-search-list code 119 = text;
and
option dhcp6.bootfile-url "tftp://[fde1:a880:1e86:2cf8::12]/efi/memtest5.efi";
to subnet6 fde1:a880:1e86:2cf8::/64 { block
Manually starting dhcpv6 with the command acquired above (restarting from services rewrote the file)
and no errors in output and clients are able to download and correctly execute memtest5.efi
Updated by Andrew Stuart almost 11 years ago
working dhcpv6.conf:
option domain-name "test.lan"; option ldap-server code 95 = text; option domain-search-list code 119 = text; option dhcp6.bootfile-url code 59 = string; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 fde1:a880:1e86:2cf8::/64 { range6 fde1:a880:1e86:2cf8::100 fde1:a880:1e86:2cf8::254; option domain-name "test.lan"; option domain-search "test.lan"; option dhcp6.name-servers fde1:a880:1e86:2cf8::1; option dhcp6.bootfile-url "tftp://[fde1:a880:1e86:2cf8::12]/efi/memtest5.efi"; }
Updated by Chris Buechler almost 11 years ago
FYI if you use
<pre> </pre>
tags around config snippets, log entries, etc. it doesn't try to apply formatting and they come out much more legibly.
Yeah someone just s/dhcp/dhcpv6/ on that bit, which is not directly applicable on v6.
Looks like everything under "network booting" should be replaced with a single text box for Bootfile URL, with input validation as a URI, for dhcp6.bootfile-url
Updated by Andrew Stuart almost 11 years ago
Agreed, I think the following was also required to make it work, as seen in the above dhcpv6.conf
option dhcp6.bootfile-url code 59 = string;
Also thanks, I was looking for a code block of some sorts, I didn't even think to try pre.
Updated by Renato Botelho almost 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset bd942860594ecf3383ac39eb203ce3c73d4c59d2.
Updated by Renato Botelho almost 11 years ago
Applied in changeset 838e1f6342b42c52e21d11942e35561c25194c1d.
Updated by Andrew Stuart almost 11 years ago
I concur. Sorry for the delay, the router in question I needed this on is a production router. I had to build up a a different machine to test this on. For some reason my test rig's dhcpdv6 keeps core dumping.
While testing this just now, I noticed that the same problem exists with Static Mappings on dhcpv6.
There is a field "Netboot filename" that when filled in causes dhcpv6 to die with a similar error message as above.
Updated by Andrew Stuart almost 11 years ago
disregard my comment about Static Mappings. I have yet to verify they work, or if filename is supported in dhcpv6. I opened a feature request [[https://redmine.pfsense.org/issues/3507]] for the actual issue experienced.