Solved NFSv3: Access from unprivileged ports

[jb82]

Two machines guest and host. I'm trying to make PXE boot working from the guest connected via ue0 (on the host) emplaced into the NATed private bridge. Guest machine cannot reach out to the host via NFS to get its root partition.
It seems that NFS does not like access from ports >1024 and I don't know how to persuade it.

jb@p1 ~ [1]> mount_nfs -o resvport localhost:/zroot/nfsroot ./mnt
[tcp] localhost:/zroot/nfsroot: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak
[tcp6] localhost:/zroot/nfsroot: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak

When testing from localhost ( mount_nfs):

jb@p1 ~ [1]> doas tail /var/log/messages | grep unpriv
Oct  2 16:56:56 p1 mountd[4529]: mount request from 127.0.0.1 from unprivileged port
Oct  2 16:56:56 p1 mountd[4529]: mount request from ::1 from unprivileged port
Oct  2 17:01:16 p1 mountd[4706]: mount request from 127.0.0.1 from unprivileged port
Oct  2 17:01:16 p1 mountd[4706]: mount request from ::1 from unprivileged port

jb@p1 ~> showmount  -e
Exports list on localhost:
/zroot/nfsroot                     Everyone

jb@p1 ~> cat /etc/rc.conf | grep nfs
nfs_server_enable="YES"
nfs_server_flags="-t -u"
nfs_reserved_port_only="NO"
#nfsv4_server_enable="YES"

jb@p1 ~> doas  sysctl -d vfs.nfsd.nfs_privport
vfs.nfsd.nfs_privport: Only allow clients using a privileged port for NFSv2, 3 and 4
jb@p1 ~> doas  sysctl  vfs.nfsd.nfs_privport
vfs.nfsd.nfs_privport: 0

Moreover, if anybody would be that great to share his diskless PXE setup, it would be fantastic! I'm able to successfully transfer /boot/boot1.efi to the guest via tftp/dnsmaq but it's unable to get the root partition then. Perhaps even misconfigured loader.conf etc.

 

[jb82]

Resolved. Issue was elsewhere. Crucial is not to use boot1.efi but rather /boot/loader.efi.