Picon

help: How to disable HTTPS certificate verification with iPXE?



Hi there, 
I am trying to chainload boot image from web server using https. Is there any way to disable https certificate verification while compiling iPXE (something like "curl -k https://example.com/index.php")? 


Thanks,
Peter Lin
<div>
<div>
<span></span><br>
</div>
<div><br></div>
<div><span><div>
<div>Hi there,&nbsp;</div>
<div>I am trying to chainload boot image from web server using https. Is there any way to disable https certificate verification while compiling iPXE (something like&nbsp;<span></span><span>"curl -k</span><span>&nbsp;</span><a href="https://example.com/index.php">https://example.com/index.php")?</a><span>&nbsp;</span>
</div>
<div><br></div>
<div><br></div>
<div>Thanks,</div>
<div>Peter Lin</div>
</div></span></div>
</div>
Christian Wäschenfelder | 12 Nov 17:40 2014
Picon

iPXE on Moonshot node

Hi,

I'm trying to get iPXE working on a Moonshot m700 Node.
The Network Chip is a Broadcom BCM5720.

If I load the undionly.kpxe image it tries to get an IP from DHCP, but 
the NIC doesn't receive any packets.
RX counter stays at 0, but I see that the DHCP Server sends the 
responses.

If I use the ipxe.pxe image it already fails bringing up the link at 
all.

I've tried it with the binaries from Ubuntu 14.04 and with self compiled 
binaries from the latest source.

Any Ideas how to solve this?

Best,
Christian
Ivan Krutskikh | 10 Nov 11:44 2014
Picon

Windows bootup problems after successfull wimboot-iscsi setup

Hi,

Thou this is not technically speaking a ipxe question, but I think this is an appropriate place to get some help with it.

So I am developing a Linux/Windows diskless boot system based on ipxe, zfsonlinux and python. Linux part works like a bliss with multiple distros, different hardware e.t.c.

At first I made some progress with windows 7 too, using pure cd-rom setup for single station ( a supposed to be  a Microsoft supported scenario) and a ccboot client v2.0 for injecting multiple nic drivers for different hardware.

I used the same booting script for both:
eg:

#!ipxe set keep-san 1 set netX/gateway 0.0.0.0 sanboot iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:testinstall

But after some time ( maybe some windows updates as well, hard to tell) the whole windows booting sequence broke and I cannot fix it or reproduce it with fresh install. All windows bootups end with hang windows logo followed by
bsod 7e and a reboot. As far as I can tell, this is because windows couldn't find the driver for main hdd storage. ( basically, it is the lan driver + msicsi)

After some experiments with never ccboot versions, I tried a different approach based on http://ipxe.org/howto/winpe. So I made a custom 3.0 winpe, booted it with ipxe script:

#!ipxe

set netX/gateway 0.0.0.0
sanhook  iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:testinstall 
kernel http://192.168.0.242:8080/boot/wimboot
initrd http://192.168.0.242:8080/media/bcd BCD
initrd http://192.168.0.242:8080/media/boot.sdi boot.sdi
initrd http://192.168.0.242:8080/media/boot.wim boot.wim
boot

My nic was perfectly recognized and configured, windows 7 setup was able to see my iscsi drive and installed windows just like it would on a local hdd. But after reboot- same old story. Bootup hangs, BSoD 7e. Tried launching a local VM from the same media, which was used to provide iscsi target- setup finished succesfull, new desktop welcomed me.

At this point I'm out of ideas. What differs installing windows by winpe to iscsi from the same scenario with cdrom? Not to mention there are a number of tutorials on the internet suggesting the second method for client provision.

What am I doing wrong here?

Thanks in advance.
<div><div dir="ltr">
<div>
<div>
<div>Hi,<br><br>Thou this is not technically speaking a ipxe question, but I think this is an appropriate place to get some help with it. <br><br>
</div>So I am developing a Linux/Windows diskless boot system based on ipxe, zfsonlinux and python. Linux part works like a bliss with multiple distros, different hardware e.t.c.<br><br>
</div>At first I made some progress with windows 7 too, using pure cd-rom setup for single station ( a supposed to be&nbsp; a Microsoft supported scenario) and a ccboot client v2.0 for injecting multiple nic drivers for different hardware. <br><br>
</div>
<div>I used the same booting script for both: <br>
</div>
<div>eg:</div>
<br>#!ipxe

set keep-san 1
set netX/gateway 0.0.0.0
sanboot iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:testinstall<div><br></div>But after some time ( maybe some windows updates as well, hard to tell) the whole windows booting sequence broke and I cannot fix it or reproduce it with fresh install. All windows bootups end with hang windows logo followed by <br><div>bsod 7e and a reboot. As far as I can tell, this is because windows couldn't find the driver for main hdd storage. ( basically, it is the lan driver + msicsi)<br><br>
</div>
<div>After some experiments with never ccboot versions, I tried a different approach based on <a href="http://ipxe.org/howto/winpe">http://ipxe.org/howto/winpe</a>. So I made a custom 3.0 winpe, booted it with ipxe script:<br><br>#!ipxe<br><br>set netX/gateway 0.0.0.0<br>sanhook&nbsp; iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:testinstall&nbsp; <br>kernel <a href="http://192.168.0.242:8080/boot/wimboot">http://192.168.0.242:8080/boot/wimboot</a> <br>initrd <a href="http://192.168.0.242:8080/media/bcd">http://192.168.0.242:8080/media/bcd</a> BCD <br>initrd <a href="http://192.168.0.242:8080/media/boot.sdi">http://192.168.0.242:8080/media/boot.sdi</a> boot.sdi<br>initrd <a href="http://192.168.0.242:8080/media/boot.wim">http://192.168.0.242:8080/media/boot.wim</a> boot.wim<br>boot<br><br>
</div>
<div>My nic was perfectly recognized and configured, windows 7 setup was able to see my iscsi drive and installed windows just like it would on a local hdd. But after reboot- same old story. Bootup hangs, BSoD 7e. Tried launching a local VM from the same media, which was used to provide iscsi target- setup finished succesfull, new desktop welcomed me. <br><br>
</div>
<div>At this point I'm out of ideas. What differs installing windows by winpe to iscsi from the same scenario with cdrom? Not to mention there are a number of tutorials on the internet suggesting the second method for client provision.<br><br>
</div>
<div>What am I doing wrong here?<br><br>
</div>
<div>Thanks in advance.<br>
</div>
</div></div>
Ivan Krutskikh | 6 Nov 11:22 2014
Picon

Black screen on Intel NUC after wimboot

Hi,

Thanks for the IPXE project. So far I had no problems with it in various san boot scenarios.

Until I tried http://ipxe.org/howto/winpe deploy scenario with a couple of first generation intel nuc pc's (http://ark.intel.com/products/71484/Intel-NUC-Kit-DCCP847DY).

I launch the latest ipxe.lkrn from syslinux on a local usb key:


label wimboot
    kernel /boot/ipxe.lkrn
    append initrd=/boot/boot.ipxe


boot.ipxe :

#!ipxe

dhcp
set netX/gateway 0.0.0.0
sanhook  iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:winpe 
kernel http://192.168.0.242:8080/boot/wimboot
initrd http://192.168.0.242:8080/media/bcd BCD
initrd http://192.168.0.242:8080/media/boot.sdi boot.sdi
initrd http://192.168.0.242:8080/media/boot.wim boot.wim
boot



This boot option worked on almost any other pc in my office, but on nuc's it downloads all the defined images, flashes black screen and reboots.

What am I doing wrong here and what can be done to get it fixed?

Thanks in advance!

<div><div dir="ltr">
<div>Hi,<br><br>
</div>
<div>Thanks for the IPXE project. So far I had no problems with it in various san boot scenarios.<br><br>
</div>
<div>Until I tried <a href="http://ipxe.org/howto/winpe">http://ipxe.org/howto/winpe</a> deploy scenario with a couple of first generation intel nuc pc's (<a href="http://ark.intel.com/products/71484/Intel-NUC-Kit-DCCP847DY">http://ark.intel.com/products/71484/Intel-NUC-Kit-DCCP847DY</a>).<br><br>
</div>
<div>I launch the latest ipxe.lkrn from syslinux on a local usb key: <br><br><br>label wimboot<br>&nbsp;&nbsp;&nbsp; kernel /boot/ipxe.lkrn<br>&nbsp;&nbsp;&nbsp; append initrd=/boot/boot.ipxe<br><br><br>
</div>
<div>boot.ipxe :<br><br>#!ipxe<br><br>dhcp<br>set netX/gateway 0.0.0.0<br>sanhook&nbsp; iscsi:192.168.0.242:::1:iqn.2014-06.bootup.mtt:winpe&nbsp; <br>kernel <a href="http://192.168.0.242:8080/boot/wimboot">http://192.168.0.242:8080/boot/wimboot</a> <br>initrd <a href="http://192.168.0.242:8080/media/bcd">http://192.168.0.242:8080/media/bcd</a> BCD <br>initrd <a href="http://192.168.0.242:8080/media/boot.sdi">http://192.168.0.242:8080/media/boot.sdi</a> boot.sdi<br>initrd <a href="http://192.168.0.242:8080/media/boot.wim">http://192.168.0.242:8080/media/boot.wim</a> boot.wim<br>boot<br><br><br>
</div>
<div><br></div>
<div>This boot option worked on almost any other pc in my office, but on nuc's it downloads all the defined images, flashes black screen and reboots.<br><br>
</div>
<div>What am I doing wrong here and what can be done to get it fixed?<br><br>
</div>
<div>Thanks in advance!<br>
</div>
<div><br></div>
</div></div>
Wissam Shoukair | 2 Nov 15:32 2014

Closing all net devices in netboot()

Hi,

Does anyone knows what is the purpose of calling close_all_netdevs() in netboot()? Can I remove this call?

one of the main reasons why I’m interested in removing this call is that its disabling me to hook to an empty LUN in iSCSI target via the first port and then installing an OS by downloading an install image via PXE on the second port.

 

Thanks,

Wissam

<div>
<div class="WordSection1">
<p class="MsoNormal">Hi,<p></p></p>
<p class="MsoNormal">Does anyone knows what is the purpose of calling close_all_netdevs() in netboot()? Can I remove this call?<p></p></p>
<p class="MsoNormal">one of the main reasons why I&rsquo;m interested in removing this call is that its disabling me to hook to an empty LUN in iSCSI target via the first port and then installing an OS by downloading an install image via PXE on the second port.<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Thanks,<p></p></p>
<p class="MsoNormal">Wissam<p></p></p>
</div>
</div>
Floris Bos | 28 Oct 23:43 2014
Picon

Windows having problems parsing iBFT from recent iPXE versions?

Hi,

I am having problems getting a Windows 2012 iSCSI installation to work 
with recent iPXE versions,
while it does work with an older iPXE version.

Test setup:

- Virtualbox VM as "server to be provisioned"
- Simple Synology NAS device as iSCSI target
- Latest wimboot
- iPXE script that looks like this:

==
set keep-san 1
set skip-san-boot 1
sanboot 
iscsi:192.168.178.99::3260::iqn.2000-01.com.synology:DiskStation.diskless
kernel http://192.168.178.100/wimboot
initrd http://192.168.178.100/bootmgr bootmgr
initrd http://192.168.178.100/bcd bcd
initrd http://192.168.178.100/boot.sdi boot.sdi
initrd http://192.168.178.100/segmono_boot.ttf segmono_boot.ttf
initrd http://192.168.178.100/segoe_slboot.ttf segoe_slboot.ttf
initrd http://192.168.178.100/wgl4_boot.ttf wgl4_boot.ttf
initrd http://192.168.178.100/boot.wim boot.wim
boot
==

With undionly.kkpxe compiled today from git sources:

Windows does not detect the iSCSI disk and network configuration is not 
entirely correct.
Seems Windows was able to obtain the IPv4 IP-address, but not my IPv4 
nameserver from iBFT.

Screenshot of ipconfig/diskpart "show disk": 
http://s29.postimg.org/s8eyhb78n/ipxe_2014.png

With an old undionly.kkpxe I compiled back in September 2012, and 
everything else the same, it does works correctly.

Screenshot: http://s22.postimg.org/hg17r5ug1/ipxe_2012.png

Any idea what might be the issue?

--

-- 
Yours sincerely,

Floris Bos

Christian Stroehmeier | 28 Oct 18:29 2014
Picon

Password parsing

Hi everyone,

I recently discovered that a '?' in your password will cause the
password to be displayed in plain text during imgfetch. After looking
into core/uri.c what was causing this I think the same is true for '#'
and ' <at> '. The parsing simply assumes these characters server their usual
purpose when occurring in an URI.

I tried working around that issue, but I am undecided how to do this
correctly. First thing that comes to mind is starting at the end of the
string searching backwards. Are there any drawbacks on this? If not I
would implement it and send the patch.

Cheers,
Chris
Duane-B | 27 Oct 17:47 2014
Picon

ipxe-devel@...

Hello,

My name is Duane, and wanted to inquire about the Rom-o-Matic.eu website, which seems not to be working any more.  The site only provides the following information (see below).

-----------------------------------------------------------------------

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

-----------------------------------------------------------------------

I have used the website before, to create many customized ipxe boot files.  The website states about not having content yet, which is odd, since there was content prior, which allowed me to create my boot files.

Is the website being upgraded?  Is the service no longer being provided? 

I also have checked out the ipxe.org website, which states to use Rom-o-Matic.eu website, and no mention about any problem with the site.

Also, Robin Smidsrød., states in a recent ( ipxe.org ) forum reply (dated 9-21-2014) to use Rom-o-Matic.eu. 

Any help or information would be appreciated.

Thank you.

 
<div><div dir="ltr">
<div class="gmail_default">Hello,<br><br>
</div>
<div class="gmail_default">My name is Duane, and wanted to inquire about the Rom-o-Matic.eu website, which seems not to be working any more.&nbsp; The site only provides the following information (see below).<br><br>-----------------------------------------------------------------------<br><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>-----------------------------------------------------------------------<br>
</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">I have used the website before, to create many customized ipxe boot files.&nbsp; The website states about not having content yet, which is odd, since there was content prior, which allowed me to create my boot files.<br><br>
</div>
<div class="gmail_default">Is the website being upgraded?&nbsp; Is the service no longer being provided?&nbsp; <br>
</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">I also have checked out the <a href="http://ipxe.org">ipxe.org</a> website, which states to use Rom-o-Matic.eu website, and no mention about any problem with the site.<br><br>
</div>
<div class="gmail_default">Also, Robin Smidsr&oslash;d., states in a recent ( <a href="http://ipxe.org">ipxe.org</a> ) forum reply (dated 9-21-2014) to use Rom-o-Matic.eu.&nbsp; <br>
</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">Any help or information would be appreciated.<br><br>
</div>
<div class="gmail_default">Thank you.<br>
</div>
<div class="gmail_default">
<br>&nbsp;<br>
</div>
</div></div>
Ferenc Wagner | 27 Oct 10:22 2014
Picon

iSCSI protocol transition

Hi,

Mutual CHAP iSCSI login to our Fujitsu-Siemens Eternus DX80 device went
into an infinite loop until I made the following change:

--- a/src/net/tcp/iscsi.c
+++ b/src/net/tcp/iscsi.c
 <at>  <at>  -767,8 +767,9  <at>  <at>  static void iscsi_start_login ( struct iscsi_session *iscsi ) {
        iscsi_start_tx ( iscsi );
        request->opcode = ( ISCSI_OPCODE_LOGIN_REQUEST |
                            ISCSI_FLAG_IMMEDIATE );
-       request->flags = ( ( iscsi->status & ISCSI_STATUS_PHASE_MASK ) |
-                          ISCSI_LOGIN_FLAG_TRANSITION );
+       request->flags = iscsi->status & ISCSI_STATUS_PHASE_MASK;
+       if (iscsi->status & (ISCSI_STATUS_STRINGS_CHAP_RESPONSE | ISCSI_STATUS_STRINGS_OPERATIONAL))
+               request->flags |= ISCSI_LOGIN_FLAG_TRANSITION; 
        /* version_max and version_min left as zero */
        len = iscsi_build_login_request_strings ( iscsi, NULL, 0 );
        ISCSI_SET_LENGTHS ( request->lengths, 0, len );
--

-- 
Regards,
Feri.
Steve Cross | 25 Oct 02:43 2014

Information: Supported iSCSI Target

I just wanted to let the website admins know of another known working iSCSI target. I have been using Starwind Virtual SAN for several years now with no problems at all. This is a commercial application, but can be used for free with limitations. You can find this application here: http://www.starwindsoftware.com/starwind-virtual-san/ .

This is purely informational, in case you want to update your wiki.

<div><div dir="ltr">I just wanted to let the website admins know of another known working iSCSI target. I have been using Starwind Virtual SAN for several years now with no problems at all. This is a commercial application, but can be used for free with limitations. You can find this application here:&nbsp;<a href="http://www.starwindsoftware.com/starwind-virtual-san/">http://www.starwindsoftware.com/starwind-virtual-san/</a> .<div><br></div>
<div>This is purely informational, in case you want to update your wiki.</div>
<div><br></div>
<div>Thanks,<br><div><div>
<br clear="all"><div>
<div>Steve Cross</div>
<div><a href="mailto:hairlesshobo@..." target="_blank">hairlesshobo <at> stevecross.org</a></div>
</div>
</div></div>
</div>
</div></div>
Löster, Thomas - SID | 23 Oct 16:11 2014
Picon

wimboot problem

Hello,

 

I have to start winpe-images over pxelinux + wimboot.

On a BIOS-compatible system it works fine. But now I have to boot a MS surface 3 which only has UEFI.

Here it works till this point:

 

Loading …wimboot … ok

Encapsulating …\bootmgr … ok

Encapsulating …\bcd … ok

Encapsulating …\boot.sdi … ok

Encapsulating  …\boot.wim …

 

Here it hangs and nothing happens. L

I use the latest wimboot (2.3.0) and the newest pxelinux version (6.3).

Unfortunately I didn’t found any hints if I have to change any options in the pxelinux.cfg\default or I have to change some files.

For instance I tried to use bootmgr.efi instead of bootmgr but that didn’t change anything.

I would be very glad if you can give me some help.

 

Best regards

Mit freundlichen Grüßen

Thomas Löster
Sachbearbeiter
_____________________________________________________________________
STAATSBETRIEB SÄCHSISCHE INFORMATIK DIENSTE
Bereich | Fachbereich 4.1

Garnisonsplatz 10 | 01917 Kamenz
Tel.: +49 3578334432 | Fax: +49 357833554432

Thomas.Loester-kkpK0Eud7cp7bykhDtR+nA@public.gmane.org

 

Kein Zugang für elektronisch signierte sowie für verschlüsselte elektronische Dokumente.

 

<div>
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hello,<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have to start winpe-images over pxelinux + wimboot.<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">On a BIOS-compatible system it works fine. But now I have to boot a MS surface 3 which only has UEFI.<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Here it works till this point:<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span lang="EN-US">Loading &hellip;wimboot &hellip; ok<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Encapsulating &hellip;\bootmgr &hellip; ok<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Encapsulating &hellip;\bcd &hellip; ok<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Encapsulating &hellip;\boot.sdi &hellip; ok<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Encapsulating&nbsp; &hellip;\boot.wim &hellip;<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span lang="EN-US">Here it hangs and nothing happens. </span>
<span lang="EN-US">L</span><span lang="EN-US"><p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">I use the latest wimboot (2.3.0) and the newest pxelinux version (6.3).<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">Unfortunately I didn&rsquo;t found any hints if I have to change any options in the pxelinux.cfg\default or I have to change some files.<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">For instance I tried to use bootmgr.efi instead of bootmgr but that didn&rsquo;t change anything.<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US">I would be very glad if you can give me some help.<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Best regards<p></p></span></p>
<p class="MsoNormal"><span>Mit freundlichen Gr&uuml;&szlig;en<p></p></span></p>
<p class="MsoNormal"><span>Thomas L&ouml;ster<br></span><span>Sachbearbeiter</span><span><br></span><span>_____________________________________________________________________</span><span><br></span><span>STAATSBETRIEB S&Auml;CHSISCHE INFORMATIK DIENSTE<br>
Bereich | Fachbereich 4.1</span><span><br></span><span>Garnisonsplatz 10 | 01917 Kamenz</span><span><br></span><span>Tel.: +49 3578334432 | Fax: +49 357833554432<p></p></span></p>
<p class="MsoNormal"><span><a href="mailto:Thomas.Loester@..."><span>Thomas.Loester@...</span></a><p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Kein Zugang f&uuml;r elektronisch signierte sowie f&uuml;r verschl&uuml;sselte elektronische Dokumente.</span><span><p></p></span></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
</div>
</div>

Gmane