Proxmox 9 - UEFI PXE Boot Issue

P

pixel1138

New Member
Aug 11, 2025
3
0
1
I am unable to PXE Boot UEFI machines over IPv4 in Proxmox 9. Checking the Kea DHCP logs, the DHCPOFFER and DHCPACK both return options 66 and 67 correctly, and the client in OVMF shows it received the two options with the same information, but it fails with PXE-E18.

A few seconds after OVMF has already moved on to attempting IPv6 PXE, the logs for dnsmasq-tftp of the netboot.xyz stack show it then attempts to send netboot.xyz.efi to the VM multiple times.

I have created a new VM without the Pre-enroll keys option enabled for the EFI disk and added a VirtIO RNG device to the VM as well with no luck.

Legacy BIOS pxe works correctly.

Any help would be appreciated.
 
pixel1138 said:
I am unable to PXE Boot UEFI machines over IPv4 in Proxmox 9. Checking the Kea DHCP logs, the DHCPOFFER and DHCPACK both return options 66 and 67 correctly, and the client in OVMF shows it received the two options with the same information, but it fails with PXE-E18.
Click to expand...
Do the guests in question have a RNG device configured?
(see the changelog for PVE 8.4 - UEFI PXE boot needs on in recent versions : https://pve.proxmox.com/wiki/Roadmap#8.4-known-issues)
 
I did some more looking into this, and I still cannot determine the root cause of the issue. I ran tcpdump on the tftp server to compare the unsuccessful attempt by the VM's PXE Client 172.27.72.105 vs a test machine on the network 172.27.72.6 that can successfully download the boot file with a tftp client. I set the tftp client options on the test machine to the same options seen by the PXE client's request, tsize 0, blksize 1468, windowsize 4.

Each attempt is showing the first three packets. With the VM's PXE Client, there is no acknowledgement to the server's negotiation response, but with the test machine's tftp client, you can see there is an acknowledgement.

The VM's PXE Client:
Code: 
19:22:46.889425 IP 172.27.72.105.1272 > 172.27.72.21.69: TFTP, length 58, RRQ "netboot.xyz.efi" octet tsize 0 blksize 1468 windowsize 4
    0x0000:  4500 0056 1257 0000 4011 7f8b ac1b 4869  E..V.W..@.....Hi
    0x0010:  ac1b 4815 04f8 0045 0042 7340 0001 6e65  ..H....E.Bs@..ne
    0x0020:  7462 6f6f 742e 7879 7a2e 6566 6900 6f63  tboot.xyz.efi.oc
    0x0030:  7465 7400 7473 697a 6500 3000 626c 6b73  tet.tsize.0.blks
    0x0040:  697a 6500 3134 3638 0077 696e 646f 7773  ize.1468.windows
    0x0050:  697a 6500 3400                           ize.4.
    
19:22:46.889582 IP 172.27.72.20.50538 > 172.27.72.105.1272: UDP, length 29
    0x0000:  4500 0039 86ee 0000 3f11 0c12 ac1b 4814  E..9....?.....H.
    0x0010:  ac1b 4869 c56a 04f8 0025 e8ea 0006 626c  ..Hi.j...%....bl
    0x0020:  6b73 697a 6500 3134 3638 0074 7369 7a65  ksize.1468.tsize
    0x0030:  0031 3131 3837 3230 00                   .1118720.
    
19:22:48.141069 IP 172.27.72.20.50538 > 172.27.72.105.1272: UDP, length 29
    0x0000:  4500 0039 8738 0000 3f11 0bc8 ac1b 4814  E..9.8..?.....H.
    0x0010:  ac1b 4869 c56a 04f8 0025 e8ea 0006 626c  ..Hi.j...%....bl
    0x0020:  6b73 697a 6500 3134 3638 0074 7369 7a65  ksize.1468.tsize
    0x0030:  0031 3131 3837 3230 00                   .1118720.

The test machine's tftp client:

Code: 
19:39:44.808209 IP 172.27.72.6.33963 > 172.27.72.21.69: TFTP, length 58, RRQ "netboot.xyz.efi" octet tsize 0 blksize 1468 windowsize 4
    0x0000:  4500 0056 c9d8 4000 4011 886c ac1b 4806  E..V..@.@..l..H.
    0x0010:  ac1b 4815 84ab 0045 0042 e8a5 0001 6e65  ..H....E.B....ne
    0x0020:  7462 6f6f 742e 7879 7a2e 6566 6900 6f63  tboot.xyz.efi.oc
    0x0030:  7465 7400 7473 697a 6500 3000 626c 6b73  tet.tsize.0.blks
    0x0040:  697a 6500 3134 3638 0077 696e 646f 7773  ize.1468.windows
    0x0050:  697a 6500 3400                           ize.4.
    
19:39:44.808421 IP 172.27.72.20.47269 > 172.27.72.6.33963: UDP, length 29
    0x0000:  4500 0039 6d6f 0000 3f11 25f4 ac1b 4814  E..9mo..?.%...H.
    0x0010:  ac1b 4806 b8a5 84ab 0025 e887 0006 626c  ..H......%....bl
    0x0020:  6b73 697a 6500 3134 3638 0074 7369 7a65  ksize.1468.tsize
    0x0030:  0031 3131 3837 3230 00                   .1118720.
    
19:39:44.808549 IP 172.27.72.6.33963 > 172.27.72.20.47269: UDP, length 4
    0x0000:  4500 0020 4fab 4000 4011 02d1 ac1b 4806  E...O.@.@.....H.
    0x0010:  ac1b 4814 84ab b8a5 000c e86e 0004 0000  ..H........n....
 
Did you ever find a solution? Just wondering as I'm experiencing the exact same issue with Proxmox 8.14.3. This is my first time trying to PXE boot a Proxmox VM, but the same DHCP/TFTP combination (Kea + tftpd-hpa on Debian 12) works fine with a physical host.
 
Stoiko Ivanov said:
Do the guests in question have a RNG device configured?
(see the changelog for PVE 8.4 - UEFI PXE boot needs on in recent versions : https://pve.proxmox.com/wiki/Roadmap#8.4-known-issues)
Click to expand...
This has been driving me up the wall, as I use iPXE on EFI system at work on PVE 7, but my home PVE boxes are running PVE 8 and PVE 9. I had literally cycled through every machine version possible. Adding the VirtIO RNG instantly allowed netboot to function!

I guess it pays to read the release notes.

Could the VirtIO RNG object be made an option within the VM Creation? Ideally enabled by default
 
You must log in or register to reply here.
Top Bottom