DHCP Integration
This guide covers integrating FOG Docker with existing DHCP servers for PXE boot configuration.
Overview
FOG Docker can work with any DHCP server by configuring the appropriate PXE boot options. This guide covers integration with:
- ISC DHCP Server (Linux/Unix)
- Windows DHCP Server
- pfSense DHCP
- MikroTik RouterOS
- Ubiquiti UniFi
DHCP Configuration Requirements
Required DHCP Options
For PXE boot to work, your DHCP server must provide:
- Option 66 (Next Server): IP address of your FOG server (use
FOG_TFTP_HOSTvalue) - Option 67 (Boot File): Name of the boot file for the client architecture (use
FOG_DHCP_BOOTFILE_BIOS,FOG_DHCP_BOOTFILE_UEFI32,FOG_DHCP_BOOTFILE_UEFI64, orFOG_DHCP_BOOTFILE_ARM64)
Boot File Names
| Client Type | Boot File | Environment Variable | Description |
|---|---|---|---|
| Legacy BIOS (Arch:00000) | undionly.kkpxe | FOG_DHCP_BOOTFILE_BIOS | Traditional BIOS PXE boot |
| UEFI 32-bit (Arch:00002, 00006) | i386-efi/snponly.efi | FOG_DHCP_BOOTFILE_UEFI32 | UEFI 32-bit clients |
| UEFI 64-bit (Arch:00007, 00008, 00009) | snponly.efi | FOG_DHCP_BOOTFILE_UEFI64 | UEFI 64-bit clients (x86_64) |
| UEFI ARM64 (Arch:00011) | arm64-efi/snponly.efi | FOG_DHCP_BOOTFILE_ARM64 | ARM64 UEFI clients |
| SURFACE-PRO-4 | snponly.efi | FOG_DHCP_BOOTFILE_UEFI64 | Microsoft Surface Pro 4 |
| Apple-Intel-Netboot | snponly.efi | FOG_DHCP_BOOTFILE_UEFI64 | Apple Intel Macs |
ISC DHCP Server (Linux/Unix)
Basic Configuration
Edit /etc/dhcp/dhcpd.conf:
# Global settings
option domain-name "your-domain.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
# Subnet configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
# FOG PXE Boot Configuration
next-server 192.168.1.100; # Your FOG server IP
# BIOS clients (Arch:00000)
if substring(option vendor-class-identifier, 0, 9) = "PXEClient" {
if substring(option vendor-class-identifier, 15, 5) = "00000" {
filename "undionly.kkpxe";
}
}
# UEFI 64-bit clients (Arch:00007)
if substring(option vendor-class-identifier, 0, 9) = "PXEClient" {
if substring(option vendor-class-identifier, 15, 5) = "00007" {
filename "snponly.efi";
}
}
}
Advanced Configuration with Architecture Detection
# Global settings
option domain-name "your-domain.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
# Subnet configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
# FOG PXE Boot Configuration
next-server 192.168.1.100; # Your FOG server IP
# Architecture detection and boot file selection
if substring(option vendor-class-identifier, 0, 9) = "PXEClient" {
# BIOS clients (Arch:00000)
if substring(option vendor-class-identifier, 15, 5) = "00000" {
filename "undionly.kkpxe";
}
# UEFI 32-bit clients (Arch:00002, 00006)
elsif substring(option vendor-class-identifier, 15, 5) = "00002" {
filename "i386-efi/snponly.efi";
}
elsif substring(option vendor-class-identifier, 15, 5) = "00006" {
filename "i386-efi/snponly.efi";
}
# UEFI 64-bit clients (Arch:00007, 00008, 00009)
elsif substring(option vendor-class-identifier, 15, 5) = "00007" {
filename "snponly.efi";
}
elsif substring(option vendor-class-identifier, 15, 5) = "00008" {
filename "snponly.efi";
}
elsif substring(option vendor-class-identifier, 15, 5) = "00009" {
filename "snponly.efi";
}
# UEFI ARM64 clients (Arch:00011)
elsif substring(option vendor-class-identifier, 15, 5) = "00011" {
filename "arm64-efi/snponly.efi";
}
# Default fallback
else {
filename "undionly.kkpxe";
}
}
}
Restart DHCP Service
# Restart DHCP server
sudo systemctl restart isc-dhcp-server
# Check status
sudo systemctl status isc-dhcp-server
# Check configuration
sudo dhcpd -t
Windows DHCP Server
Using DHCP Management Console
- Open DHCP Management Console
- Right-click on your server → Properties
- Go to Advanced tab
- Click “Vendor Classes” → Add
- Create vendor classes for different architectures
Using PowerShell
# Set DHCP server options
Set-DhcpServerv4OptionValue -ComputerName "your-dhcp-server" -OptionId 66 -Value "192.168.1.100"
Set-DhcpServerv4OptionValue -ComputerName "your-dhcp-server" -OptionId 67 -Value "undionly.kkpxe"
# For UEFI 64-bit clients, create a policy
Add-DhcpServerv4Policy -Name "UEFI-Clients" -Condition OR -MacAddress "00-15-5D-*"
Set-DhcpServerv4Policy -Name "UEFI-Clients" -OptionId 67 -Value "snponly.efi"
Using netsh (Command Line)
# Set global options
netsh dhcp server scope 192.168.1.0 set optionvalue 66 IPADDRESS 192.168.1.100
netsh dhcp server scope 192.168.1.0 set optionvalue 67 STRING "undionly.kkpxe"
# For UEFI 64-bit clients, create a reservation or policy
netsh dhcp server scope 192.168.1.0 add reservedip 192.168.1.150 00-15-5D-01-02-03 "UEFI-Client"
netsh dhcp server reservedip 192.168.1.150 set optionvalue 67 STRING "snponly.efi"
pfSense DHCP
Web Interface Configuration
- Go to Services → DHCP Server
- Edit your DHCP scope
- Scroll down to “Additional BOOTP/DHCP Options”
- Add the following options:
| Number | Type | Value | Description |
|---|---|---|---|
| 66 | Text | 192.168.1.100 | Next Server (FOG server IP) |
| 67 | Text | undionly.kkpxe | Boot File Name (BIOS) or snponly.efi (UEFI 64-bit) |
Advanced Configuration
For different architectures, create multiple DHCP scopes or use custom options:
# In pfSense shell or config
# Option 66: Next Server
option 66 "192.168.1.100";
# Option 67: Boot File (BIOS)
option 67 "undionly.kkpxe";
# For UEFI clients, you may need to create separate scopes
# or use MAC address reservations
MikroTik RouterOS
Using WinBox/WebFig
- Go to IP → DHCP Server
- Edit your DHCP network
- Go to “Options” tab
- Add the following options:
| Name | Code | Value |
|---|---|---|
| next-server | 66 | 192.168.1.100 |
| boot-file-name | 67 | undionly.kkpxe (BIOS) or snponly.efi (UEFI 64-bit) |
Using Command Line
# Set DHCP options
/ip dhcp-server option add name="next-server" code=66 value=0xC0A80164
/ip dhcp-server option add name="boot-file-name" code=67 value="undionly.kkpxe"
# Apply to DHCP network
/ip dhcp-server network set [find address="192.168.1.0/24"] next-server=192.168.1.100 boot-file-name=undionly.kkpxe
Ubiquiti UniFi
Using UniFi Controller
- Go to Settings → Networks
- Edit your network
- Go to “Advanced” section
- Enable “DHCP Options”
- Add the following options:
| Number | Type | Value |
|---|---|---|
| 66 | String | 192.168.1.100 |
| 67 | String | undionly.kkpxe (BIOS) or snponly.efi (UEFI 64-bit) |
Using JSON Configuration
{
"dhcpOptions": [
{
"number": 66,
"type": "string",
"value": "192.168.1.100"
},
{
"number": 67,
"type": "string",
"value": "undionly.kkpxe"
}
]
}
HTTPBoot Configuration
For UEFI clients that support HTTPBoot, you can configure HTTP URLs instead of TFTP files:
ISC DHCP Server
# HTTPBoot configuration for UEFI clients
if substring(option vendor-class-identifier, 0, 9) = "PXEClient" {
if substring(option vendor-class-identifier, 15, 5) = "00007" {
# HTTPBoot URL for UEFI clients
option vendor-class-identifier "HTTPClient:Arch:00007:UNDI:003016";
filename "http://192.168.1.100/fog/service/ipxe/snponly.efi";
}
}
Windows DHCP Server
# Set HTTPBoot option for UEFI clients
Set-DhcpServerv4OptionValue -ComputerName "your-dhcp-server" -OptionId 67 -Value "http://192.168.1.100/fog/service/ipxe/snponly.efi"
Testing DHCP Configuration
Test DHCP Options
# Test DHCP options from client
dhclient -v eth0
# Check received options
cat /var/lib/dhcp/dhclient.leases
# Test PXE boot
# Boot a client machine and check if it receives correct options
Verify PXE Boot
- Boot a client machine via PXE
- Check if it receives the correct next-server and boot file
- Verify the client can download the boot file from FOG server
- Check FOG logs for client connections
Troubleshooting
Common Issues
Client Not Getting PXE Options
Symptoms: Client boots but doesn’t get PXE options Solutions:
- Check DHCP server configuration
- Verify DHCP server is running
- Check network connectivity
- Verify client is in correct subnet
Wrong Boot File for Architecture
Symptoms: Client gets wrong boot file for its architecture Solutions:
- Check vendor class identifier detection
- Verify architecture-specific options
- Test with different client types
TFTP Timeout Errors
Symptoms: Client can’t download boot file Solutions:
- Check TFTP server is running on FOG server
- Verify firewall rules allow TFTP (port 69/UDP)
- Check file permissions on boot files
- Test TFTP connectivity manually
Debug Commands
# Check DHCP server status
systemctl status isc-dhcp-server
# Check DHCP leases
cat /var/lib/dhcp/dhcpd.leases
# Test DHCP options
dhclient -v eth0
# Check TFTP server
systemctl status tftpd-hpa
# Test TFTP connectivity
tftp 192.168.1.100
tftp> get undionly.kkpxe
tftp> quit
Best Practices
Security
- Use DHCP reservations for known clients
- Implement DHCP snooping on switches
- Monitor DHCP traffic for anomalies
- Use secure boot when possible
Performance
- Optimize DHCP lease times for your environment
- Use DHCP pools efficiently
- Monitor DHCP server performance
- Implement DHCP failover for redundancy
Maintenance
- Regular backup of DHCP configuration
- Monitor DHCP logs for issues
- Update boot files when FOG is updated
- Test PXE boot after any changes
Next Steps
After configuring DHCP integration:
- Network Boot Setup - Verify PXE and HTTPBoot configuration
- Configuration Guide - Optimize FOG configuration
- Troubleshooting Guide - Address any issues