Page 1 of 1
[SOLVED] DHCP Settings
Published: July 25, 2022 - 11:38 AM
by eliottiph
WAPTConsole Enterprise version 2.2.1.11957
Console: Win19 server
SRV: Debian 11
Good morning,
I would like to know how options 66 and 67 behave depending on their parameters?
Depending on our choice of boot method (IPXE or WinPE), are all the options essential?
Code: Select all
$waptserver_ipaddress_tftp = "192.168.154.13"
$url_waptserver = "http://srvwapt.mydomain.lan"
Add-DhcpServerv4Class -Name "legacy_bios" -Type Vendor -Data "PXEClient:Arch:00000"
Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"
Set-DhcpServerv4OptionValue -OptionId 66 -Value "$waptserver_ipaddress_tftp"
Add-DhcpServerv4Policy -Name "wapt-ipxe-url-legacy" -Condition AND -UserClass EQ,iPXE -VendorClass EQ,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-legacy" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?uefi=false"
Add-DhcpServerv4Policy -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe"
Add-DhcpServerv4Policy -Name "ipxe.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "ipxe.efi" -OptionID 67 -Value "ipxe.efi"
Add-DhcpServerv4Policy -Name "undionly.kpxe" -Condition AND -UserClass NE,iPXE -VendorClass EQ,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "undionly.kpxe" -OptionID 67 -Value "undionly.kpxe"
Thanks in advance.
Eliott.
Re: DHCP settings
Published: July 25, 2022 - 7:07 PM
by dcardon
The script supports legacy and UEFI BIOS with iPXE. The Microsoft DHCP syntax is rather unwieldy, but you just need to carefully follow the EQ and NEQ settings.
If you want to boot TFTP directly from WinPE (i.e., without using iPXE), it's basically the same configuration you would have on an MDT system.
If the goal is to have the installation with Secure Boot enabled, you can also achieve this with a signed iPXE, such as the one from 2Pint Software's iPXE Anywhere, or you can boot from a USB drive.
Sincerely,
Denis
Re: DHCP settings
Published: July 26, 2022 - 09:41
by eliottiph
Good morning,
Thanks for the clarification. So if I only want to use IPXE UEFI boot, is this configuration suitable?
Code: Select all
$waptserver_ipaddress_tftp = "192.168.154.13"
$url_waptserver = "http://srvwapt.mydomain.lan"
Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"
Set-DhcpServerv4OptionValue -OptionId 66 -Value "$waptserver_ipaddress_tftp"
Add-DhcpServerv4Policy -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe"
Add-DhcpServerv4Policy -Name "ipxe.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios*
Set-DhcpServerv4OptionValue -PolicyName "ipxe.efi" -OptionID 67 -Value "ipxe.efi"
Sincerely.
Re: DHCP settings
Published: July 27, 2022 - 10:40 AM
by dcardon
Yes (with the caveat related to secureboot mentioned previously)
Re: [SOLVED] DHCP Settings
Published: July 27, 2022 - 10:57 AM
by eliottiph
Okay, thank you very much.
And if I don't want to use caveat by disabling secureboot for manual installation, will that work?
Re: DHCP settings
Published: July 27, 2022 - 12:19 PM
by dcardon
Secure Boot requires that all bootloaders and the kernel be digitally signed. By default, manufacturers include Microsoft's certificate, so the bootloader/kernel must be signed by Microsoft.
In the case of iPXE, the community version is not signed, therefore Secure Boot is not available with this version. The paid commercial version, iPXE Anywhere, is signed and allows Secure Boot to remain enabled.
Sincerely,
Denis
Re: [SOLVED] DHCP Settings
Published: July 27, 2022 - 2:03 PM
by eliottiph
Okay, thank you very much for all this information
