[Kea-users] Kea server can't send ACK packets

Daniel Garrapucho Levy daniel.garrapucho at ub.edu
Tue Dec 9 15:03:01 UTC 2025 

Greetings !

We just installed isc-kea in our server and configured it according to what is instructed in the Documentation.
The server receives DHCP DISCOVERY packages, but it doesn't seem to be able to send back any ACK response.
The only clue we have so far is the log file we configured for dhcp packets :
Given the following variables, this is what we get whenever we simulate a DHCP Discovery broadcast with nmap

  *
AddressCliet: IP address of the client from which we run the tests
  *
AddressServer: IP address of the server where Kea DHCP is installed
  *
MACClient: MAC address of the client from which we run the tests.

Command used from the client: nmap -sU -p67 --script dhcp-discover AddressServer

DHCP4_BUFFER_RECEIVED received buffer from AddressClient:RandomPort to AddressServer:67 over interface NetworkInterface
DHCP4_PACKET_RECEIVED [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: DHCPDISCOVER (type 1) received from AddressClient to AddressServer on interface NetworkInterface
DHCP4_PACKET_SEND [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: trying to send packet DHCPOFFER (type 2) from AddressServer:67 to 255.255.255.255:68 on interface NetworkInterface
DHCP4_PACKET_SEND_FAIL [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: failed to send DHCPv4 packet: pkt4 send failed: sendmsg() returned  with an error: Permission denied


We have already made sure that the subnet we have configured is using the rigth network interface and we have opened both UDP ports 67/68 on the server using ufw, but to no avail. Using udp or raw packets gives the same outcome.

We also checked that the kea sockets directory is owned by user _kea:_kea with mode 0755

This is the information of the server where Kea is installed


OS
Ubuntu 22.04.5 LTS
Kea version
3.0.2
Installation method
Package from Cloudsmith repository


And this is the configuration of the dhcp server service:
[Unit]
Description=ISC KEA IPv4 DHCP daemon
Documentation=man:kea-dhcp4(8)
Wants=network-online.target mariadb.service
Requires=kea-ctrl-agent.service
After=network-online.target mariadb.service mysql.service

[Service]
ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
RuntimeDirectory=kea

[Install]
WantedBy=multi-user.target

Any idea what can be wrong ?  Many thanks for the hard work !


Daniel Garrapucho Lévy

Tècnic informàtic

Departament de Física de la Matèria Condensada
Facultat de Física
Martí i Franquès, 1
08028 Barcelona
Despatx 344
Email: daniel.garrapucho at ub.edu

[cid:ece202b8-13d2-4295-88b8-abbb37dfabf5]


Aquest missatge, i els fitxers adjunts que hi pugui haver, pot contenir informació confidencial o protegida legalment i s'adreça exclusivament a la persona o entitat destinatària. Si no consteu com a destinatari final o no teniu l'encàrrec de rebre'l, no esteu autoritzat a llegir-lo, retenir-lo, modificar-lo, distribuir-lo, copiar-lo ni a revelar-ne el contingut. Si l'heu rebut per error, informeu-ne el remitent i elimineu del sistema tant el missatge com els fitxers adjunts que hi pugui haver.

Este mensaje, y los ficheros adjuntos que pueda incluir, puede contener información confidencial o legalmente protegida y está exclusivamente dirigido a la persona o entidad destinataria. Si usted no consta como destinatario final ni es la persona encargada de recibirlo, no está autorizado a leerlo, retenerlo, modificarlo, distribuirlo o copiarlo, ni a revelar su contenido. Si lo ha recibido por error, informe de ello al remitente y elimine del sistema tanto el mensaje como los ficheros adjuntos que pueda contener.

This email message and any attachments it carries may contain confidential or legally protected material and are intended solely for the individual or organization to whom they are addressed. If you are not the intended recipient of this message or the person responsible for processing it, then you are not authorized to read, save, modify, send, copy or disclose any part of it. If you have received the message by mistake, please inform the sender of this and eliminate the message and any attachments it carries from your account.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20251209/cd932c08/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-utod0ydo.png
Type: image/png
Size: 98177 bytes
Desc: Outlook-utod0ydo.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20251209/cd932c08/attachment-0001.png>

More information about the Kea-users mailing list