Skip to content

Instantly share code, notes, and snippets.

@azhang

azhang/pxe_on_opnsense.md

Last active January 1, 2024 11:45
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save azhang/d8304d8dd4b4c165b67ab57ae7e1ede0 to your computer and use it in GitHub Desktop.
Save azhang/d8304d8dd4b4c165b67ab57ae7e1ede0 to your computer and use it in GitHub Desktop.
Download ZIP
PXE on OPNsense
Raw
pxe_on_opnsense.md

This is a walkthrough of setting up a PXE server to boot Ubuntu server live install .iso over network, all on an OPNsense device. No need for Dnsmasq or http/nfs server! Should be compatible with vanilla FreeBSD and HardenedBSD devices as well.

Guide made with OPNsense 20.7 and Ubuntu 20.04.2, with the assumption that your OPNsense device is at 192.168.1.1.

Thanks to all the other guides out there. 1 2

Notes:

A couple issues I ran into with other guides is that Ubuntu's servers return 404 for older releases. Make sure to check each link used in this guide to make sure they exist! This guide works with BIOS as we use pxelinux.0 but it can be adapted fairly easily for UEFI boot.

Overview:

PXE servers have 2 parts:

  • TFTP server to serve the bootloader and other files necessary for network booting.
  • DHCP configuration to respond to PXE requests with info including where to find the TFTP server and the bootloader file to start the network booting process.

TFTP setup

  1. SSH into opnsense. Press 8 for Shell.

  2. Install Vim or other text editor.

    pkg install vim-console

  3. Edit inetd.conf.

     vim /etc/inetd.conf

    Uncomment these lines by removing the # preceding each line. Note the directory /tftpboot – that is the TFTP server root directory.

     tftp    dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l     -s /tftpboot
 tftp    dgram   udp6    wait    root    /usr/libexec/tftpd      tftpd -l     -s /tftpboot

    You may need to restart inetd.

  4. Download and mount the ubuntu iso image to copy vmlinuz and initrd to our TFTP root dir.

     curl -O http://releases.ubuntu.com/focal/ubuntu-20.04.2-live-server-amd64.iso
 mount -t cd9660 /dev/`mdconfig -a -t vnode -f ubuntu-20.04.2-live-server-amd64.iso` /mnt
 mkdir /tftpboot
 cp /mnt/casper/{vmlinuz,initrd} /tftpboot

  5. Add pxelinux boot files to the TFTP root dir.

     cd /tftpboot
 curl -O http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/current/legacy-images/netboot/pxelinux.0
 curl -O http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/current/legacy-images/netboot/ldlinux.c32

  6. Create the config file for pxelinux at /tftpboot/pxelinux.cfg/default containing the following:

     DEFAULT install 
 LABEL install 
 	KERNEL vmlinuz 
 	INITRD initrd 
 	APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://releases.ubuntu.com/focal/ubuntu-20.04.2-live-server-amd64.iso

Testing

In your local terminal, you can test if the tftp server is up and working correctly.

tftp 192.168.1.1
> get pxelinux.0 # transfer from server to local machine
[ctrl+d to exit]
file pxelinux.0 # display file metadata

If you receive a time-out or if the pxelinux.0 that was downloaded is empty, then check your TFTP configuration again. If it downloaded successfully, then all you have remaining is the OPNsense configuration!

OPNsense configuration

  1. Navigate to Services > DHCPv4 > [LAN]

  2. Expand Enable network booting.

    Set next-server IP:        192.168.1.1  # the TFTP server, aka our OPNsense device's IP
Set default bios filename: pxelinux.0   # pxelinux.0 is the bootloader that works with bios.

Note: Ignore the TFTP server section – leave it disabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment