PXE Boot Over WireGuard

Introduction

PXE booting over a VPN, such as WireGuard, enables secure and efficient network booting over encrypted channels. This guide will help you configure PXE booting through WireGuard, including routing PXE traffic and setting up both client and server configurations for successful deployment.

Step 1: Set up WireGuard VPN

Start by configuring the WireGuard tunnel between the PXE client and server.

# On the WireGuard server, configure the peer
[Interface]
Address = 10.0.0.1/24
PrivateKey = 

[Peer]
PublicKey = 
AllowedIPs = 10.0.0.2/32  # Client IP for PXE boot
            

Ensure that the PXE server is correctly configured with routing rules to pass DHCP and TFTP traffic over the VPN.

Step 2: Configure PXE Server

Next, configure the PXE server to handle DHCP and TFTP requests from the PXE client over the WireGuard VPN.

# Install and configure dnsmasq for DHCP and TFTP
sudo apt-get update
sudo apt-get install dnsmasq

# Edit /etc/dnsmasq.conf
interface=eth0                  # Network interface for PXE
dhcp-range=192.168.1.100,192.168.1.150,12h  # IP range
enable-tftp
tftp-root=/srv/tftp
pxe-service=x86PC, "TinyCore PXE Boot", pxelinux
            

Set up the TFTP root directory with the necessary boot files from TinyCore Linux or another appropriate image.

Step 3: PXE Boot Setup

Configure the PXE client to boot from the server. Ensure that the client’s BIOS/UEFI settings are configured to PXE boot, and that the PXE server provides the correct boot image.

# PXE client configuration (example for iPXE)
kernel vmlinuz
initrd initrd.gz
boot
            

Troubleshooting

If you run into issues, here are common problems and their solutions:

• DHCP Server Not Assigning IP: Ensure that the DHCP service is running, and check if the correct interface is configured for PXE.
• TFTP Server Not Serving Files: Verify TFTP permissions and firewall settings. Ensure that the TFTP root directory contains the correct files.
• Client Not Booting: Check the bootloader configuration and ensure that the client is receiving the correct boot image.

Conclusion

By following these steps, you can successfully implement PXE booting over WireGuard, allowing secure and efficient network booting across your infrastructure. Whether for remote deployments or securing boot traffic, WireGuard offers a reliable solution for your PXE setup.