[SOLVED] DHCP Settings

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
eliottiph
Messages: 32
Registration: May 2, 2022 - 10:41

July 25, 2022 - 11:38

WAPTConsole Enterprise version 2.2.1.11957
Console: Win19 server
SRV: Debian 11

Good morning,

I would like to know how options 66 and 67 behave depending on their parameters?
Depending on our choice of boot method (IPXE or WinPE), are all the options essential?

Code: Select all

$waptserver_ipaddress_tftp = "192.168.154.13"
$url_waptserver = "http://srvwapt.mydomain.lan"

Add-DhcpServerv4Class -Name "legacy_bios" -Type Vendor -Data "PXEClient:Arch:00000"
Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"

Set-DhcpServerv4OptionValue -OptionId 66 -Value "$waptserver_ipaddress_tftp"

Add-DhcpServerv4Policy -Name "wapt-ipxe-url-legacy" -Condition AND -UserClass EQ,iPXE -VendorClass EQ,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-legacy" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?uefi=false"

Add-DhcpServerv4Policy -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe"

Add-DhcpServerv4Policy -Name "ipxe.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "ipxe.efi" -OptionID 67 -Value "ipxe.efi"

Add-DhcpServerv4Policy -Name "undionly.kpxe" -Condition AND -UserClass NE,iPXE -VendorClass EQ,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "undionly.kpxe" -OptionID 67 -Value "undionly.kpxe"
Thanks in advance.

Eliott.
Last edited by eliottiph on Jul 27, 2022 - 11:07, edited 2 times.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 25, 2022 - 7:07 PM

The script supports legacy and UEFI BIOS with iPXE. The Microsoft DHCP syntax is rather unwieldy, but you just need to carefully follow the EQ and NEQ settings.

If you want to boot TFTP directly from WinPE (i.e., without using iPXE), it's basically the same configuration you would have on an MDT system.

If the goal is to have the installation with Secure Boot enabled, you can also achieve this with a signed iPXE, such as the one from 2Pint Software's iPXE Anywhere, or you can boot from a USB drive.

Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
eliottiph
Messages: 32
Registration: May 2, 2022 - 10:41

July 26, 2022 - 09:41

Good morning,

Thanks for the clarification. So if I only want to use IPXE UEFI boot, is this configuration suitable?

Code: Select all

$waptserver_ipaddress_tftp = "192.168.154.13"
$url_waptserver = "http://srvwapt.mydomain.lan"

Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"

Set-DhcpServerv4OptionValue -OptionId 66 -Value "$waptserver_ipaddress_tftp"

Add-DhcpServerv4Policy -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe"

Add-DhcpServerv4Policy -Name "ipxe.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "ipxe.efi" -OptionID 67 -Value "ipxe.efi"
Sincerely.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 27, 2022 - 10:40

Yes (with the caveat related to secureboot mentioned previously)
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
eliottiph
Messages: 32
Registration: May 2, 2022 - 10:41

July 27, 2022 - 10:57

Okay, thank you very much. ;)

And if I don't want to use caveat by disabling secureboot for manual installation, will that work?
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 27, 2022 - 12:19

Secure Boot requires that all bootloaders and the kernel be digitally signed. By default, manufacturers include Microsoft's certificate, so the bootloader/kernel must be signed by Microsoft.

In the case of iPXE, the community version is not signed, therefore Secure Boot is not available with this version. The paid commercial version, iPXE Anywhere, is signed and allows Secure Boot to remain enabled.

Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
eliottiph
Messages: 32
Registration: May 2, 2022 - 10:41

July 27, 2022 - 2:03 PM

Okay, thank you very much for all this information :)
High
Locked

Return to "WAPT Server"


  • To go further with WAPT