[Kea-users] Is Interface mandate in kea-DHCPv6 section
Darren Ankney
darren.ankney at gmail.com
Sat Feb 22 10:33:35 UTC 2025
Hi Kraishak,
*{ "Dhcp6": { "interfaces-config": { "interfaces": ["ens192"] #
The network interface the DHCPv6 server listens on },*
This may leave Kea listening only on the link local address and the local
multicast address. Try adding the IPv6 address you would like Kea to
listen upon. Something like this:
"Dhcp6": {
"interfaces-config": {
"interfaces": [ "ens192/2001:db8::1234:abcd" ]
},
See here for further information:
https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#interface-configuration
You can confirm where Kea is currently listening like this:
sudo ss -ulnap | grep 547
You will probably find only the fe80 link local address in the resultant
output.
Thank you,
Darren Ankney
On Fri, Feb 21, 2025 at 12:30 AM Kraishak Mahtha <kraishak.edu at gmail.com>
wrote:
> Hi Darren & Owen DeLong
>
> Thanks for your reply and for sharing the information. I have trouble
> dealing with multiple subnets in kea-dhcpv6 mode.
>
> Previously, I used ISC DHCPv6, where I successfully obtained leases from
> both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this
> setup, the OPNsense router was configured as a relay with the IP
> 2001:470:edb5:200::23.(server IP, not router IP)
>
> After migrating to Kea DHCPv6, leases are being assigned correctly within
> the local subnet, but clients from 2001:470:edb5:300::/64 are unable to
> obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a
> client requests a lease from the relayed subnet. However, a network traffic
> capture confirms that packets are being forwarded correctly, yet my Kea
> server does not respond.
>
> ### Troubleshooting Steps Attempted:
> 1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64
> subnet, using the Kea server's IP address → No success.
> 2. Updated the `relay-ip` statement in the ......300::/64 subnet to match
> 2001:470:edb5:300::1, as observed in the packet capture → No success.
>
> A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows
> identical behavior, yet Kea is not assigning leases for the relayed subnet.
>
>
> Here is my config
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *{ "Dhcp6": { "interfaces-config": { "interfaces": ["ens192"] #
> The network interface the DHCPv6 server listens on },
> "multi-threading": { "packet-queue-size": 28,
> "enable-multi-threading": true, "thread-pool-size": 4 },
> "lease-database": { "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",
> "type": "memfile", # In-memory lease database (useful for testing)
> "persist": true # Save leases to disk },
> "preferred-lifetime": 3000, "valid-lifetime": 4000,
> "renew-timer": 1000, "rebind-timer": 2000, "option-data": [ {
> "name": "dns-servers", "data": "2001:470:edb5:200::23" # Define
> DNS servers for clients }, { "name": "domain-search",
> "data": "tester.com <http://tester.com>" # Domain search list }
> ], "subnet6": [ { "subnet": "2001:470:edb5:200::/64", # The
> subnet from which addresses are allocated "interface": "ens192",
> "pools": [ {"pool":
> "2001:470:edb5:200::2-2001:470:edb5:200::15"}, {"pool":
> "2001:470:edb5:200::3e-2001:470:edb5:200::51"}, {"pool":
> "2001:470:edb5:200::52-2001:470:edb5:200::65"} ],
> "preferred-lifetime": 600, "valid-lifetime": 1200,
> "option-data": [ { "name": "dns-servers",
> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet
> }, { "name": "domain-search", "data":
> "tester.com <http://tester.com>" } ] }, {
> "subnet": "2001:470:edb5:300::/64", # The subnet from which addresses are
> allocated "pools": [ {"pool":
> "2001:470:edb5:300::16-2001:470:edb5:300::1f"}, {"pool":
> "2001:470:edb5:300::2-2001:470:edb5:300::b"}, {"pool":
> "2001:470:edb5:300::c-2001:470:edb5:300::15"} ],"relay": {
> "ip-addresses": ["2001:470:edb5:300::1" ] },
> "preferred-lifetime": 600, "valid-lifetime": 1200,
> "option-data": [ { "name": "dns-servers",
> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet
> }, { "name": "domain-search", "data":
> "tester.com <http://tester.com>" } ] } ], #
> Logging configuration "loggers": [{ "name": "kea-dhcp6",
> "output_options": [{ "output":
> "/var/log/kea-dhcp6.log" }], "severity": "INFO",
> "debuglevel": 99 }, { "debuglevel": 99,
> "severity": "DEBUG", "output_options": [{
> "output": "/var/log/kea-dhcp6-packets.log", "maxver": 5,
> "flush": true, "maxsize": 10240000
> }], "name": "kea-dhcp6.packets" }, {
> "debuglevel": 55, "severity": "DEBUG",
> "output_options": [{ "output":
> "/var/log/kea-dhcp6-leases.log", "maxver": 5,
> "flush": true, "maxsize": 10240000 }],
> "name": "kea-dhcp6.leases" }] }}*
>
> Traffic capture screenshot of kea
> [image: image.png]
> Traffic capture screenshot of ISC(ISC granted lease)
> [image: image.png]
>
> Would appreciate insights on potential configuration mistakes, if any, in
> my Kea DHCPv6 config,
>
> Thanks in Advance
> Kraishak
>
>
>
> On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <darren.ankney at gmail.com>
> wrote:
>
>> Hi Kraishak,
>>
>> > Q)
>> > 1)Is it mandatory to add the interface line in every subnet6 section,
>> unlike subnet4
>>
>> subnet4 will most likely need the interface specified for a local
>> subnet as well (see here:
>>
>> https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client
>> ).
>>
>> > 2)If that is mandatory, how can I use multiple subnets? Let's say I
>> have one more network range using the same DHCPv6 appliance, but I don't
>> have any interface on the box. How can we use that
>>
>> It is indeed mandatory, for the same reason (see here:
>>
>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection
>> ).
>>
>> If you have another subnet to which the DHCP server has no interface
>> attached, then there will be a relay agent forwarding the traffic to
>> the DHCP server. Then you will use the "relay: {}" mechanism (see
>> here:
>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet
>> ).
>> But you may not have to if the relay agent source IP is actually part
>> of one of the subnets configured on your DHCP server.
>>
>> Thank you,
>> Darren Ankney
>> --
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250222/3dfba5e5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 175753 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250222/3dfba5e5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 130284 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250222/3dfba5e5/attachment-0003.png>
More information about the Kea-users
mailing list