[Kea-users] Kea dhcp6 clients do not get IPs

Jan Jurko jan at jurko.cz
Mon Aug 19 19:12:19 UTC 2024 

Ok, and now it is solved.

The magic was: "interface": "ens3“, in the subnet6 section. interfaces-config was not enough.

Thank you very much for your help guys!

Jan

> 19. 8. 2024 v 20:54, Jan Jurko via Kea-users <kea-users at lists.isc.org>:
> 
> Hi Darren.
> I just discovered error message in the tcpdump - Server could not select subnet for this client name_of_the_client
> 
> Jan
> 
>> 19. 8. 2024 v 16:32, Jan Jurko via Kea-users <kea-users at lists.isc.org>:
>> 
>> Hi Darren.
>> 
>> Here are some tcpdump logs gathered during ipconfig /renew6 on windows machine.
>> 
>> 
>> 16:28:45.345877 IP6 (flowlabel 0x50bc8, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:45.347124 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.336578 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.337552 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.338244 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.338882 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.345023 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.346179 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.346691 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.347208 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.347629 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.348078 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.348483 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.348923 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 16:28:46.349395 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 16:28:46.349856 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>> 
>> 
>> Jan
>> 
>>> 18. 8. 2024 v 23:55, Darren Ankney <darren.ankney at gmail.com>:
>>> 
>>> Hi Jan,
>>> 
>>> "Message is invalid and it is discarded." this is the reason.  Though
>>> I could not begin to speculate why the client is discarding the
>>> message.  Most likely there is some incorrect information or missing
>>> information (some option was requested but was not sent).  Wireshark
>>> can help here.  Use tcpdump to dump the packets:  tcpdump -w dump.pcap
>>> port 547.  Open the file in Wireshark.  See what was requested in the
>>> Solicit vs what was sent in the Advertise.
>>> 
>>> Thank you,
>>> Darren Ankney
>>> 
>>> On Sun, Aug 18, 2024 at 7:03 AM Jan Jurko via Kea-users
>>> <kea-users at lists.isc.org> wrote:
>>>> 
>>>> Hello Darren.
>>>> Thank you for your reply.
>>>> 
>>>> Kea and client are both on the same hypervizor, other clients are on the same network in the building so there should not be a problem with some fw etc.
>>>> 
>>>> I’ve enabled windows logs for dhcp and here they are:
>>>> 
>>>> 1.
>>>> Information
>>>> Solicit is sent from the interface 4. Status code is 0x0
>>>> 
>>>> 2.
>>>> Error
>>>> Message is invalid and it is discarded.
>>>> 
>>>> 3.
>>>> Error
>>>> Your computer was not assigned an address from the network (by the DHCP server) for the Network Card with network address XXXX. The following error occured: 0x138E. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
>>>> 
>>>> 
>>>> There is no firewall on the clients.
>>>> 
>>>> As I said, Kea and rest of the computers/clients are in the same network.
>>>> 
>>>> I’ve tried to create the small configuration - no reservations, only pool of addresses - the same bad result.
>>>> 
>>>> Thank you very much for your help.
>>>> 
>>>> Jan
>>>> 
>>>> 
>>>>> 18. 8. 2024 v 12:36, Darren Ankney <darren.ankney at gmail.com>:
>>>>> 
>>>>> Hi Jan,
>>>>> 
>>>>> From the log messages you have shown, it appears that Kea is
>>>>> attempting to advertise some address to a client with DUID:
>>>>> 00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7 The client should next
>>>>> request this address but that isn't shown in your logs.  The client
>>>>> must not like something about the advertisement or is not receiving
>>>>> the advertisement.  It would be difficult to help without more
>>>>> information.  Is this traffic relayed or do the client and server
>>>>> exist on the same physical network?  Have you looked in the client
>>>>> logs (if exist) to see what it thinks is happening?  You might try
>>>>> adding a small pool to the subnet to see what happens (i.e., does the
>>>>> client get an address, though I doubt that would be the case).
>>>>> 
>>>>> Thank you,
>>>>> Darren Ankney
>>>>> 
>>>>> On Sun, Aug 18, 2024 at 5:03 AM Jan Jurko via Kea-users
>>>>> <kea-users at lists.isc.org> wrote:
>>>>>> 
>>>>>> Good day.
>>>>>> I have Kea 2.6.1 installed. I use v4 and v6 dhcp server. V4 works fine but v6 does not give clients IPv6 addresses. The setup is:
>>>>>> 
>>>>>> HW router with ipv6 enabled, RA enabled, M flag present. I do not use O flag because in the dualstack dns servers are on v4 addresses. So I just want to distribute ipv6 addresses from dhcp server to clients. I use hw-address to distribute addresses but I tried DUID as well.
>>>>>> 
>>>>>> I can see in the Kea logs this output:
>>>>>> 
>>>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>>>> 2024-08-18 10:44:33.957 INFO  [kea-dhcp6.dhcp6/3542.140690717476544] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>>> 2024-08-18 10:44:33.958 INFO  [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>>> 2024-08-18 10:44:33.958 INFO  [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>>>> 2024-08-18 10:44:33.959 INFO  [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>>> 2024-08-18 10:44:33.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>>> 2024-08-18 10:44:33.960 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:de
>>>>>> 
>>>>>> 
>>>>>> I’ve used the old ISC dhcp server but I want to migrace to Kea because the old ISC dhcp server is obsolette.
>>>>>> 
>>>>>> Configuration file looks like this (it is truncated because there are more than 200 records):
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> {
>>>>>> # /etc/dhcpd6.conf
>>>>>> #
>>>>>> # Sample DHCPv6 configuration file for ISC dhcpd
>>>>>> #
>>>>>> # *** PLEASE CONFIGURE IT FIRST ***
>>>>>> #
>>>>>> # Don't forget to set the DHCPD6_INTERFACE in the
>>>>>> # /etc/sysconfig/dhcpd file.
>>>>>> #
>>>>>> /// This configuration declares some subnets but has no interfaces-config
>>>>>> /// Reference Kea #245
>>>>>> "Dhcp6": {
>>>>>> "control-socket": {
>>>>>>     "socket-type": "unix",
>>>>>>     "socket-name": "/tmp/kea6-ctrl-socket"
>>>>>> },
>>>>>> "mac-sources": [
>>>>>>     "any"
>>>>>> ],
>>>>>> "loggers": [
>>>>>>   {
>>>>>>     "name": "kea-dhcp6",
>>>>>>     "severity": "DEBUG",
>>>>>>     "output_options": [
>>>>>>       {
>>>>>>         "output": "/var/log/kea/dhcp6.log",
>>>>>>         "maxver": 10
>>>>>>       }
>>>>>>     ]
>>>>>>   },
>>>>>>   {
>>>>>>     "name": "kea-dhcp6.dhcpsrv",
>>>>>>     "severity": "DEBUG",
>>>>>>     "output_options": [
>>>>>>       {
>>>>>>         "output": "/var/log/kea/dhcp6-dhcpsrv.log",
>>>>>>         "maxver": 10
>>>>>>       }
>>>>>>     ]
>>>>>>   },
>>>>>>   {
>>>>>>     "name": "kea-dhcp6.leases",
>>>>>>     "severity": "DEBUG",
>>>>>>     "output_options": [
>>>>>>       {
>>>>>>         "output": "/var/log/kea/dhcp6-leases.log",
>>>>>>         "maxver": 10
>>>>>>       }
>>>>>>     ]
>>>>>>   }
>>>>>> ],
>>>>>> "interfaces-config": {
>>>>>>     "interfaces": [ "ens3" ]
>>>>>> },
>>>>>> "subnet6": [
>>>>>>   {
>>>>>>     "id": 1,
>>>>>>     "subnet": „2001:XXX:XXX:0::/64",
>>>>>>   "reservations": [
>>>>>>   {
>>>>>>     "hostname": „XXX",
>>>>>>     "hw-address": "08:8f:c3:f5:ab:49",
>>>>>>     "ip-addresses": [
>>>>>>       „2001:XXX:XXX:0:192:168:1:75"
>>>>>>     ]
>>>>>>   },
>>>>>>   {
>>>>>>     "hostname": „AAAAA",
>>>>>>     "hw-address": "08:97:98:d7:c5:d0",
>>>>>>     "ip-addresses": [
>>>>>>       „2001:XXX:XXX:0:192:168:0:169"
>>>>>>     ]
>>>>>>   }
>>>>>> ]
>>>>>> }
>>>>>> ]
>>>>>> }
>>>>>> }
>>>>>> 
>>>>>> Thank you for your help. I’ve spent more than 10 hours debugging this problem, but still no luck.
>>>>>> 
>>>>>> Jan
>>>>>> --
>>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>>> 
>>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>>> 
>>>>>> Kea-users mailing list
>>>>>> Kea-users at lists.isc.org
>>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>>> --
>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>> 
>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>> 
>>>>> Kea-users mailing list
>>>>> Kea-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>> 
>>>> --
>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>> 
>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>> 
>>>> Kea-users mailing list
>>>> Kea-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>> -- 
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>> 
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>> 
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>> 
>> -- 
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>> 
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>> 
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
> 
> -- 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> 
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240819/ef1d3f6d/attachment-0001.htm>

More information about the Kea-users mailing list