Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 7514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP option 66/67 for WDS/PXE client in different subnet

BBear

Hello community, 

I have a problem with my WDS/DHCP configuration. 
In short: When WDS and Client are on different subnets there's no communication. 

What I have:
Server VLAN: 172.16.10.0/24
Client VLAN: 172.16.12.0/24
No firewall / all ports allowed/open in LAN
DHCP configured in Sophos for Client VLAN --> 172.16.12.1

console> system dhcp dhcp-options binding show dhcpname DCTD_Client_DHCP
Options Configured from GUI
---------------------------
Domain_Name dctd.lan
Subnetmask 255.255.255.0
Default_Gateway 172.16.12.1
Domain_Name_Servers 172.16.12.1
Options Configured from CLI
---------------------------
TFTP_Server_Name(66) "172.16.10.57"
Bootfile_Name(67) "boot\\x64\\wdsnbp.com"

 

Now when I PXE boot a client in the Client VLAN it receives a DHCP IP address and that's it - nothing more. Here's what it does: (.150 being the PXE client)


tcpdump 'host 172.16.12.150'
tcpdump: Starting Packet Dump
18:38:48.686056 Port1, IN:  In 00:15:5d:0c:07:15 ethertype Unknown (0x0078), length 98:
    0x0000:  0000 0800 4500 004e 2d64 0000 4011 dc83  ....E..N-d..@...
    0x0010:  ac10 0c96 ac10 0c01 0699 0045 003a 3998  ...........E.:9.
    0x0020:  0001 626f 6f74 5c78 3634 5c77 6473 6e62  ..boot\x64\wdsnb
    0x0030:  702e 636f 6dff 006f 6374 6574 0074 7369  p.com..octet.tsi
    0x0040:  7a65 0030 0062 6c6b 7369 7a65 0031 3438  ze.0.blksize.148
18:38:48.686061 Port1.120, IN: IP 172.16.12.150.1689 > 172.16.12.1.69:  50 RRQ "boot\x64\wdsnbp.comM-^?" octet tsize 0 blksize 148
18:38:52.686064 Port1, IN:  In 00:10:18:f5:ea:aa ethertype Unknown (0x0078), length 98:
    0x0000:  0000 0800 4500 004e 2d65 0000 4011 dc82  ....E..N-e..@...
    0x0010:  ac10 0c96 ac10 0c01 0699 0045 003a 3998  ...........E.:9.
    0x0020:  0001 626f 6f74 5c78 3634 5c77 6473 6e62  ..boot\x64\wdsnb
    0x0030:  702e 636f 6dff 006f 6374 6574 0074 7369  p.com..octet.tsi
    0x0040:  7a65 0030 0062 6c6b 7369 7a65 0031 3438  ze.0.blksize.148
18:38:52.686069 Port1.120, IN: IP 172.16.12.150.1689 > 172.16.12.1.69:  50 RRQ "boot\x64\wdsnbp.comM-^?" octet tsize 0 blksize 148

So somehow the client is trying to TFTPboot from the DHCP/Sophos although the option TFTPServer has been set. 

Now when setting up a DHCP in the server VLAN and adding these options to that DHCP and setting the client to PXE boot from the server VLAN DHCP everything works fine and the client receives a boot image and starts to PXE boot. (No syntax error, nothing wrong with escape characters as mentioned here: https://community.sophos.com/products/xg-firewall/f/network-and-routing/73673/pxe-server-dhcp-options)

I also tried to add a DNAT rule as suggested here: https://community.sophos.com/products/xg-firewall/f/network-and-routing/91413/dhcp-option-66-not-working. But this ends in "TFTP Error: File not found" although file's there and the syntax is fine. 

What can I do to get WDS/PXE working using different subnets and keeping the DHCP on the Sophos?
Any help greatly appreciated :-)



This thread was automatically locked due to age.