iPXE over WAN with manual address
|
2018-04-09, 10:54
Post: #1
|
|||
|
|||
iPXE over WAN with manual address
Hello,
We own a fleet of pcengines that are a pain to updgrade manually, especially because of their number and geographical location. They all run the same custom iso image, that we update frequently. We would like to PXE boot them all over HTTPS, but also need to authenticate each client. Is it possible to pre-program the iPXE clients to skip DHCP entirely and download the iso from our server using a trusted certificate as password? If not, what are the alternatives? |
|||
2018-04-09, 16:40
Post: #2
|
|||
|
|||
RE: iPXE over WAN with manual address
An build of iPXE can have embeded scripts that does this, but how do you intend to configure client IPs? Because it sounds like you have multiple machines and having all of them using the same static IP would not be a good idea.
I suspect that you would still want to have DHCP to get IP, but then use the embedded script for all location and logic. My suggestion is to first start with a proof of concept without any security at all, and then go from there adding "one layer at a time" Use GitHub Discussions VRAM bin |
|||
2018-04-09, 21:36
Post: #3
|
|||
|
|||
RE: iPXE over WAN with manual address
(2018-04-09 16:40)NiKiZe Wrote: An build of iPXE can have embeded scripts that does this, but how do you intend to configure client IPs? Because it sounds like you have multiple machines and having all of them using the same static IP would not be a good idea. Each LAN has a default numbering of 192.168.1.1/24. The modem is 192.168.1.1 with basic routing and dns. The pcengine is 192.168.1.2. When iPXE boots the pcengine, it should just reach out to the remote server using HTTPS. |
|||
2018-04-09, 21:41
Post: #4
|
|||
|
|||
RE: iPXE over WAN with manual address
(2018-04-09 21:36)ruga Wrote: Each LAN has a default numbering of 192.168.1.1/24. So you are saying that this iPXE instance should always have 192.168.1.2 as IP? sure you can have that in an embedded script. I have no experience with "pcengine" (just did a quick search to have any chance to understand what you are talking about) and I think it is the same for most others as well in the community. So might be easier for everyone if you explain what you want without being explicit to pcengine. I think what you want is doable, but my suggestion still stands, take one step at a time to build this, start with http and a simple embeded script as first proof of concept, and then go from there to add the security layers you want, one at a time. Use GitHub Discussions VRAM bin |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)