[Kea-users] Struggling with "failed to select a subnet for incoming packet" - Kea 3.0.3
Darren Ankney
darren.ankney at gmail.com
Thu Apr 9 08:39:04 UTC 2026
Hi Tim,
Could you attach the pcap of the client traffic? Nothing is jumping
out from the included log messages. It would be ideal if the pcap
included both unsuccessful renewal and successful DORA exchanges.
Thank you,
Darren Ankney
On Wed, Apr 8, 2026 at 4:04 PM Tim Harman via Kea-users
<kea-users at lists.isc.org> wrote:
>
> Hi,
>
> I am a VyOS user and have recently moved from VyOS 1.4.4 to VyOS 1.5.0.
> This means a migration from ISC DHCP to Kea DHCP.
> And since moving to Kea, I've been struggling with DHCP renewals not
> working properly. It seems that no Unicast DHCP renewal requests work,
> the are always NAK'd as follows:
>
> Apr 09 01:18:09 kea-dhcp4[208553]: 2026-04-09 01:18:09.326 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 6c:79:b8:ec:13:49], cid=[no info], tid=0x9eb95cf4: failed to
> select a subnet for incoming packet, src 192.168.0.152, type DHCPREQUEST
> Apr 09 01:26:03 kea-dhcp4[208553]: 2026-04-09 01:26:03.573 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 50:32:37:c4:fa:8c], cid=[01:50:32:37:c4:fa:8c],
> tid=0xd53ecc4e: failed to select a subnet for incoming packet, src
> 192.168.0.101, type DHCPREQUEST
> Apr 09 01:37:53 kea-dhcp4[208553]: 2026-04-09 01:37:52.998 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 bc:35:1e:26:53:38], cid=[no info], tid=0x60c4b446: failed to
> select a subnet for incoming packet, src 192.168.0.182, type DHCPREQUEST
> Apr 09 01:46:25 kea-dhcp4[208553]: 2026-04-09 01:46:25.880 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 70:a7:41:c1:4b:fa], cid=[no info], tid=0x225f7ce0: failed to
> select a subnet for incoming packet, src 192.168.0.4, type DHCPREQUEST
> Apr 09 01:46:39 kea-dhcp4[208553]: 2026-04-09 01:46:39.880 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 78:11:dc:70:b9:4d], cid=[01:78:11:dc:70:b9:4d],
> tid=0xe072c478: failed to select a subnet for incoming packet, src
> 192.168.0.11, type DHCPREQUEST
> Apr 09 02:01:21 kea-dhcp4[208553]: 2026-04-09 02:01:21.951 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 54:60:09:e0:e3:40], cid=[no info], tid=0x12690ba5: failed to
> select a subnet for incoming packet, src 192.168.0.115, type DHCPREQUEST
> Apr 09 02:01:24 kea-dhcp4[208553]: 2026-04-09 02:01:24.981 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 54:60:09:e0:e3:40], cid=[no info], tid=0x12690ba5: failed to
> select a subnet for incoming packet, src 192.168.0.115, type DHCPREQUEST
> Apr 09 03:02:13 kea-dhcp4[208553]: 2026-04-09 03:02:13.422 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 0c:b2:b7:5c:ad:84], cid=[no info], tid=0x16ae3e33: failed to
> select a subnet for incoming packet, src 192.168.0.150, type DHCPREQUEST
> Apr 09 03:12:04 kea-dhcp4[208553]: 2026-04-09 03:12:04.168 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 f0:2f:4b:39:11:ee], cid=[01:f0:2f:4b:39:11:ee],
> tid=0x11d6a0ef: failed to select a subnet for incoming packet, src
> 192.168.0.188, type DHCPREQUEST
> Apr 09 03:16:00 kea-dhcp4[208553]: 2026-04-09 03:16:00.884 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 54:e0:19:67:41:80], cid=[no info], tid=0xc84563d9: failed to
> select a subnet for incoming packet, src 192.168.0.29, type DHCPREQUEST
> Apr 09 03:32:18 kea-dhcp4[208553]: 2026-04-09 03:32:18.740 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 a0:c9:a0:08:93:3e], cid=[01:a0:c9:a0:08:93:3e],
> tid=0x621e3b6e: failed to select a subnet for incoming packet, src
> 192.168.0.16, type DHCPREQUEST
> Apr 09 03:48:17 kea-dhcp4[208553]: 2026-04-09 03:48:17.413 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 24:6f:28:1b:5d:c8], cid=[01:24:6f:28:1b:5d:c8],
> tid=0x2c0cc177: failed to select a subnet for incoming packet, src
> 192.168.0.166, type DHCPREQUEST
> Apr 09 05:10:15 kea-dhcp4[208553]: 2026-04-09 05:10:15.312 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 f0:5c:77:bc:ac:51], cid=[01:f0:5c:77:bc:ac:51],
> tid=0x18582fd0: failed to select a subnet for incoming packet, src
> 192.168.0.153, type DHCPREQUEST
> Apr 09 05:27:07 kea-dhcp4[208553]: 2026-04-09 05:27:07.214 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 02:77:0f:6d:f3:b9], cid=[01:02:77:0f:6d:f3:b9],
> tid=0x36b8208c: failed to select a subnet for incoming packet, src
> 192.168.0.186, type DHCPREQUEST
> Apr 09 05:33:12 kea-dhcp4[208553]: 2026-04-09 05:33:12.914 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 c6:df:8f:ca:f9:27], cid=[01:c6:df:8f:ca:f9:27], tid=0x915835c:
> failed to select a subnet for incoming packet, src 192.168.0.197, type
> DHCPREQUEST
> Apr 09 05:42:49 kea-dhcp4[208553]: 2026-04-09 05:42:49.412 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 a8:ca:77:8b:60:48],
> cid=[ff:77:8b:60:48:00:01:00:01:2d:3a:e0:bd:a8:ca:77:8b:60:48],
> tid=0x7c422899: failed to select a subnet for incoming packet, src
> 192.168.0.185, type DHCPREQUEST
> Apr 09 05:45:43 kea-dhcp4[208553]: 2026-04-09 05:45:43.088 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 5e:55:58:1c:8f:d0], cid=[01:5e:55:58:1c:8f:d0],
> tid=0xa60ac243: failed to select a subnet for incoming packet, src
> 192.168.0.187, type DHCPREQUEST
> Apr 09 06:04:22 kea-dhcp4[208553]: 2026-04-09 06:04:22.812 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 84:0d:8e:63:de:8e], cid=[no info], tid=0xb55fe8da: failed to
> select a subnet for incoming packet, src 192.168.0.70, type DHCPREQUEST
> Apr 09 06:31:57 kea-dhcp4[208553]: 2026-04-09 06:31:57.110 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 d4:36:39:a9:ea:46], cid=[01:d4:36:39:a9:ea:46],
> tid=0x78d4c7bd: failed to select a subnet for incoming packet, src
> 192.168.0.13, type DHCPREQUEST
> Apr 09 07:01:42 kea-dhcp4[208553]: 2026-04-09 07:01:42.641 ERROR
> [kea-dhcp4.bad-packets/208553.139835658786496] DHCP4_PACKET_NAK_0001
> [hwtype=1 e4:2f:37:be:a0:17], cid=[01:e4:2f:37:be:a0:17],
> tid=0x21fdeb8b: failed to select a subnet for incoming packet, src
> 192.168.0.157, type DHCPREQUEST
> Apr 09 07:08:46 kea-dhcp4[208553]: 2026-04-09 07:08:46.920 ERROR
> [kea-dhcp4.bad-packets/208553.139835650393792] DHCP4_PACKET_NAK_0001
> [hwtype=1 9c:76:13:19:59:62], cid=[no info], tid=0x502959d8: failed to
> select a subnet for incoming packet, src 192.168.0.175, type DHCPREQUEST
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.480 ERROR
> [kea-dhcp4.bad-packets/231988.140669784841216] DHCP4_PACKET_NAK_0001
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0xf162a59f: failed to
> select a subnet for incoming packet, src 192.168.0.183, type DHCPREQUEST
>
>
> This makes the clients fall back to a standard broadcast DHCP Request,
> which then works just fine:
>
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.480 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_RECEIVED
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0xf162a59f: DHCPREQUEST
> (type 3) received from 192.168.0.183 to 192.168.0.1 on interface eth1
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.480 ERROR
> [kea-dhcp4.bad-packets/231988.140669784841216] DHCP4_PACKET_NAK_0001
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0xf162a59f: failed to
> select a subnet for incoming packet, src 192.168.0.183, type DHCPREQUEST
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.480 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_SEND [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0xf162a59f: trying to send packet
> DHCPNAK (type 6) from 192.168.0.1:67 to 192.168.0.183:68 on interface
> eth1
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.891 INFO
> [kea-dhcp4.dhcp4/231988.140669784841216] DHCP4_QUERY_LABEL received
> query: [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0xe7001ba3
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.891 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_RECEIVED
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0xe7001ba3:
> DHCPDISCOVER (type 1) received from 0.0.0.0 to 255.255.255.255 on
> interface eth1
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.892 INFO
> [kea-dhcp4.leases/231988.140669784841216] DHCP4_LEASE_OFFER [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0xe7001ba3: lease 192.168.0.183
> will be offered
> Apr 09 07:41:41 kea-dhcp4[231988]: 2026-04-09 07:41:41.892 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_SEND [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0xe7001ba3: trying to send packet
> DHCPOFFER (type 2) from 192.168.0.1:67 to 192.168.0.183:68 on interface
> eth1
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.459 INFO
> [kea-dhcp4.dhcp4/231988.140669784841216] DHCP4_QUERY_LABEL received
> query: [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.459 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_RECEIVED
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75:
> DHCPDISCOVER (type 1) received from 0.0.0.0 to 255.255.255.255 on
> interface eth1
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.460 INFO
> [kea-dhcp4.leases/231988.140669784841216] DHCP4_LEASE_OFFER [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75: lease 192.168.0.183
> will be offered
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.460 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_SEND [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75: trying to send packet
> DHCPOFFER (type 2) from 192.168.0.1:67 to 192.168.0.183:68 on interface
> eth1
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.509 INFO
> [kea-dhcp4.dhcp4/231988.140669784841216] DHCP4_QUERY_LABEL received
> query: [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.509 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_RECEIVED
> [hwtype=1 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75: DHCPREQUEST
> (type 3) received from 0.0.0.0 to 255.255.255.255 on interface eth1
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.510 INFO
> [kea-dhcp4.leases/231988.140669784841216] DHCP4_LEASE_ALLOC [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75: lease 192.168.0.183
> has been allocated for 86400 seconds
> Apr 09 07:42:00 kea-dhcp4[231988]: 2026-04-09 07:42:00.511 INFO
> [kea-dhcp4.packets/231988.140669784841216] DHCP4_PACKET_SEND [hwtype=1
> 78:20:a5:62:a6:c8], cid=[no info], tid=0x13867c75: trying to send packet
> DHCPACK (type 5) from 192.168.0.1:67 to 192.168.0.183:68 on interface
> eth1
>
> The device (router) doing DHCP is pretty simple, WAN interface (eth0)
> and LAN interface (eth1)
>
> tim at ferrari:~$ ip addr show eth1
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP
> group default qlen 1000
> link/ether 54:1e:56:66:66:66 brd ff:ff:ff:ff:ff:ff permaddr
> de:dd:38:7c:da:e9
> altname enp0s19
> altname ens19
> inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
> valid_lft forever preferred_lft forever
> inet6 2406:5a00:1ae0:9401::1/64 scope global
> valid_lft forever preferred_lft forever
> inet6 fe80::561e:56ff:fe66:6666/64 scope link
> valid_lft forever preferred_lft forever
>
> My configuration is as follows:
>
> {
> "Dhcp4": {
> "interfaces-config": {
> "interfaces": [ "eth1" ],
> "dhcp-socket-type": "raw",
> "service-sockets-max-retries": 60,
> "service-sockets-retry-wait-time": 5000
> },
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/var/run/kea/dhcp4-ctrl-socket"
> },
> "lease-database": {
> "type": "memfile",
> "persist": true,
> "name": "/config/dhcp/dhcp4-leases.csv"
> },
> "multi-threading": {
> "enable-multi-threading": false
> },
> "option-def": [
> {
> "name": "wpad-url",
> "code": 252,
> "type": "string"
> },
> {
> "name": "unifi-controller",
> "code": 1,
> "type": "ipv4-address",
> "space": "ubnt"
> }
> ],
> "hooks-libraries": [
> {
> "library":
> "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
> "parameters": {}
> }
> ],
> "shared-networks": [
> {
> "name": "XXLAN",
> "authoritative": true,
> "subnet4": [
> {
> "subnet": "192.168.0.0/24",
> "id": 1,
> "interface": "eth1",
> "user-context": {
> "enable-ping-check": false
> },
> "option-data": [
> {
> "name": "domain-name-servers",
> "data": "192.168.0.5"
> },
> {
> "name": "domain-name",
> "data": "X.com"
> },
> {
> "name": "domain-search",
> "data": "X.com"
> },
> {
> "name": "ntp-servers",
> "data": "192.168.0.1"
> },
> {
> "name": "routers",
> "data": "192.168.0.1"
> }
> ],
> "valid-lifetime": 86400,
> "max-valid-lifetime": 86400,
> "pools": [
> {
> "pool": "192.168.0.150 - 192.168.0.240"
> }
> ],
> "reservations": [
> {
> "hostname": "X",
> "hw-address": "XX:76:6f:41:XX:XX",
> "ip-address": "192.168.0.113"
> },
> {
> "hostname": "XX",
> "hw-address": "50:32:37:c4:XX:XX",
> "ip-address": "192.168.0.101"
> },
> {
> "hostname": "XX-tracker",
> "hw-address": "24:0a:c4:58:XX:XX",
> "ip-address": "192.168.0.72"
> },
> ]
> }
> ],
> "user-context": {
> "enable-ping-check": false
> }
> }
> ]
> }
> }
>
>
>
> I do have a large number of reservations that I've not included, but the
> same error occurs regardless of if the client is one with a static
> reservation or not.
>
> I have tried disabling threading (as you can see in the config, VyOS
> generates config that enables it by default) but this hasn't helped
> either.
>
> I've got packet captures that show pretty clearly the packets are
> normal, correct unicast packets, though happy to share my tcpdump if
> that'd help.
>
> Kea Details:
>
> tim at ferrari:~$ /usr/sbin/kea-dhcp4 -V
> 3.0.3-git (3.0.3-git (vyos deb))
> premium: no
> linked with:
> - log4cplus 2.0.8
> - OpenSSL 3.0.18 30 Sep 2025
> lease backends:
> - Memfile backend 3.0
>
> tim at ferrari:~$ /usr/sbin/kea-dhcp4 -t /var/run/kea/kea-dhcp4.conf
> 2026-04-09 07:59:04.531 INFO [kea-dhcp4.hooks/232752.140046183791616]
> HOOKS_LIBRARY_CLOSED hooks library
> /usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so successfully
> closed
> 2026-04-09 07:59:04.531 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_CFGMGR_NEW_SUBNET4 a new subnet has been added to configuration:
> 192.168.0.0/24 with params: valid-lifetime=86400
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types
> are available: memfile
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.hosts/232752.140046183791616]
> HOSTS_BACKENDS_REGISTERED the following host backend types are
> available:
> 2026-04-09 07:59:04.533 INFO [kea-dhcp4.dhcpsrv/232752.140046183791616]
> DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend
> types are available:
> 2026-04-09 07:59:04.533 INFO
> [kea-dhcp4.database/232752.140046183791616] CONFIG_BACKENDS_REGISTERED
> the following config backend types are available:
>
>
> Happy to provide anymore details that might be relevant/helpful.
> I'm _thinking_ I should log a bug as it seems to be that this should
> work - all the debugging/reading I've done tells me this is a simple
> config and it should have no problems, but something obviously is up.
>
> Any help/suggestions/advice would be appreciated, thank you very much!
>
> Tim
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> Kea-users at lists.isc.org
More information about the Kea-users
mailing list