starred/netboot.xyz
1
0
Fork 0
mirror of https://github.com/netbootxyz/netboot.xyz.git synced 2026-04-25 07:05:56 +03:00
Code Issues 272 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #283] USB image - Network unreachable #1659

New issue
Open
opened 2026-03-01 18:35:12 +03:00 by kerem · 55 comments
kerem commented 2026-03-01 18:35:12 +03:00
Owner
Copy link

Originally created by @abitrolly on GitHub (Nov 1, 2018).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/283

netboot.xyz.usb USB image from https://boot.netboot.xyz/ipxe/netboot.xyz.usb fails to reach the network. Not from real hardware connected to LAN, not from QEMU on this laptop. The error message is the same.

$ md5sum netboot.xyz.usb
10f28984666d1e836f7b650615088708  netboot.xyz.usb

$ sudo dd if=netboot.xyz.usb of=/dev/sdc
2752+0 records in
2752+0 records out
1409024 bytes (1.4 MB, 1.3 MiB) copied, 2.20912 s, 638 kB/s

$ sudo qemu-system-x86_64 -hda /dev/sdc

image

Originally created by @abitrolly on GitHub (Nov 1, 2018). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/283 `netboot.xyz.usb` USB image from https://boot.netboot.xyz/ipxe/netboot.xyz.usb fails to reach the network. Not from real hardware connected to LAN, not from QEMU on this laptop. The error message is the same. ``` $ md5sum netboot.xyz.usb 10f28984666d1e836f7b650615088708 netboot.xyz.usb $ sudo dd if=netboot.xyz.usb of=/dev/sdc 2752+0 records in 2752+0 records out 1409024 bytes (1.4 MB, 1.3 MiB) copied, 2.20912 s, 638 kB/s $ sudo qemu-system-x86_64 -hda /dev/sdc ``` ![image](https://user-images.githubusercontent.com/8781107/47864931-e4d57100-de0b-11e8-8ebe-f8c97d9b0245.png)
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Nov 1, 2018):

While debugging it appears that nslookup resolves addresses as IPv6.

iPXE> nslookup address ipxe.org
iPXE> echo ${address}
2001:ba8:0:1d4::6950:5845

http://ipxe.org/cmd/nslookup

But my network doesn't support IPv6.

<!-- gh-comment-id:435112368 --> @abitrolly commented on GitHub (Nov 1, 2018): While debugging it appears that `nslookup` resolves addresses as IPv6. ``` iPXE> nslookup address ipxe.org iPXE> echo ${address} 2001:ba8:0:1d4::6950:5845 ``` http://ipxe.org/cmd/nslookup But my network doesn't support IPv6.
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Nov 1, 2018):

Route command shows two net0 addresses too.

iPXE> route
net0: 192.168 ...
net0: fe80:: ...

My router seems to be IPv6 compatible, and that's probably the reason I get IPv6 address and get resolve names, but it seems that upstream provider is not. How to make iPXE fallback to IPv4 is IPv6 fails?

<!-- gh-comment-id:435120219 --> @abitrolly commented on GitHub (Nov 1, 2018): Route command shows two net0 addresses too. ``` iPXE> route net0: 192.168 ... net0: fe80:: ... ``` My router seems to be IPv6 compatible, and that's probably the reason I get IPv6 address and get resolve names, but it seems that upstream provider is not. How to make iPXE fallback to IPv4 is IPv6 fails?
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@pali commented on GitHub (Nov 1, 2018):

Same problem there. It is because iPXE itself has broken IPv6 support.

I compiled my own iPXE version with disabled IPv6 support. Then network in this iPXE started working correctly.

But because https://boot.netboot.xyz/menu.ipxe is doing "Attempting to chain to latest version..." it is not possible to use my own working version of iPXE with netboot.xyz. netboot.xyz just replace working iPXE with its own iPXE version with broken IPv6 support and therefore netboot.xyz is unusable.

<!-- gh-comment-id:435181488 --> @pali commented on GitHub (Nov 1, 2018): Same problem there. It is because iPXE itself has broken IPv6 support. I compiled my own iPXE version with disabled IPv6 support. Then network in this iPXE started working correctly. But because https://boot.netboot.xyz/menu.ipxe is doing "Attempting to chain to latest version..." it is not possible to use my own working version of iPXE with netboot.xyz. netboot.xyz just replace working iPXE with its own iPXE version with broken IPv6 support and therefore netboot.xyz is unusable.
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Nov 1, 2018):

Hmmm... yeah, I think I see the problem. I'm just using the dhcp command so it's trying all interfaces and trying all types of networking regardless to if the network upstream can support it.

I could try doing:

ifconf -c dhcp || ifconf -c ipv6 || goto netconfig

https://github.com/antonym/netboot.xyz/blob/master/ipxe/disks/netboot.xyz#L18

That may force ipv4 first, then fallback to ipv6 and then go to manual config. (http://ipxe.org/cmd/ifconf)

<!-- gh-comment-id:435197164 --> @antonym commented on GitHub (Nov 1, 2018): Hmmm... yeah, I think I see the problem. I'm just using the dhcp command so it's trying all interfaces and trying all types of networking regardless to if the network upstream can support it. I could try doing: ifconf -c dhcp || ifconf -c ipv6 || goto netconfig https://github.com/antonym/netboot.xyz/blob/master/ipxe/disks/netboot.xyz#L18 That may force ipv4 first, then fallback to ipv6 and then go to manual config. (http://ipxe.org/cmd/ifconf)
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Nov 2, 2018):

Just dumping notes here, but I could also do some validation to ensure we can hit boot.netboot.xyz:

ping --count 1 boot.netboot.xyz && goto ipv4_good || goto ipv4_bad

<!-- gh-comment-id:435395300 --> @antonym commented on GitHub (Nov 2, 2018): Just dumping notes here, but I could also do some validation to ensure we can hit boot.netboot.xyz: ping --count 1 boot.netboot.xyz && goto ipv4_good || goto ipv4_bad
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Nov 3, 2018):

@antonym ifconf -c dhcp still configures ipv6. Seems like there is no way to disable it. I asked here http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006337.html still waiting for replies.

ping: command not found.

netboot.xyz 1.04

<!-- gh-comment-id:435593730 --> @abitrolly commented on GitHub (Nov 3, 2018): @antonym `ifconf -c dhcp` still configures ipv6. Seems like there is no way to disable it. I asked here http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006337.html still waiting for replies. ping: command not found. netboot.xyz 1.04
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@NiKiZe commented on GitHub (Feb 20, 2019):

ping could be disabled (by firewalls), i would suggest trying to hit a http/https endpoint to determine if it is good and then have fallback, maybe even check the error code.

@abitrolly I remember there being a few other discussions on the list about ipv6 recently, maybe that could help.

Just to have it in text ... error in image is http://ipxe.org/280a6011 Network unreachable

<!-- gh-comment-id:465686804 --> @NiKiZe commented on GitHub (Feb 20, 2019): ping could be disabled (by firewalls), i would suggest trying to hit a http/https endpoint to determine if it is good and then have fallback, maybe even check the error code. @abitrolly I remember there being a few other discussions on the list about ipv6 recently, maybe that could help. Just to have it in text ... error in image is http://ipxe.org/280a6011 Network unreachable
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@hugalafutro commented on GitHub (Oct 7, 2020):

Hi, I am hitting this exact same issue with netboot.xyz running inside a docker container, is there any way to make this work? I use OpenWRT router, I tried disabling the ipv6 interfaces, but it just killed my internet even though I don't use ipv6 nor does my isp provide it.

<!-- gh-comment-id:704629740 --> @hugalafutro commented on GitHub (Oct 7, 2020): Hi, I am hitting this exact same issue with netboot.xyz running inside a docker container, is there any way to make this work? I use OpenWRT router, I tried disabling the ipv6 interfaces, but it just killed my internet even though I don't use ipv6 nor does my isp provide it.
kerem commented 2026-03-01 18:35:13 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Nov 24, 2020):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

<!-- gh-comment-id:732531585 --> @github-actions[bot] commented on GitHub (Nov 24, 2020): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Nov 24, 2020):

@hugalafutro if your ISP doesn't support ipv6, how could disabling it kill the internet? Can you post what you do?

<!-- gh-comment-id:732634023 --> @abitrolly commented on GitHub (Nov 24, 2020): @hugalafutro if your ISP doesn't support ipv6, how could disabling it kill the internet? Can you post what you do?
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@pali commented on GitHub (Nov 24, 2020):

@abitrolly: I have not tested iPXE again but at the time when I wrote my last commit it was because iPXE prefered IPv6 connection and if there was none from ISP then it it obiously killed the internet. Note that on the local network can be running DHCPv6 server or RA packets with just non-routable ULA addresses, it is perfectly fine to have assigned ULA or LL address even when you do not have IPv6 internet connection.

<!-- gh-comment-id:732763001 --> @pali commented on GitHub (Nov 24, 2020): @abitrolly: I have not tested iPXE again but at the time when I wrote my last commit it was because iPXE prefered IPv6 connection and if there was none from ISP then it it obiously killed the internet. Note that on the local network can be running DHCPv6 server or RA packets with just non-routable ULA addresses, it is perfectly fine to have assigned ULA or LL address even when you do not have IPv6 internet connection.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Nov 24, 2020):

@pali do you mean iPXE device could access the network, but could not access the internet?

<!-- gh-comment-id:732768672 --> @abitrolly commented on GitHub (Nov 24, 2020): @pali do you mean iPXE device could access the network, but could not access the internet?
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@pali commented on GitHub (Nov 24, 2020):

@abitrolly: basically yes.

And there was also another issue in iPXE. On statefull DHCPv6-only network (when ISP or other router provides real IPv6 internet) iPXE detected that it is IPv6 capable (probably via RA) and prefered to use IPv6. But iPXE was not able to assign IPv6 address from statefull DHCPv6 server (maybe it did not have implemented statefull DHCPv6 client?) and just throwed error that Network unreachable.

<!-- gh-comment-id:732775784 --> @pali commented on GitHub (Nov 24, 2020): @abitrolly: basically yes. And there was also another issue in iPXE. On statefull DHCPv6-only network (when ISP or other router provides real IPv6 internet) iPXE detected that it is IPv6 capable (probably via RA) and prefered to use IPv6. But iPXE was not able to assign IPv6 address from statefull DHCPv6 server (maybe it did not have implemented statefull DHCPv6 client?) and just throwed error that Network unreachable.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@pali commented on GitHub (Nov 24, 2020):

So in both cases, completely disabling IPv6 in iPXE fixed those issues. iPXE in never tried to use IPv6 and so it use IPv4 which worked.

<!-- gh-comment-id:732776449 --> @pali commented on GitHub (Nov 24, 2020): So in both cases, completely disabling IPv6 in iPXE fixed those issues. iPXE in never tried to use IPv6 and so it use IPv4 which worked.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@razamatan commented on GitHub (Jan 2, 2021):

I'm hitting this issue chainloading netboot.xyz from my working ipxe with no ipv6 support...

<!-- gh-comment-id:753437618 --> @razamatan commented on GitHub (Jan 2, 2021): I'm hitting this issue chainloading netboot.xyz from my working ipxe with no ipv6 support...
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@lukyrys commented on GitHub (Mar 9, 2021):

Same problem via PXE, tried many version, both DHCP or DHCP-undionly tested with same result.

obrazek

when i hit to "Manual network configuration" and I'll just go through it without change any value then its working. (https still same error but http works).
I think the eth0 linkup is late before the dhcp request is in progress. Some extra check if eth is up or sleep may help?

<!-- gh-comment-id:794578032 --> @lukyrys commented on GitHub (Mar 9, 2021): Same problem via PXE, tried many version, both DHCP or DHCP-undionly tested with same result. ![obrazek](https://user-images.githubusercontent.com/2318346/110550089-54be3980-8133-11eb-9e1a-44a845e72332.png) when i hit to "Manual network configuration" and I'll just go through it without change any value then its working. (https still same error but http works). I think the eth0 linkup is late before the dhcp request is in progress. Some extra check if eth is up or sleep may help?
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@romanchyla commented on GitHub (Mar 20, 2021):

was facing the same issue (v2.0.33), on OpenWrt disabling IPv6 solved it:

'sysctl -w net.ipv6.conf.all.disable_ipv6=1',
        'echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6',
        'sysctl -w net.ipv6.conf.default.disable_ipv6=1'```
<!-- gh-comment-id:803228210 --> @romanchyla commented on GitHub (Mar 20, 2021): was facing the same issue (v2.0.33), on OpenWrt disabling IPv6 solved it: ``` 'sysctl -w net.ipv6.conf.all.disable_ipv6=1', 'echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6', 'sysctl -w net.ipv6.conf.default.disable_ipv6=1'```
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@woeisme commented on GitHub (Oct 23, 2021):

Came across the same issue today, afaik ipv6 already disabled on my network (openwrt / lede)

<!-- gh-comment-id:950127796 --> @woeisme commented on GitHub (Oct 23, 2021): Came across the same issue today, afaik ipv6 already disabled on my network (openwrt / lede)
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@xeijin commented on GitHub (Oct 31, 2021):

@woeisme the option in OpenWRT is buried pretty deep, but it worked for me after unticking the box:

Screenshot 2021-10-31 at 16 33 43 Screenshot 2021-10-31 at 16 27 00
<!-- gh-comment-id:955746251 --> @xeijin commented on GitHub (Oct 31, 2021): @woeisme the option in OpenWRT is buried pretty deep, but it worked for me after unticking the box: <img width="806" alt="Screenshot 2021-10-31 at 16 33 43" src="https://user-images.githubusercontent.com/291385/139593431-d3575496-6299-4165-a8e0-7f58c8acde3b.png"> <img width="913" alt="Screenshot 2021-10-31 at 16 27 00" src="https://user-images.githubusercontent.com/291385/139593248-deac5c4a-2fee-4772-941e-6c311d965716.png">
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 15, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

<!-- gh-comment-id:1067496303 --> @github-actions[bot] commented on GitHub (Mar 15, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@razamatan commented on GitHub (Mar 15, 2022):

still a problem... still needs some love.

<!-- gh-comment-id:1067547236 --> @razamatan commented on GitHub (Mar 15, 2022): still a problem... still needs some love.
kerem commented 2026-03-01 18:35:14 +03:00
Author
Owner
Copy link

@foxt commented on GitHub (Apr 11, 2022):

Can confirm, on all 3 machines I've tried netboot on, all of them required me to go into manual configuration and press enter a few times to get it to work

<!-- gh-comment-id:1095264383 --> @foxt commented on GitHub (Apr 11, 2022): Can confirm, on all 3 machines I've tried netboot on, all of them required me to go into manual configuration and press enter a few times to get it to work
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (May 12, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

<!-- gh-comment-id:1124480916 --> @github-actions[bot] commented on GitHub (May 12, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@hello-smile6 commented on GitHub (May 12, 2022):

STILL BROKEN, BOT! STOP CLOSING IT!

<!-- gh-comment-id:1124485749 --> @hello-smile6 commented on GitHub (May 12, 2022): STILL BROKEN, BOT! STOP CLOSING IT!
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@Openanonwriter commented on GitHub (May 20, 2022):

Having the same issue, we do not have IPV6 on the IPXE machine. Did a capture using wireshark, I can see that it is looking up AAAA records and failing as it should, but does not look for IPV4 after, just hard fails. Manually setting IPv4 it works, but dhcp does not.

<!-- gh-comment-id:1132320410 --> @Openanonwriter commented on GitHub (May 20, 2022): Having the same issue, we do not have IPV6 on the IPXE machine. Did a capture using wireshark, I can see that it is looking up AAAA records and failing as it should, but does not look for IPV4 after, just hard fails. Manually setting IPv4 it works, but dhcp does not.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@donhector commented on GitHub (Jun 3, 2022):

I was also getting the network unreachable error message when trying to spin up a Libvirt VM that was configured to boot from its NIC interface (virtio). This VM uses the default BIOS firmware (not UEFI)

The NIC was configured to be attached to the host network (ie not attached to the libvirt's default network, which uses nat via its own virb0 device, but to a custom libvirt network I had created that uses bridge mode via the br0 host device.)

This allows the libvirt VM to receive an IP in the same range as the Libvirt host and pretty much any other devices in my home LAN (ie 192.168.1.0/24)

My home LAN router is OpenWRT, which provides DNS, DHCP (ie, is the one leasing those 192.168.1.0/24 IPS) and TFTP amongst other stuff.

In the OpenWRT UI I had configured TFPT to serve directly from the url http://boot.netboot.xyz/ipxe/netboot.xyz.kpxe (since my VM is not configured for UEFI)

image

On boot, the VM would receive an IP in the desired 192.168.1.0/24 range, and would also receive the desired TFPT url provided by OpenWRT, but then it would fail trying to pull the actual netboot.xyz.kpxe file from the web with the dreaded network unreachable error message.

Thanks to the pointers here around IPv6 being the culprit and following @xeijin suggestion, totally disabling DHCPv6 in OpenWRT for my LAN fixed the problem for me:

image

Hope that helps other people as well as a temporary workaround until the ipxe file itslef handles resorting to IPv4 when needed

NOTE: In my setup, using https in the url did not work, I had to settle using http.

NOTE2: Your mileage might vary, but it was no big deal for me to disable IPv6 inside my Lan.

<!-- gh-comment-id:1145905679 --> @donhector commented on GitHub (Jun 3, 2022): I was also getting the `network unreachable` error message when trying to spin up a Libvirt VM that was configured to boot from its NIC interface (_virtio_). This VM uses the default BIOS firmware (not UEFI) The NIC was configured to be attached to the host network (ie not attached to the libvirt's `default` network, which uses `nat` via its own `virb0` device, but to a custom libvirt network I had created that uses `bridge` mode via the `br0` host device.) This allows the libvirt VM to receive an IP in the same range as the Libvirt host and pretty much any other devices in my home LAN (ie _192.168.1.0/24_) My home LAN router is OpenWRT, which provides DNS, DHCP (ie, is the one leasing those 192.168.1.0/24 IPS) and TFTP amongst other stuff. In the OpenWRT UI I had configured TFPT to serve directly from the url `http://boot.netboot.xyz/ipxe/netboot.xyz.kpxe` (since my VM is not configured for UEFI) ![image](https://user-images.githubusercontent.com/2475379/171850027-90004bd4-b851-40e6-979f-93b61dbb186b.png) On boot, the VM would receive an IP in the desired 192.168.1.0/24 range, and would also receive the desired TFPT url provided by OpenWRT, but then it would fail trying to pull the actual `netboot.xyz.kpxe` file from the web with the dreaded `network unreachable` error message. Thanks to the pointers here around IPv6 being the culprit and following @xeijin suggestion, totally disabling DHCPv6 in OpenWRT for my LAN fixed the problem for me: ![image](https://user-images.githubusercontent.com/2475379/171851658-f75d3963-e4bc-4d7c-893a-3b985ad7b9d9.png) Hope that helps other people as well as a temporary workaround until the ipxe file itslef handles resorting to IPv4 when needed _NOTE:_ In my setup, using `https` in the url did not work, I had to settle using `http`. _NOTE2:_ Your mileage might vary, but it was no big deal for me to disable IPv6 inside my Lan.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@steve6375 commented on GitHub (Oct 13, 2022):

My ISP does not support ipv6. Any fix for netboot.xyz.iso ?
Seems to be magically working now! Maybe my ISP changed something?

<!-- gh-comment-id:1277265559 --> @steve6375 commented on GitHub (Oct 13, 2022): _My ISP does not support ipv6. Any fix for netboot.xyz.iso ?_ Seems to be magically working now! Maybe my ISP changed something?
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@SimonMcN commented on GitHub (Oct 31, 2022):

okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ?

<!-- gh-comment-id:1297350979 --> @SimonMcN commented on GitHub (Oct 31, 2022): okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ?
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Feb 16, 2023):

okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ?

This was my experience as well.

I'm using:

# netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023
# iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2
...
f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso

HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP.

<!-- gh-comment-id:1432357232 --> @joshenders commented on GitHub (Feb 16, 2023): > okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ? This was my experience as well. I'm using: ``` # netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023 # iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2 ... f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso ``` HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@dedene commented on GitHub (Apr 28, 2023):

okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ?

This was my experience as well.

I'm using:


# netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023

# iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2

...

f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso

HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP.

I'm observing the same with latest version, regardless of ipv6 configured on the network or not.

Was it working for you with that version?

<!-- gh-comment-id:1527773660 --> @dedene commented on GitHub (Apr 28, 2023): > > okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ? > > > > This was my experience as well. > > > > I'm using: > > ``` > > # netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023 > > # iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2 > > ... > > f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso > > ``` > > > > HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP. I'm observing the same with latest version, regardless of ipv6 configured on the network or not. Was it working for you with that version?
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Apr 28, 2023):

okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ?

This was my experience as well.

I'm using:


# netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023

# iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2

...

f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso

HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP.

I'm observing the same with latest version, regardless of ipv6 configured on the network or not.

Was it working for you with that version?

I ended up trying the .iso version written to a usb flash drive using balena etcher.

<!-- gh-comment-id:1528004466 --> @joshenders commented on GitHub (Apr 28, 2023): > > > okay. I'm stumped. If I do m at boot and choose all the options it presents it works. but it doesn't work automatically ? > > > > > > > > This was my experience as well. > > > > > > > > I'm using: > > > > ``` > > > > # netboot.xyz bootloaders generated at Thu Feb 16 00:54:02 UTC 2023 > > > > # iPXE Commit: https://github.com/ipxe/ipxe/commit/cff857461be443339aa39d614635d9a4eae8f8b2 > > > > ... > > > > f9432f382b8c507d15f7ad17a4f432e91a89d0e680fb95fa80d29cedd96d959f *netboot.xyz.iso > > > > ``` > > > > > > > > HP Microserver Gen10+ with Intel i350-based 1GbE directly connected to the ONT of an IPv4-only fiber ISP. > > I'm observing the same with latest version, regardless of ipv6 configured on the network or not. > > Was it working for you with that version? I ended up trying the .iso version written to a usb flash drive using balena etcher.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@gema-arta commented on GitHub (Jun 7, 2023):

in

QEMU emulator version 8.0.0 (v8.0.0-12024-gd6b71850be-dirty)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers

qemu-system-x86_64 -M q35 -cpu qemu64 -m 4G -L . -nic user,model=virtio -cdrom netboot.xyz-multiarch.iso  -boot menu=on -usb

or use

qemu-system-x86_64 -M q35 -cpu qemu64 -m 4G -L . -nic user,model=virtio-net-pci-transitional -hda netboot.xyz-multiarch.img  -boot menu=on -usb

or basically

qemu-system-x86_64 -nic user,tftp=.,bootfile=http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn -nographic

result

iPXE 1.21.1+ (gb00935) -- Open Source Network Boot Firmware -- https://ipxe.org
Features: DNS HTTP HTTPS iSCSI TFTP SRP VLAN AoE ELF MBOOT PXE bzImage COMBOOT M
enu PXEXT
netboot.xyz - v2.x

Configuring (net0 52:54:00:12:34:56)...... ok
https://boot.netboot.xyz/menu.ipxe... Network unreachable (https://ipxe.org/280a6011)
HTTPS appears to have failed... attempting HTTP
http://boot.netboot.xyz/menu.ipxe... Network unreachable (https://ipxe.org/280a6011)
HTTP has failed, localbooting...
No bootable device.
QEMU: Terminated

show ip6 get local link address who added automatically
image

This is qemu problem?

<!-- gh-comment-id:1581395769 --> @gema-arta commented on GitHub (Jun 7, 2023): in ``` QEMU emulator version 8.0.0 (v8.0.0-12024-gd6b71850be-dirty) Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers ``` ``` qemu-system-x86_64 -M q35 -cpu qemu64 -m 4G -L . -nic user,model=virtio -cdrom netboot.xyz-multiarch.iso -boot menu=on -usb ``` or use ``` qemu-system-x86_64 -M q35 -cpu qemu64 -m 4G -L . -nic user,model=virtio-net-pci-transitional -hda netboot.xyz-multiarch.img -boot menu=on -usb ``` or basically ``` qemu-system-x86_64 -nic user,tftp=.,bootfile=http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn -nographic ``` result ``` iPXE 1.21.1+ (gb00935) -- Open Source Network Boot Firmware -- https://ipxe.org Features: DNS HTTP HTTPS iSCSI TFTP SRP VLAN AoE ELF MBOOT PXE bzImage COMBOOT M enu PXEXT netboot.xyz - v2.x Configuring (net0 52:54:00:12:34:56)...... ok https://boot.netboot.xyz/menu.ipxe... Network unreachable (https://ipxe.org/280a6011) HTTPS appears to have failed... attempting HTTP http://boot.netboot.xyz/menu.ipxe... Network unreachable (https://ipxe.org/280a6011) HTTP has failed, localbooting... No bootable device. QEMU: Terminated ``` `show ip6` get `local link` address who added automatically ![image](https://github.com/netbootxyz/netboot.xyz/assets/4130081/b21e7607-0948-4290-8358-0f1c7007efd0) This is `qemu` problem?
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@razamatan commented on GitHub (Jun 7, 2023):

it's not specific to qemu. i'm still having this issue on physical/standalone pc's.

<!-- gh-comment-id:1581452661 --> @razamatan commented on GitHub (Jun 7, 2023): it's not specific to qemu. i'm still having this issue on physical/standalone pc's.
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@gema-arta commented on GitHub (Jun 7, 2023):

@razamatan

it's not specific to qemu. i'm still having this issue on physical/standalone pc's.

This is globally ipxe ipv6/dns name resolving and dual v4/v6 stack trouble. But the ipv6=off qemu workaround works for me.
qemu-system-x86_64 -nic user,ipv6=off,tftp=.,bootfile=http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn -nographic

<!-- gh-comment-id:1581537539 --> @gema-arta commented on GitHub (Jun 7, 2023): @razamatan > it's not specific to qemu. i'm still having this issue on physical/standalone pc's. This is globally ipxe ipv6/dns name resolving and dual v4/v6 stack trouble. But the `ipv6=off` qemu workaround works for me. `qemu-system-x86_64 -nic user,ipv6=off,tftp=.,bootfile=http://boot.netboot.xyz/ipxe/netboot.xyz.lkrn -nographic`
kerem commented 2026-03-01 18:35:15 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Jun 10, 2023):

The issue is really upstream with iPXE, I could probably build images that were separate single stack to see if that would work better but ideally I wouldn't have to create more images.

If v6 is enabled on the network, it prefers the v6 DNS regardless of whether or not it'll work, and I haven't found a good way to shut off the stack and prefer v4 DNS if v6 is present. Trying to disable or work around it doesn't work in the script.

<!-- gh-comment-id:1585695996 --> @antonym commented on GitHub (Jun 10, 2023): The issue is really upstream with iPXE, I could probably build images that were separate single stack to see if that would work better but ideally I wouldn't have to create more images. If v6 is enabled on the network, it prefers the v6 DNS regardless of whether or not it'll work, and I haven't found a good way to shut off the stack and prefer v4 DNS if v6 is present. Trying to disable or work around it doesn't work in the script.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@dedene commented on GitHub (Jun 11, 2023):

Is there any pointer you could give on how to build these single stack (i.e. ipv4 only) images? I’d be happy to play around with it and see if it solves the issue.

I agree ideally it should be solved in iPXE but in the meanwhile this could be a good workaround.

<!-- gh-comment-id:1586085193 --> @dedene commented on GitHub (Jun 11, 2023): Is there any pointer you could give on how to build these single stack (i.e. ipv4 only) images? I’d be happy to play around with it and see if it solves the issue. I agree ideally it should be solved in iPXE but in the meanwhile this could be a good workaround.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Jul 9, 2023):

I made a few changes to the boot-loader in development to see if it can more gracefully handle v4/v6 hybrid scenarios so the end result is that you end up in the menu and I can hopefully avoid having to split the disks up into separate stacks. Can anyone experiencing the issue try these boot-loaders out and see if it helps any in the scenario that usually doesn't work for you? I'm not currently utilizing v6 in my environment so it's difficult to simulate.

https://s3.amazonaws.com/dev.boot.netboot.xyz/9a04a0741e078c770c54c99bce5fdfb960507e98/index.html

If it see's netX/dns6 set from DHCP, it'll attempt v6 connectivity first. If that fails, it'll clear out the netX/dns6 variable and attempt another reload. If netX/dns6 is not set, it should abandon trying to use the v6 stack and fall back to booting over v4.

Actual changes are:

github.com/netbootxyz/netboot.xyz@5e9d77fefa
github.com/netbootxyz/netboot.xyz@9a04a0741e

<!-- gh-comment-id:1627775682 --> @antonym commented on GitHub (Jul 9, 2023): I made a few changes to the boot-loader in development to see if it can more gracefully handle v4/v6 hybrid scenarios so the end result is that you end up in the menu and I can hopefully avoid having to split the disks up into separate stacks. Can anyone experiencing the issue try these boot-loaders out and see if it helps any in the scenario that usually doesn't work for you? I'm not currently utilizing v6 in my environment so it's difficult to simulate. https://s3.amazonaws.com/dev.boot.netboot.xyz/9a04a0741e078c770c54c99bce5fdfb960507e98/index.html If it see's `netX/dns6` set from DHCP, it'll attempt v6 connectivity first. If that fails, it'll clear out the `netX/dns6` variable and attempt another reload. If `netX/dns6` is not set, it should abandon trying to use the v6 stack and fall back to booting over v4. Actual changes are: https://github.com/netbootxyz/netboot.xyz/commit/5e9d77fefa22931acef808280ca48c16d040e3e5 https://github.com/netbootxyz/netboot.xyz/commit/9a04a0741e078c770c54c99bce5fdfb960507e98
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@dedene commented on GitHub (Jul 10, 2023):

@antonym Awesome, thx for having a look at this! I can confirm it is an improvement: with the new images it automatically boots into the Netboot.xyz menu without manually setting the network config.

However after selecting an image (for installation or live cd) I still get the same Network Unreachable error. I made a small screen recording to show: https://cln.sh/97kZdn2WNTqcM50ZCkMp You can see when booting in the menu it says "attempting IPv4..." but then after selecting a distro it fails again probably due to ipv6?

<!-- gh-comment-id:1628679923 --> @dedene commented on GitHub (Jul 10, 2023): @antonym Awesome, thx for having a look at this! I can confirm it is an improvement: with the new images it automatically boots into the Netboot.xyz menu without manually setting the network config. However after selecting an image (for installation or live cd) I still get the same _Network Unreachable_ error. I made a small screen recording to show: https://cln.sh/97kZdn2WNTqcM50ZCkMp You can see when booting in the menu it says "attempting IPv4..." but then after selecting a distro it fails again probably due to ipv6?
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Jul 10, 2023):

It looks like it's failing on https but passing on http. The menu can be pulled from either, but anything pulled from Github is going to be https so it may be worth digging into why it's unable to load https. Date/time on machine might be one issue.

<!-- gh-comment-id:1629087296 --> @antonym commented on GitHub (Jul 10, 2023): It looks like it's failing on https but passing on http. The menu can be pulled from either, but anything pulled from Github is going to be https so it may be worth digging into why it's unable to load https. Date/time on machine might be one issue.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@dedene commented on GitHub (Jul 15, 2023):

@antonym Sorry for the late reply. Indeed it's failing on https. But when pressing 'm' and just hitting enter for manual network config, https seems to works just fine. Also, NTP is running on the host, so I'm quite sure the Date/Time is configured correctly for the VM.

Any ideas why the https could be failing for the automatic flow, but working using the failsafe menu and manual (ipv4) network configuration?

<!-- gh-comment-id:1636779994 --> @dedene commented on GitHub (Jul 15, 2023): @antonym Sorry for the late reply. Indeed it's failing on https. But when pressing 'm' and just hitting enter for manual network config, https seems to works just fine. Also, NTP is running on the host, so I'm quite sure the Date/Time is configured correctly for the VM. Any ideas why the https could be failing for the automatic flow, but working using the failsafe menu and manual (ipv4) network configuration?
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@ManuLinares commented on GitHub (Jun 7, 2024):

Hasn't been any news on this. Still on my network I have all ipv6 dhcp6 disabled, but when I start my machine I always have to press "m" to enter failsafe mode, then accepts the defaults and it works. Automatically it doesn't.

Any fix for this? Any workaround?

<!-- gh-comment-id:2153633788 --> @ManuLinares commented on GitHub (Jun 7, 2024): Hasn't been any news on this. Still on my network I have all ipv6 dhcp6 disabled, but when I start my machine I always have to press "m" to enter failsafe mode, then accepts the defaults and it works. Automatically it doesn't. Any fix for this? Any workaround?
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Jul 3, 2024):

I guess I'm not adding much here except to say I'm seeing the exact same behavior as @ManuLinares et al.

<!-- gh-comment-id:2204884273 --> @nrvale0 commented on GitHub (Jul 3, 2024): I guess I'm not adding much here except to say I'm seeing the exact same behavior as @ManuLinares et al.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Aug 19, 2024):

After following the above link to the iPXE mailing list and then learning that iPXE will default to IPv6 for assets if it gets an AAAA record during DNS query, I adjusted my gateway's DNS settings (Unbound) to block all AAAA queries and the PXE-booting node is now able to download its boot images without a "Network unreachable..." message.

I think iPXE still needs better logic (and perhaps some tunables) to address this issue but here is a work-around config for Unbound:

server:
  private-address: ::/0
<!-- gh-comment-id:2296911959 --> @nrvale0 commented on GitHub (Aug 19, 2024): After following the above link to the iPXE mailing list and then learning that iPXE will default to IPv6 for assets if it gets an AAAA record during DNS query, I adjusted my gateway's DNS settings (Unbound) to block all AAAA queries and the PXE-booting node is now able to download its boot images without a "Network unreachable..." message. I think iPXE still needs better logic (and perhaps some tunables) to address this issue but here is a work-around config for Unbound: ``` server: private-address: ::/0 ```
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Aug 19, 2024):

After following the above link to the iPXE mailing list and then learning that iPXE will default to IPv6 for assets if it gets an AAAA record during DNS query, I adjusted my gateway's DNS settings (Unbound) to block all AAAA queries and the PXE-booting node is now able to download its boot images without a "Network unreachable..." message.

I think iPXE still needs better logic (and perhaps some tunables) to address this issue but here is a work-around config for Unbound:


server:

  private-address: ::/0

Globally disabling AAAA responses/IPv6 on your network feels too heavy handed of a solution to me.

Here's an alternate solution to only filter AAAA responses for just netboot.xyz:

Copy the script below to /etc/unbound.

https://gist.github.com/FiloSottile/e2cffde2bae1ea0c14eada229543aebd

Modify the domains dict to just one entry of netboot.xyz.:


domains = [
     "netboot.xyz.",
#    "netflix.com.",
#    "nflxso.net.",
]

Update your /etc/unbound/unbound.conf to contain the following directives:

server:
    module-config: "python"

python:
    python-script: "/etc/unbound/filter-aaaa.py"

Ideally, this could be scoped even further to specific source addresses but this is probably better than filtering out half the internet over an iPXE bug 😃.

<!-- gh-comment-id:2297311902 --> @joshenders commented on GitHub (Aug 19, 2024): > After following the above link to the iPXE mailing list and then learning that iPXE will default to IPv6 for assets if it gets an AAAA record during DNS query, I adjusted my gateway's DNS settings (Unbound) to block all AAAA queries and the PXE-booting node is now able to download its boot images without a "Network unreachable..." message. > > > > I think iPXE still needs better logic (and perhaps some tunables) to address this issue but here is a work-around config for Unbound: > > > > ``` > > server: > > private-address: ::/0 > > ``` > > Globally disabling AAAA responses/IPv6 on your network feels too heavy handed of a solution to me. Here's an alternate solution to only filter AAAA responses for just netboot.xyz: Copy the script below to `/etc/unbound`. https://gist.github.com/FiloSottile/e2cffde2bae1ea0c14eada229543aebd Modify the domains dict to just one entry of `netboot.xyz.`: ```python domains = [ "netboot.xyz.", # "netflix.com.", # "nflxso.net.", ] ``` Update your `/etc/unbound/unbound.conf` to contain the following directives: ``` server: module-config: "python" python: python-script: "/etc/unbound/filter-aaaa.py" ``` Ideally, this could be scoped even further to specific source addresses but this is probably better than filtering out half the internet over an iPXE bug 😃.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Aug 19, 2024):

Neither my internal network nor my upstream ISP supports IPv6 so those records aren't of any use to me. And its not the first time I've had problems with IPv6 records in DNS replies. Yes, if someone's upstream ISP requires IPv6 that's going to be too Big Hammer.

Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;)

<!-- gh-comment-id:2297671336 --> @nrvale0 commented on GitHub (Aug 19, 2024): Neither my internal network nor my upstream ISP supports IPv6 so those records aren't of any use to me. And its not the first time I've had problems with IPv6 records in DNS replies. Yes, if someone's upstream ISP requires IPv6 that's going to be too Big Hammer. Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;)
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Aug 19, 2024):

Neither my internal network nor my upstream ISP supports IPv6 so those records aren't of any use to me. And its not the first time I've had problems with IPv6 records in DNS replies. Yes, if someone's upstream ISP requires IPv6 that's going to be too Big Hammer.

Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;)

Just exhausted seeing low effort "disable IPv6" solutions. Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on.

<!-- gh-comment-id:2297684316 --> @joshenders commented on GitHub (Aug 19, 2024): > Neither my internal network nor my upstream ISP supports IPv6 so those records aren't of any use to me. And its not the first time I've had problems with IPv6 records in DNS replies. Yes, if someone's upstream ISP requires IPv6 that's going to be too Big Hammer. > > Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;) Just exhausted seeing low effort "disable IPv6" solutions. Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Aug 20, 2024):

Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;)

Just exhausted seeing low effort "disable IPv6" solutions. Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on.

You should refrain from assuming my requirements and whether or not they are "low effort". I can assure you that the x-vendor support for IPv6 is barely better now than it was 20 years ago because I worked at a research lab that helped with a number of the implementations.

The fact that we are here discussing a work-around for this half-hearted iPXE "heuristic" says a lot about about the community's understanding and the ecosystem's support of the technology as well.

<!-- gh-comment-id:2297780127 --> @nrvale0 commented on GitHub (Aug 20, 2024): > > Regardless, it's a data point to suggest that the iPXE "heuristic" is a bit...well, it could use some more attention. ;) > > Just exhausted seeing low effort "disable IPv6" solutions. Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on. You should refrain from assuming my requirements and whether or not they are "low effort". I can assure you that the x-vendor support for IPv6 is barely better now than it was 20 years ago because I worked at a research lab that helped with a number of the implementations. The fact that we are here discussing a work-around for this half-hearted iPXE "heuristic" says a lot about about the community's understanding and the ecosystem's support of the technology as well.
kerem commented 2026-03-01 18:35:16 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Aug 20, 2024):

You should refrain from assuming my requirements and whether or not they are "low effort".

I find it odd that you consider a one line change higher effort than the complicated multi-step Python solution I posted.

Users are going to discover your solution via search engine and needlessly block access to half the internet on their network as a work around; it's irresponsible.

The fact that we are here discussing a work-around for this half-hearted iPXE "heuristic" says a lot about about the community's understanding and the ecosystem's support of the technology as well.

You're not wrong. I hope this gets fixed in iPXE. Again, in 2024 it's inexcusable to not have a working IPv6 stack.

<!-- gh-comment-id:2297815694 --> @joshenders commented on GitHub (Aug 20, 2024): > You should refrain from assuming my requirements and whether or not they are "low effort". I find it odd that you consider a one line change higher effort than the complicated multi-step Python solution I posted. Users are going to discover your solution via search engine and needlessly block access to half the internet on their network as a work around; it's irresponsible. > The fact that we are here discussing a work-around for this half-hearted iPXE "heuristic" says a lot about about the community's understanding and the ecosystem's support of the technology as well. You're not wrong. I hope this gets fixed in iPXE. Again, in 2024 it's inexcusable to not have a working IPv6 stack.
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@foxt commented on GitHub (Aug 20, 2024):

Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on.

You're right. My internal network, and all the devices on it do support IPv6, and of course a lot of the internet supports IPv6. But, I don't have a ethernet cable long enough to run to Big Ben, that's even if The Elders would let me directly plug in, so there has to be someone in between my local network and The Internet, and at least in the UK, your chances are 50/50 if you'll get an IPv6, or get told there's still enough v4 left

<!-- gh-comment-id:2298129084 --> @foxt commented on GitHub (Aug 20, 2024): > Your internal network likely does support it, you've just not bothered to set it up or disabled it 🤪. It's 2024, all major hardware and operating systems made in the last 20 years support IPv6 and half the Internet is accessible over IPv6, it's time to move on. You're right. My internal network, and all the devices on it do support IPv6, and of course a lot of the internet supports IPv6. But, [I don't have a ethernet cable long enough to run to Big Ben, that's even if The Elders would let me directly plug in](https://youtu.be/iDbyYGrswtg), so there has to be someone in between my local network and The Internet, and at least in the UK, your chances are 50/50 if you'll get an IPv6, or get told [there's still enough v4 left](https://x.com/KCOMhome/status/1199645424329613312)
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Oct 27, 2024):

FWIW, I have now been running for months with my "irresponsible" solution above with zero negative consequences. I am at least two hops from any network supporting IPv6 and upstream routers handle that transition without my intervention.

This as a data point to suggest viability of either shipping a binary without IPv6 support or, preferably, providing a working config option to disable it until the iPXE IPv6 support is properly sorted.

<!-- gh-comment-id:2439994138 --> @nrvale0 commented on GitHub (Oct 27, 2024): FWIW, I have now been running for months with my "irresponsible" solution above with zero negative consequences. I am at least two hops from any network supporting IPv6 and upstream routers handle that transition without my intervention. This as a data point to suggest viability of either shipping a binary without IPv6 support or, preferably, providing a working config option to disable it until the iPXE IPv6 support is properly sorted.
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@joshenders commented on GitHub (Oct 27, 2024):

Please stop encouraging people to disable IPv6.

Disabling IPv6 on your network "works" as a solution in the same way that taking the bus fixes a flat tire.

The root cause here is that the rfc6555 implementation is currently broken in iPXE. Future conversations in this issue should focus on that.

Even if upstream routers are IPv6 capable, if you do not have end-to-end IPv6 connectivity, you do not have a working IPv6 connection. You can test that here: https://test-ipv6.com

The solution I posted above will effectively filter IPv6 from iPXE's broken implementation while leaving your network in a ready state for upstream IPv6 connectivity.

<!-- gh-comment-id:2440098963 --> @joshenders commented on GitHub (Oct 27, 2024): Please stop encouraging people to disable IPv6. Disabling IPv6 on your network "works" as a solution in the same way that taking the bus fixes a flat tire. The root cause here is that the [rfc6555](https://datatracker.ietf.org/doc/html/rfc6555) implementation is [currently broken](https://github.com/ipxe/ipxe/issues/958) in iPXE. Future conversations in this issue should focus on that. Even if upstream routers are IPv6 capable, if you do not have end-to-end IPv6 connectivity, you do not have a working IPv6 connection. You can test that here: https://test-ipv6.com The solution I posted above will effectively filter IPv6 from iPXE's broken implementation while leaving your network in a ready state for upstream IPv6 connectivity.
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@nrvale0 commented on GitHub (Oct 27, 2024):

As a status check I disabled the work-around for the broken IPv6 DNS resolution this morning and am now able to boot PXE clients cleanly. So something in netboot.xyz or iPXE has changed since my last updates and thus that work-around is no longer necessary.

Which the added benefit that I can now Kill File all future interactions with jhenders who does not seem to have ever committed to this repo anyway. Which is a rather nice for of "low effort" in the end.

<!-- gh-comment-id:2440128979 --> @nrvale0 commented on GitHub (Oct 27, 2024): As a status check I disabled the work-around for the broken IPv6 DNS resolution this morning and am now able to boot PXE clients cleanly. So something in netboot.xyz or iPXE has changed since my last updates and thus that work-around is no longer necessary. Which the added benefit that I can now Kill File all future interactions with jhenders who does not seem to have ever committed to this repo anyway. Which is a rather nice for of "low effort" in the end.
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@abitrolly commented on GitHub (Oct 28, 2024):

I wonder if there is a way to test these IPv4/IPv6 glitches in Actions CI?

<!-- gh-comment-id:2440664123 --> @abitrolly commented on GitHub (Oct 28, 2024): I wonder if there is a way to test these IPv4/IPv6 glitches in Actions CI?
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@drebes commented on GitHub (Jan 9, 2025):

Faced the same issue, my subnet runs ULA IPv6 (non-routable) and RFC1918 NATed IPv4 (routable), and this is by design. I can confirm this is an issue with iPXE, and tried different workarounds to try to get iPXE to give up on the IPv6 DNS server config. The main problem is that dns6 and netX/dns6 cannot be cleared (I tested both on an iPXE shell), so this effectively fails silently, and the re-attempt that is supposed to happen over IPv4 happens again over IPv6.

Would publishing a boot_domain that returns A records only be an option (eg: boot-v4.netboot.xyz), and overriding it with one of the local scripts?

<!-- gh-comment-id:2581260284 --> @drebes commented on GitHub (Jan 9, 2025): Faced the same issue, my subnet runs ULA IPv6 (non-routable) and RFC1918 NATed IPv4 (routable), and this is by design. I can confirm this is [an issue with iPXE](https://ipxe-devel.ipxe.narkive.com/TmVy2Mdd/fallback-to-ipv4-or-disable-ipv6#post3), and tried different workarounds to try to get iPXE to give up on the IPv6 DNS server config. The main problem is that `dns6` and `netX/dns6` cannot be cleared (I tested both on an iPXE shell), so [this](https://github.com/netbootxyz/netboot.xyz/blob/7b911c3ca8be4dbc6f9a4c0ed246eb7eb74367bd/roles/netbootxyz/templates/disks/netboot.xyz.j2#L124) effectively fails silently, and the re-attempt that is supposed to happen over IPv4 happens again over IPv6. Would publishing a boot_domain that returns A records only be an option (eg: `boot-v4.netboot.xyz`), and overriding it with one of the local scripts?
kerem commented 2026-03-01 18:35:17 +03:00
Author
Owner
Copy link

@NiKiZe commented on GitHub (Dec 30, 2025):

Please stop encouraging people to disable IPv6.

Disabling IPv6 on your network "works" as a solution in the same way that taking the bus fixes a flat tire.

The root cause here is that the rfc6555 implementation is currently broken in iPXE. Future conversations in this issue should focus on that.

Even if upstream routers are IPv6 capable, if you do not have end-to-end IPv6 connectivity, you do not have a working IPv6 connection. You can test that here: https://test-ipv6.com

The solution I posted above will effectively filter IPv6 from iPXE's broken implementation while leaving your network in a ready state for upstream IPv6 connectivity.

Agree with most of this, except the statement of happy eyeballs being broken in iPXE, there is a lack of support for a feature that hides broken IPv6 configurations, lack of support for this feature is not the same as broken.
If you have a device on the network that does RA (Router Advertisements) iPXE will and should assume that it provides access to the internet and try and route traffic thru it.

The best approach here is to make sure you have proper working IPv6, and if possible, even go IPv6 only.

<!-- gh-comment-id:3697884556 --> @NiKiZe commented on GitHub (Dec 30, 2025): > Please stop encouraging people to disable IPv6. > > Disabling IPv6 on your network "works" as a solution in the same way that taking the bus fixes a flat tire. > > The root cause here is that the [rfc6555](https://datatracker.ietf.org/doc/html/rfc6555) implementation is [currently broken](https://github.com/ipxe/ipxe/issues/958) in iPXE. Future conversations in this issue should focus on that. > > Even if upstream routers are IPv6 capable, if you do not have end-to-end IPv6 connectivity, you do not have a working IPv6 connection. You can test that here: https://test-ipv6.com > > The solution I posted above will effectively filter IPv6 from iPXE's broken implementation while leaving your network in a ready state for upstream IPv6 connectivity. Agree with most of this, except the statement of happy eyeballs being broken in iPXE, there is a lack of support for a feature that hides broken IPv6 configurations, lack of support for this feature is not the same as broken. If you have a device on the network that does RA (Router Advertisements) iPXE will and should assume that it provides access to the internet and try and route traffic thru it. The best approach here is to make sure you have proper working IPv6, and if possible, even go IPv6 only.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
add-ubuntu-26.04
renovate/ansible-13.x
master
RC
changelog/3.0.1
feat/enable-rolling-builds
feat/secureboot-shim-devuan-kali
feature/secureboot-release-artifacts
copilot/sub-pr-1738
claude/issue-1703-20251117-0231
claude/issue-1703-20251117-0226
claude/issue-1703-20251117-0220
copilot/add-regex-manager-for-workflow-files
copilot/update-install-dependencies-step
copilot/fix-6503c0f7-4459-4828-8fe9-0b7f297ed932
claude/issue-1672-20250912-0331
testing
kairos_support
test
antonym/add-mac-pass
3.0.1
3.0.1-RC
3.0.0
3.0.0-RC
2.0.89
2.0.89-RC
2.0.88-RC
2.0.88
2.0.87-RC
2.0.87
2.0.86
2.0.86-RC
2.0.85
2.0.85-RC
2.0.84
2.0.84-RC
2.0.83
2.0.83-RC
2.0.82-RC
2.0.82
2.0.81-RC
2.0.81
2.0.80
2.0.80-RC
2.0.79
2.0.79-RC
2.0.78
2.0.78-RC
2.0.77-RC
2.0.77
2.0.76
2.0.76-RC
2.0.75
2.0.75-RC
2.0.74
2.0.74-RC
2.0.73
2.0.73-RC
2.0.72
2.0.72-RC
2.0.71
2.0.71-RC
2.0.70
2.0.70-RC
2.0.69
2.0.69-RC
2.0.68
2.0.68-RC
2.0.67
2.0.67-RC
2.0.66
2.0.66-RC
2.0.65
2.0.65-RC
2.0.64
2.0.64-RC
2.0.63
2.0.63-RC
2.0.62
2.0.62-RC
2.0.61
2.0.61-RC
2.0.60
2.0.60-RC
2.0.59
2.0.59-RC
2.0.58
2.0.58-RC
2.0.57
2.0.57-RC
2.0.56
2.0.56-RC
2.0.55
2.0.55-RC
2.0.54
2.0.54-RC
2.0.53
2.0.53-RC
2.0.52
2.0.52-RC
2.0.51
2.0.51-RC
2.0.50
2.0.50-RC
2.0.49
2.0.49-RC
2.0.48
2.0.48-RC
2.0.47
2.0.47-RC
2.0.46
2.0.46-RC
2.0.45
2.0.45-RC
2.0.44
2.0.44-RC
2.0.43
2.0.43-RC
2.0.42
2.0.42-RC
2.0.41
2.0.41-RC
2.0.40
2.0.40-RC
2.0.39
2.0.39-RC
2.0.38
2.0.38-RC
2.0.37
2.0.37-RC
2.0.36
2.0.36-RC
2.0.35
2.0.35-RC
2.0.34
2.0.34-RC
2.0.33
2.0.33-RC
2.0.32
2.0.32-RC
2.0.31
2.0.31-RC
2.0.30
2.0.30-RC
2.0.29
2.0.29-RC
2.0.28
2.0.28-RC
2.0.27
2.0.27-RC
2.0.26
2.0.26-RC
2.0.25
2.0.25-RC5LI
2.0.25-RC
2.0.24
2.0.24-RC
2.0.23
2.0.23-RC
2.0.22
2.0.22-RC
2.0.21
2.0.21-RC
2.0.20
2.0.20-RC
2.0.19
2.0.19-RC
2.0.18
2.0.18-RC
2.0.17
2.0.17-RC
2.0.16
2.0.16-RC
2.0.15
2.0.15-RC
2.0.14
2.0.14-RCZQD
2.0.14-RC
2.0.13
2.0.13-RC17N
2.0.13-RC
2.0.12
2.0.12-RC
2.0.11
2.0.10
2.0.10-RC
2.0.9
2.0.9-RC2N0
2.0.9-RC
2.0.8
2.0.8-RC
2.0.7
2.0.7-RC
2.0.6
2.0.6-R1-RC
2.0.6-RC
2.0.5
2.0.5-RC
2.0.4
2.0.4-RC
2.0.3
2.0.3-RC
2.0.2
2.0.2-RC
2.0.1
2.0.1-RC
2.0.0
2.0.0-RC
1.9.91-RC
1.9.9
1.9.9-RC
1.9.8-RC
1.0.0
1.9.7-RC
Labels
Clear labels   
Hacktoberfest

   
Hacktoberfest

   
bootloader

   
bsd

   
bug

   
confirmed

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
eol

   
experimental-merged

   
freebsd

   
help wanted

   
invalid

   
investigate

   
ipxe

   
linux

   
live-os

   
memdisk

   
menu

   
no-issue-activity

   
no-issue-activity

   
pull-request

Mirrored from GitHub Pull Request

  
released

   
todo

   
upstream

   
windows

   
windows

   
work-in-progress
No labels
Hacktoberfest
Hacktoberfest
bootloader
bsd
bug
confirmed
documentation
duplicate
enhancement
enhancement
enhancement
eol
experimental-merged
freebsd
help wanted
invalid
investigate
ipxe
linux
live-os
memdisk
menu
no-issue-activity
no-issue-activity
pull-request
released
todo
upstream
windows
windows
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/netboot.xyz#1659
No description provided.