Fwd: Distribution Point to Remote Office (VPN Tunnel)

abz_mungul
New Contributor III

Hi

I was wondering if you could help with the following

We have created a Distribution Point in our Hong Kong Office and find that
when we NetBoot we get the following message

  1. Connection Error connecting to https://buildbox-lon3.imagination.com:8443/: 28
  2. The server that Casper Imaging received data from does not apprea to be a valid JSS. Please verify the address and try again.

Our primary Distribution Point is hosted in our London office and is called
"buildbox-lon3.imagination.com"

But it seems that once the machine has netbooted it can not ping anything
via the VPN tunnel, it can only ping addresses that are local.

This only happens when the machine has been NetBooted

Look forward to hearing from you

Thanks

Abz

-- Los Angeles · Detroit · Toronto · New York · London · Cologne · Stockholm ·
Singapore · Hong Kong · Shanghai · Tokyo · Sydney

Imagination · London
25 Store Street South Crescent, London WC1E 7BL, United Kingdom
Tel +44 20 7323 3300 Fax +44 20 7462 2837
www.imagination.com

6 REPLIES 6

donmontalvo
Esteemed Contributor II

You mention the "primary Distribution Point" but are you entering the *JSS* address in Casper Imaging? If so have you tried entering the IP address in case it's a DNS resolution issue?

Don

--
https://donmontalvo.com

abz_mungul
New Contributor III

Hi Don

Yes I have tried entering the JSS address, I have also opened up terminal
within the NetBoot environment and tried pinging via IP which does not work

Basically anything we try pinging that is local works, but the moment we try
to ping anything that is going via the VPN tunnel ie London office
fileserver, JSS etc we get a time out.

This is where it starts to get weird..if i now boot into netboot environment
on a Mac here in the London Office and try pinging the DP in the Hong Kong
Office, it works fine.

I'm really puzzled

abz_mungul
New Contributor III

It seems like this is the issue i currently have

"Netboot requires that the client can get DHCP and BSDP information via
broadcast. This typically requires that the Netboot server and clients
reside on the same subnet, because routers typically do not pass broadcast
information between subnets. DHCP information, however, is handled specially
by routers so you don't need a DHCP server on every segment of your network.
This is handled by what are typically called "DHCP Helper tables" (or more
generally, DHCP Relay) in your router's configuration. Basically this is
just a list of IP addresses that DHCP broadcast packets should be relayed
to.

Because the BSDP protocol is so similar to DHCP, the router configuration
for a BSDP server is the same as for DHCP. Therefore, if you want to Netboot
across subnets, or more technically spoken, if you want BSDP broadcast
information relayed past your routers, you need to add the IP address of
your Netboot server to your router's DHCP helper table.

A common fear among network administrators is that this will interfere with
the handling of DHCP by other servers. However, although the bootpd process
is running on your Netboot server, if the DHCP service is not turned on, it
will not hand out IP addresses. In fact, it will completely ignore any DHCP
requests altogether. Likewise, your other DHCP server will completely ignore
BSDP broadcasts that are relayed to it by the router.

In summary, if you want to Netboot across subnets, work with your network
administrator to configure your routers to send BSDP broadcasts to your
Netboot server. This is not an unreasonable request or difficult task, and
greatly reduces your infrastructure and management costs."

Does anyone have any idea of what I need to do to implement this, we have a
unix DHCP server

Thanks

bentoms
Esteemed Contributor
Esteemed Contributor

But that's applicable to netbooting only.

Not you VPN/WAN configuration.

Regards,

Ben.

abz_mungul
New Contributor III

Hi Ben

Thanks for your response, I'll have a look at our VPN config and see what I
can dig up.

The problem I have is basically when the Mac is booted into the OS
everything is fine and I can ping everything over the WAN. But the moment
I'm in netboot mode we cant ping our london office

Is anyone using Distribution Points across VPN/WAN?

or has anyone experienced this issue before?

abz_mungul
New Contributor III

If it helps this is the log I get from netboot

Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: server name
buildbox-hk3.imagination.com
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: interface en0: ip 192.168.X.X
mask 255.255.X.X
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: re-reading configuration
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: shadow file size will be
set to 48 megabytes
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: age time 00:15:00