Jump to content











Photo

Bug Reports, Requests, HowTo's about Tiny PXE Server

pxe network boot

  • Please log in to reply
909 replies to this topic

#851 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 08 January 2020 - 08:56 AM

hi,  just found another useful feature: [map] section.

to pxe boot some debian live CD
there's always a huge file filesystem.squashfs,
and, for some unknown strange reason, after mounting the ISO in win10,
I can only see a file named FILESYST.SQU, i.e., name in 8.3 format.

sure I can recreate the debian.ISO to make it support long file names,
but if I can map the file FILESYST.SQU to filesystem.squashfs, then I can boot the orignal ISO without any modification.

I found that the file name mapping only works in TFTP,
and using TFTP and mapping, I can boot to my debian live CD.
but the true power of ipxe is fast speed in HTTP.

can you guide me to make name mapping work in HTTP downloading?


 

 

 

lgs9PA.png

 

Sounds like a reasonable request : have the map feature work for both tftp and http.

I will review my code and see what I can do.



#852 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 08 January 2020 - 08:56 AM

 

You don't need the whole ISO - just three files are enough: vmlinuz, initrd.img, filesystem.squashfs to run Debian using the NFS file system. Download this NFS server for Windows, copy to the TPS root directory and setup this way:
attachicon.gifnfs_settings.png
 
config.ini

Spoiler

freenfs_off.bat:

taskkill /IM FreeNFS.exe /F

Copy files vmlinuz and initrd.img to: C:\PXE\images\debian9
Copy file filesystem.squashfs to C:\PXE\images\debian9\live
 
Boot over PXELINUX:
 
Configure startup in the C:\PXE\pxelinux.cfg\default file:

LABEL live9
MENU LABEL Debian Live 9
kernel images/debian9/vmlinuz
append initrd=images/debian9/initrd.img boot=live config netboot=nfs ip=dhcp nfsroot=/debian9

 
Boot over iPXE by HTTP protocol:
 
Use script debian9.ipxe and undionly.kpxe or snponly.efi in TPS:
attachicon.giftps_settings_ipxe.png

#!ipxe

set url http://${dhcp-server}

initrd ${url}/images/debian9/initrd.img
kernel ${url}/images/debian9/vmlinuz initrd=initrd.img boot=live config netboot=nfs ip=dhcp nfsroot=/debian9
boot

You can also run via iPXE -> PXELINUX from HTTP - use the ipxe script:

# Setup DHCP options for PXELINUX over HTTP
set 209:string pxelinux.cfg/default
set 210:string http://${dhcp-server}/
chain ${210:string}pxelinux.0

Nice quick tutorial.

Thanks for that Reboot12 !



#853 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 08 January 2020 - 09:08 AM

 

You don't need the whole ISO - just three files are enough: vmlinuz, initrd.img, filesystem.squashfs to run Debian using the NFS file system. Download this NFS server for Windows, copy to the TPS root directory and setup this way:

 

hi, I know how to boot with these 3 files. I just don't want to extract files from ISO. just double click and mount. and in windows I don't like nfs things.  if I have a file named filesystem.squashfs, then, why bother using NFS? just using http is faster



#854 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 08 January 2020 - 09:25 AM

Having a server run both a dhcp service AND a proxydhcp service would not make sense as parameters provided by proxydhcp can already be served by dhcp.

 

my thought is that, when there're 2 DHCP servers,
if a client connects to my TPS first, then it got my boot filename , it's ok,
and if a client connects to other DHCP server first, which has not any boot filename provided,
then it continues to check boot filename from my proxydhcp service.

anyway, it's ok. no need to change anything



#855 reboot12

reboot12

    Frequent Member

  • Advanced user
  • 287 posts
  • Interests:WinXP, Debian, OpenWrt, gPXE, iPXE, BIOS, UEFI, Coreboot, MS VirtualPC, VMware
  •  
    Poland

Posted 08 January 2020 - 09:29 AM

why bother using NFS? just using http is faster

I run Debian 7 standard (terminal only) in 40 seconds over a Gigabit Ethernet connection using NFS. The filesystem.squashfs file size is 330MB



#856 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 08 January 2020 - 09:39 AM

I run Debian 7 standard (terminal only) in 40 seconds over a Gigabit Ethernet connection using NFS. The filesystem.squashfs file size is 330MB


great. personally I never used nfs. I know that using nfs make pxeboot very easy, the headache is doing it without nfs.

#857 reboot12

reboot12

    Frequent Member

  • Advanced user
  • 287 posts
  • Interests:WinXP, Debian, OpenWrt, gPXE, iPXE, BIOS, UEFI, Coreboot, MS VirtualPC, VMware
  •  
    Poland

Posted 08 January 2020 - 10:30 AM

after mounting the ISO in win10,
I can only see a file named FILESYST.SQU, i.e., name in 8.3 format.

sure I can recreate the debian.ISO to make it support long file names,

Debian 9 ISO only uses ISO9660. Older versions of Debian ISO also used the Joliet and RockRidge file systems.



#858 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 08 January 2020 - 12:06 PM

hi,  just found another useful feature: [map] section.

to pxe boot some debian live CD
there's always a huge file filesystem.squashfs,
and, for some unknown strange reason, after mounting the ISO in win10,
I can only see a file named FILESYST.SQU, i.e., name in 8.3 format.

sure I can recreate the debian.ISO to make it support long file names,
but if I can map the file FILESYST.SQU to filesystem.squashfs, then I can boot the orignal ISO without any modification.

I found that the file name mapping only works in TFTP,
and using TFTP and mapping, I can boot to my debian live CD.
but the true power of ipxe is fast speed in HTTP.

can you guide me to make name mapping work in HTTP downloading?


 

 

 

lgs9PA.png

 

Latest version now supports the use of MAP for both tftpd and httpd.

 

Below should do the trick for you.

[map]
squ=squashfs

or may be to be safe (i.e not replace any squ by squashfs).

[map]
FILESYST.SQU=FILESYST.SQUASHFS

Remember, MAP is not a rich feature (i.e not regex, etc)/

It only does a new_filename:=StringReplace(old_filename,oldpattern,newpattern,[rfIgnoreCase]); 

 

Side note, if you have the iso in your folder, you just mount it to a sub folder in a batch before calling pxesrv and unmount it when closing pxesrv.

 

In the future, I am also considering adding the ability for pxesrv to read files straight from iso, zip, archives, etc.

But we are not there... :)



#859 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 10 January 2020 - 08:07 AM

Latest version now supports the use of MAP for both tftpd and httpd.

 

 

hi, did you put the changed file online?

I downloaded it again, no difference. only map in tftp, not http.

lhDvQA.png

 

 

[map]
FILESYST.SQU=FILESYST.SQUASHFS

 

wrong direction?
this config is ok for tftp:

[map]
00000 =bios
filesystem.squashfs=FILESYST.SQU

md5 of latest pxesrv.exe d7b1bc990c5bc0ae81325f83aa7015e6
still versioned 1.0.0.23
maybe better change version number or build-no everytime?



#860 reboot12

reboot12

    Frequent Member

  • Advanced user
  • 287 posts
  • Interests:WinXP, Debian, OpenWrt, gPXE, iPXE, BIOS, UEFI, Coreboot, MS VirtualPC, VMware
  •  
    Poland

Posted 10 January 2020 - 09:45 AM

Why make life difficult? Do you manually enter the commands in iPXE? :wacko: :blink: :huh:

 

I have a tinypxe.iso 1.86GB image made with the installer (innosetup-5.5.9.exe) which automatically installs the program and many different live system images (linux, windows), tools, scripts and menus PXELINUX, GRUB4DOS or iPXE:

Attached File  tps_setup.png   22.04KB   1 downloads Attached File  pxelinux.png   317.97KB   1 downloads Attached File  xp.png   558.73KB   0 downloads Attached File  vista_7_8_10.png   635.98KB   0 downloads

 

Tiny PXE Server - the best PXE server for Windows :) B)



#861 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 10 January 2020 - 11:20 AM

cabye, on 10 Jan 2020 - 09:07 AM, said:

hi, did you put the changed file online?

I downloaded it again, no difference. only map in tftp, not http.
lhDvQA.png


wrong direction?
this config is ok for tftp:

[map]
00000 =bios
filesystem.squashfs=FILESYST.SQU
md5 of latest pxesrv.exe d7b1bc990c5bc0ae81325f83aa7015e6
still versioned 1.0.0.23
maybe better change version number or build-no everytime?

I did not change the version as this is a minor fix.
I always generate a new version.txt when a new binary is built.


pxesrv.exe
1.0.0.23
08/01/2020 13:05
D7B1BC990C5BC0AE81325F83AA7015E6

I tried the map feature in httpd with success : world=hello in map section and i called http://server/world.txtand got served with hello.txt.


12:22:10 DHCPc:discovering for another DHCPd on LAN
12:22:10 ROOT=C:\Users\erwan\Documents\-= SOURCES =-\delphi\network\sniffer_w2k\pxesrv\files\
12:22:10 TFPTd error, Socket Error # 10049
Cannot assign requested address.
12:22:10 HTTPd:80 started...
12:22:10 DHCPd 192.168.1.144:67 started...
12:22:10 DHCPd 192.168.1.144:4011 started...
12:22:10 PID created: 11000
12:22:10 executing online.bat succeeded
12:22:12 HTTPd:Connect: 192.168.1.144, TID=10912
12:22:12 HTTPd:Connect: 192.168.1.144, TID=1400
12:22:12 HTTPd:Client: 192.168.1.144 [GET] /world.txt
12:22:12 MAP:world->hello
12:22:12 HTTPd:Server : Returning /world.txt



#862 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 10 January 2020 - 12:26 PM

Why make life difficult? Do you manually enter the commands in iPXE? :wacko: :blink: :huh: 

 

take it easy dude. it's only for demonstration



#863 cabye

cabye

    Newbie

  • Members
  • 27 posts
  •  
    Cape Verde

Posted 10 January 2020 - 12:28 PM

I tried the map feature in httpd with success : world=hello in map section and i called http://server/world.txtand got served with hello.txt.

 

you're right.

just that there's a little difference:
  when reading hello.exe using tftp, the  log is :TFTPd:DoReadFile:world.ipxe
  so I know it's mapped from hello to world
  and when reading from http, the log is : HTTPd:Server : Returning /hello.ipxe
  but it acturally returns world.ipxe.
and I didn't notice it. I thought it'd be "Retruning /world.ipxe"

that's ok.

 


Edited by cabye, 10 January 2020 - 12:29 PM.


#864 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 10 January 2020 - 12:57 PM

you're right.

just that there's a little difference:
  when reading hello.exe using tftp, the  log is :TFTPd:DoReadFile:world.ipxe
  so I know it's mapped from hello to world
  and when reading from http, the log is : HTTPd:Server : Returning /hello.ipxe
  but it acturally returns world.ipxe.
and I didn't notice it. I thought it'd be "Retruning /world.ipxe"

that's ok.

 

 

Good catch.

In one case, the map function is called early and the other case it is called late.

This lead to a difference in the log file.

In the end, the map function does the job the same way in both cases (i call the same function) but indeed it looks different in the logs.

I'll see if i can harmonize that later on.

 

Thanks for your useful feedback and testing !



#865 darkmaxx1

darkmaxx1
  • Members
  • 1 posts
  •  
    Canada

Posted 10 January 2020 - 03:14 PM

I'm trying to setup TinyPXE with two vlans configured with Cisco Switchs / ACLs

 

I opened the port TCP 80 / UDP 69 / UDP 4011, but tinyPXE shows a error connection peers while downloading the NPB files/ ipxe.efi

 

Looking on Cisco ACLs logs, it was blocked by the Cisco, but the TFTP protocol uses dynamic ports on both sides while transfering like passive mode. I had to open the UDP ports, I couldn't find a fixed port, it changed everytime.

 

permit udp 192.168.0.0 0.0.255.255 gt 1022 host 192.168.7.17

 

Is there a way to workaround with a config ?



#866 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 10 January 2020 - 06:27 PM

I'm trying to setup TinyPXE with two vlans configured with Cisco Switchs / ACLs

 

I opened the port TCP 80 / UDP 69 / UDP 4011, but tinyPXE shows a error connection peers while downloading the NPB files/ ipxe.efi

 

Looking on Cisco ACLs logs, it was blocked by the Cisco, but the TFTP protocol uses dynamic ports on both sides while transfering like passive mode. I had to open the UDP ports, I couldn't find a fixed port, it changed everytime.

 

permit udp 192.168.0.0 0.0.255.255 gt 1022 host 192.168.7.17

 

Is there a way to workaround with a config ?

 

tftp works as is :

-client talks to server on udp:69 with source port=dynamique X

-servers responds to client on destination port=X and source port=dynamique Y

-client responds ACK to server on destination port=Y and source port=X

-servers sends data (file) to client on destination port=X and source port=Y

 

As you can see, the udp:69 is "only" for the first contact.

 

I will look at the RFC and see if there is a way to influence the dynamique ports.

 

You may have to allow :

-client to server udp:69

and

-server to client udp:any port (the server is initiating the session so return traffic is granted on the firewall).



#867 buck614

buck614
  • Members
  • 7 posts
  •  
    United States

Posted 13 February 2020 - 03:36 PM

I got mine working BUT it takes a little over 5min to pull the wim via TFTP. I can't for the life of me figure out how to make it use HTTP instead of TFTP. I have set TFTPD=0 and HTTP=1 in the config but it either doesn't work at all or only uses TFTP. Am I missing something?



#868 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 16 February 2020 - 03:51 PM

I got mine working BUT it takes a little over 5min to pull the wim via TFTP. I can't for the life of me figure out how to make it use HTTP instead of TFTP. I have set TFTPD=0 and HTTP=1 in the config but it either doesn't work at all or only uses TFTP. Am I missing something?

 

httpd=1 - httpd, not http.

 

or simply use the gui.

 

and share your boot script as well.



#869 buck614

buck614
  • Members
  • 7 posts
  •  
    United States

Posted 18 February 2020 - 02:08 PM

httpd=1 - httpd, not http.

 

or simply use the gui.

 

and share your boot script as well.

 

If I turn on HTTPd and turn off TFTPd it fails to respond to the client all together. I have attached a screenshot.

 

My config ...

 

[arch]
00000=bootfiles\00000\undionly.kpxe
00006=bootfiles\00006\bootia32.efi
00007=bootfiles\00007\bootx64.efi
 
[dhcp]
filename=undionly.kpxe
altfilename=menu.ipxe
httpd=1
tftpd=0
 
 
[map]
\EFI\Microsoft\boot\=\bootfiles\00007\EFI\Microsoft\boot\
\sources\boot.wim=\bootfiles\00007\sources\boot.wim
\boot\boot.sdi=\bootfiles\00000\boot\boot.sdi
\bootfiles\boot\en-US\=\bootfiles\00000\boot\en-US\
\bootfiles\boot\fr-FR\=\bootfiles\00000\boot\fr-FR\
\bootfiles\boot\fonts\=\bootfiles\00000\boot\fonts\
\bootfiles\boot\resources\=\bootfiles\00000\boot\resources\
 
[frmDHCPServer]
top=69
left=967
 
CrGxXWb.jpg


#870 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 18 February 2020 - 02:55 PM

pxe booting is a 2 stage procedure.

your builtin computer first pxe boot loader will seek a boot file via tftp.

the second stage pxe boot loader (ipxe for example) may be able to support http loading (to fetch/boot an iso for example).

 

in short, you will almost always need tftpd + httpd.

 

http is the fastest protocol around for this matter but you will need a custom pxe boot loader like ipxe to achieve this.



#871 buck614

buck614
  • Members
  • 7 posts
  •  
    United States

Posted 18 February 2020 - 03:18 PM

pxe booting is a 2 stage procedure.

your builtin computer first pxe boot loader will seek a boot file via tftp.

the second stage pxe boot loader (ipxe for example) may be able to support http loading (to fetch/boot an iso for example).

 

in short, you will almost always need tftpd + httpd.

 

http is the fastest protocol around for this matter but you will need a custom pxe boot loader like ipxe to achieve this.

 

So does the WIM file have to go TFTP or can it go HTTP? Because my current system uses a dedicated TFTP server and that only takes about 15 seconds or so to push the WIM to the client. It takes about 5 minutes using your program. I even increased the BCD ramdiskoptions but it is still 5 minutes.



#872 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 18 February 2020 - 04:09 PM

If I turn on HTTPd and turn off TFTPd it fails to respond to the client all together. I have attached a screenshot.
 
My config ...
 
[arch]
00000=bootfiles\00000\undionly.kpxe
00006=bootfiles\00006\bootia32.efi
00007=bootfiles\00007\bootx64.efi
 
[dhcp]
filename=undionly.kpxe
altfilename=menu.ipxe
httpd=1
tftpd=0
 
 
[map]
\EFI\Microsoft\boot\=\bootfiles\00007\EFI\Microsoft\boot\
\sources\boot.wim=\bootfiles\00007\sources\boot.wim
\boot\boot.sdi=\bootfiles\00000\boot\boot.sdi
\bootfiles\boot\en-US\=\bootfiles\00000\boot\en-US\
\bootfiles\boot\fr-FR\=\bootfiles\00000\boot\fr-FR\
\bootfiles\boot\fonts\=\bootfiles\00000\boot\fonts\
\bootfiles\boot\resources\=\bootfiles\00000\boot\resources\
 
[frmDHCPServe


#873 sebus

sebus

    Frequent Member

  • Advanced user
  • 363 posts

Posted 08 July 2020 - 05:31 PM

Not directly related to Tiny itself, but I will ask anyway

 

Is there any chance to boot ipxe menu (or any menu) via UEFI but WITH Secure Boot (as per Dell BIOS default settings?)

My boss has averse reaction to changing defaults...



#874 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 08 July 2020 - 07:26 PM

Not directly related to Tiny itself, but I will ask anyway

Is there any chance to boot ipxe menu (or any menu) via UEFI but WITH Secure Boot (as per Dell BIOS default settings?)
My boss has averse reaction to changing defaults...

 

Yes, if your company is willing to pay for the signing part.

More details here (ipxe) and here (MS).

And every chainload binary in your booting process will also need to be signed.

 

Or else you need to go for an already signed bootloader (like grub2 in some distros?).

 

Or else i have read here and there that there are some signed bootloaders that can launch unsigned bootloaders.

So may be you could do : pxe boot->"some" signed bootloader->ipxe unsigned bootloader ?

I am not entirely accute on that topic but I believe "some" bootloader intercepts LoadImage() and StartImage() (which are normally deferred to UEFI firmware) to allow the execution of non signed uefi binaries.



#875 sebus

sebus

    Frequent Member

  • Advanced user
  • 363 posts

Posted 09 July 2020 - 05:58 PM

OK, if you do not know, then I have no chance...

I read the above links previously, what a load of c**p

 

Wonder if any of this can be of some help

 

Thanks

 

sebus







Also tagged with one or more of these keywords: pxe, network boot

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users