[Kea-users] Kea server can't send ACK packets

Darren Ankney darren.ankney at gmail.com
Wed Dec 10 15:25:15 UTC 2025 

Hi Daniel,

This looks similar to:
https://gitlab.isc.org/isc-projects/kea/-/issues/3662 but perhaps not
the same since you stated it happens regardless of socket type used. I
suspect this might be happening due to some strangeness in the packet
sent by nmap.  Please try testing with perfdhcp
(https://kea.readthedocs.io/en/stable/man/perfdhcp.8.html) instead.
This may do a better job of simulating a proper DHCP client.

A simple command line to use with perfdhcp that would match `nmap -sU
-p67 --script dhcp-discover AddressServer` would be:

`perfdhcp -4 -r 1 -R 1 -p 2 AddressServer`

The above will perform a 4-way exchange (DORA).  If you only want the
DISCOVER / OFFER part, then add `-i` to the command.

If that still results in the DHCP4_PACKET_SEND_FAIL error, then your
full configuration, debug log messages, and a packet capture will
probably be needed to understand what is happening.

Thank you,
Darren Ankney


On Tue, Dec 9, 2025 at 10:03 AM Daniel Garrapucho Levy
<daniel.garrapucho at ub.edu> wrote:
>
> Greetings !
>
> We just installed isc-kea in our server and configured it according to what is instructed in the Documentation.
> The server receives DHCP DISCOVERY packages, but it doesn't seem to be able to send back any ACK response.
> The only clue we have so far is the log file we configured for dhcp packets :
> Given the following variables, this is what we get whenever we simulate a DHCP Discovery broadcast with nmap
>
> AddressCliet: IP address of the client from which we run the tests
> AddressServer: IP address of the server where Kea DHCP is installed
> MACClient: MAC address of the client from which we run the tests.
>
>
> Command used from the client: nmap -sU -p67 --script dhcp-discover AddressServer
>
> DHCP4_BUFFER_RECEIVED received buffer from AddressClient:RandomPort to AddressServer:67 over interface NetworkInterface
> DHCP4_PACKET_RECEIVED [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: DHCPDISCOVER (type 1) received from AddressClient to AddressServer on interface NetworkInterface
> DHCP4_PACKET_SEND [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: trying to send packet DHCPOFFER (type 2) from AddressServer:67 to 255.255.255.255:68 on interface NetworkInterface
> DHCP4_PACKET_SEND_FAIL [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: failed to send DHCPv4 packet: pkt4 send failed: sendmsg() returned  with an error: Permission denied
>
>
> We have already made sure that the subnet we have configured is using the rigth network interface and we have opened both UDP ports 67/68 on the server using ufw, but to no avail. Using udp or raw packets gives the same outcome.
>
> We also checked that the kea sockets directory is owned by user _kea:_kea with mode 0755
>
> This is the information of the server where Kea is installed
>
>
> OS
> Ubuntu 22.04.5 LTS
> Kea version
> 3.0.2
> Installation method
> Package from Cloudsmith repository
>
>
> And this is the configuration of the dhcp server service:
> [Unit]
> Description=ISC KEA IPv4 DHCP daemon
> Documentation=man:kea-dhcp4(8)
> Wants=network-online.target mariadb.service
> Requires=kea-ctrl-agent.service
> After=network-online.target mariadb.service mysql.service
>
> [Service]
> ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
> RuntimeDirectory=kea
>
> [Install]
> WantedBy=multi-user.target
>
> Any idea what can be wrong ?  Many thanks for the hard work !
>
>
> Daniel Garrapucho Lévy
>
> Tècnic informàtic
>
> Departament de Física de la Matèria Condensada
> Facultat de Física
> Martí i Franquès, 1
> 08028 Barcelona
> Despatx 344
> Email: daniel.garrapucho at ub.edu
>
>
>
> Aquest missatge, i els fitxers adjunts que hi pugui haver, pot contenir informació confidencial o protegida legalment i s’adreça exclusivament a la persona o entitat destinatària. Si no consteu com a destinatari final o no teniu l’encàrrec de rebre’l, no esteu autoritzat a llegir-lo, retenir-lo, modificar-lo, distribuir-lo, copiar-lo ni a revelar-ne el contingut. Si l’heu rebut per error, informeu-ne el remitent i elimineu del sistema tant el missatge com els fitxers adjunts que hi pugui haver.
>
> Este mensaje, y los ficheros adjuntos que pueda incluir, puede contener información confidencial o legalmente protegida y está exclusivamente dirigido a la persona o entidad destinataria. Si usted no consta como destinatario final ni es la persona encargada de recibirlo, no está autorizado a leerlo, retenerlo, modificarlo, distribuirlo o copiarlo, ni a revelar su contenido. Si lo ha recibido por error, informe de ello al remitente y elimine del sistema tanto el mensaje como los ficheros adjuntos que pueda contener.
>
> This email message and any attachments it carries may contain confidential or legally protected material and are intended solely for the individual or organization to whom they are addressed. If you are not the intended recipient of this message or the person responsible for processing it, then you are not authorized to read, save, modify, send, copy or disclose any part of it. If you have received the message by mistake, please inform the sender of this and eliminate the message and any attachments it carries from your account.
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> Kea-users at lists.isc.org

More information about the Kea-users mailing list