iPXE pfSense

Hello,

I'm trying to build a router (pf-sense for OS) with an old PC I have lying around, but I don't have a spare hard drive. After some searching I found a way to use a remote disk as a boot device, iPXE. It's like the normal PXE with support for iSCSI boot (among others). So I have setup an iSCSI target , DHCP server and TFTP server (all with Windows 2008R2). I booted to iPXE through PXE and... well I'm stuck. What must I do next? Use pxelinux.0 or something? Has anyone done this before? Is it even possible? Can I do it with normal PXE? 

You probably want to chainload pfSense at this point...

Assuming msdhcp, here is the relevant tutorial: http://ipxe.org/howto/msdhcp#pxe_chainloading

And then to set up the script iPXE fetches you can reference this: http://ipxe.org/scripting

Ok... but how am I going to install it ? Should I dump a pfSense iso in the iscsi array? ( i tried that and it doesn't work, I get an error message when i type: sanboot iscsi:[...] " )

 

You create a virtual disk on the server and install pfSense to that. Your iSCSI server can provide both the installer image and the storage for the install. Then adjust the iPXE script to boot straight to the storage once you have completed the installation.

See:

http://ipxe.org/cmd/sanhook

http://ipxe.org/cmd/sanboot

http://technet.microsoft.com/en-us/library/gg232598(v=ws.10).aspx

I'll test this out in a VM to see where you might be tripped up, but I don't have a Windows server set up so anything Microsoft specific I won't be able to help with.

Well, I tried and ended up running into trouble with VirtualBox, so instead I set up some real hardware. I have been able to sanhook the virtual disk and sanboot the pfSense iso, but pfSense only loads up until it tries mounting root from the cd drive... Looks like I'll have to mess around some more to get around that.

Thank you for taking the time to look in to it. But how did you sanboot? Did you dump the files of the iso in the iscsi array or the .iso it self? Note that I recall reading somewhere what you must change something in pfsense itself to recognize the san. Also what kind of trouble did you run into ( im testing all this time through vmplayer)  because that would explain errors im getting after the sanboot command.

I was having trouble getting iPXE to load consistently using VirtualBox's built in NAT. It would load sometimes, and sometimes it would get stuck at various points. Generally I wouldn't even reach the iPXE prompt before the VM crashed. I tried a bunch of different pxe rom builds, I tried using the built-in tftp server, I tried using an external tftp server through the NAT. It might have worked if I had used bridging mode for the NIC instead of NAT, but I would have had to run a cable to my laptop and it was just more convenient to plug in the extra box sitting right next to my server. I just deleted one of the ports from the bridge and set up isc-dhcpd on it, now iPXE loads fine onto the machine.

What error exactly are you getting?

Here are the commands I used in iPXE:

code tags are horribly broken :(

http://oz.freqlabs.com/osx86/paste/paste.oz?stamp=13ca3e9e56b03d705d5b9cfaa1d21cfb

PfSense loads up to the point where it tries mounting the root filesystem from some random place. I just have the .iso file as the target.

Now to figure out  what I'm doing wrong. I'll follow your lead and try to find how to change pfSense to do my bidding...

Still stuck at the mountroot prompt, I am about to give up on loading the ISO through iSCSI :) I'll try a memstick next. If that doesn't work, I'll try using a VM to install, then just pxe boot straight to the virtual disk.

Ok after a lot of research, I'm starting to think this will not be as easy as I expected. It seems pfSense does not have iSCSI modules available. I'm going to try building from scratch an installation that incorporates an iSCSI initiator, but basically the idea seems like a dead end. There is very little documentation I could find on booting FreeBSD with an iSCSI root.

Exporting via NFS may be a much simpler option...

Yeah I thought that too... Well, thanks for you help. I'll have to scratch that project and get myself a proper HDD to use... Also I found out that Microsoft iscsi target server i was using does not support img mounting just .vhd (static too) so there. That's why I couldn't boot to anything and got stuck.

Why not just spend a few bucks on a 4-8gb flash drive and put pfsense embedded on it?