Jamf Nation Community

Hi Don

Yes I have tried entering the JSS address, I have also opened up terminal
within the NetBoot environment and tried pinging via IP which does not work

Basically anything we try pinging that is local works, but the moment we try
to ping anything that is going via the VPN tunnel ie London office
fileserver, JSS etc we get a time out.

This is where it starts to get weird..if i now boot into netboot environment
on a Mac here in the London Office and try pinging the DP in the Hong Kong
Office, it works fine.

I'm really puzzled

It seems like this is the issue i currently have

"Netboot requires that the client can get DHCP and BSDP information via
broadcast. This typically requires that the Netboot server and clients
reside on the same subnet, because routers typically do not pass broadcast
information between subnets. DHCP information, however, is handled specially
by routers so you don't need a DHCP server on every segment of your network.
This is handled by what are typically called "DHCP Helper tables" (or more
generally, DHCP Relay) in your router's configuration. Basically this is
just a list of IP addresses that DHCP broadcast packets should be relayed
to.

Because the BSDP protocol is so similar to DHCP, the router configuration
for a BSDP server is the same as for DHCP. Therefore, if you want to Netboot
across subnets, or more technically spoken, if you want BSDP broadcast
information relayed past your routers, you need to add the IP address of
your Netboot server to your router's DHCP helper table.

A common fear among network administrators is that this will interfere with
the handling of DHCP by other servers. However, although the bootpd process
is running on your Netboot server, if the DHCP service is not turned on, it
will not hand out IP addresses. In fact, it will completely ignore any DHCP
requests altogether. Likewise, your other DHCP server will completely ignore
BSDP broadcasts that are relayed to it by the router.

In summary, if you want to Netboot across subnets, work with your network
administrator to configure your routers to send BSDP broadcasts to your
Netboot server. This is not an unreasonable request or difficult task, and
greatly reduces your infrastructure and management costs."

Does anyone have any idea of what I need to do to implement this, we have a
unix DHCP server

Thanks

But that's applicable to netbooting only.

Not you VPN/WAN configuration.

Regards,

Ben.

Hi Ben

Thanks for your response, I'll have a look at our VPN config and see what I
can dig up.

The problem I have is basically when the Mac is booted into the OS
everything is fine and I can ping everything over the WAN. But the moment
I'm in netboot mode we cant ping our london office

Is anyone using Distribution Points across VPN/WAN?

or has anyone experienced this issue before?

If it helps this is the log I get from netboot

Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: server name
buildbox-hk3.imagination.com
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: interface en0: ip 192.168.X.X
mask 255.255.X.X
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: re-reading configuration
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: shadow file size will be
set to 48 megabytes
Jun 23 18:14:59 buildbox-hk3 bootpd[30444]: bsdpd: age time 00:15:00