<div dir="ltr">Hi all.<div>I think I have sorted it out now.</div><div><br></div><div>The reason that I could not verify that kea was listening on UDF port 67 is because...</div><div><div> // Kea DHCPv4 server by default listens using raw sockets. This ensures</div><div> // all packets, including those sent by directly connected clients</div><div> // that don't have IPv4 address yet, are received. However, if your</div><div> // traffic is always relayed, it is often better to use regular</div><div> // UDP sockets. If you want to do that, uncomment this line:</div><div> // "dhcp-socket-type": "udp"</div></div><div><br></div><div>I have not enabled this to check, but it seems reasonable.</div><div>Also, I assume that the DHCP test client that I tried was not compatible with this raw socket implementation.</div><div>Finally, I noticed that while I had listed the DNS servers in the Dhcp4 / option-data section, I only listed one of the DNS servers in the subnet4 section.</div><div>Fixing this resolved the missing DNS server issue.</div><div><br></div><div>Also, I found several useful ways to view the logs:</div><div>-cat /var/log/kea-dhcp4.log</div><div>-systemctl status kea-dhcp4 (only if setup to run as a service)</div><div>-<span style="font-family:Calibri;font-size:11pt">journalctl
-xfl -u kea-dhcp4</span></div><div><br></div><div>I apologize for the unnecessary noise.</div><div>Though if anyone has any corrections or useful advise, that is always appreciated.</div><div><br></div><div>One thing that somewhat confused me was that "keactrl start" uses /etc/kea/kea-dhcp4.conf, while the kea-dhcp4.service (in /usr/lib/systemd/system/) points to kea.conf.</div><div>Since I had configured kea-dhcp4.conf, I needed to modify the .service file to point to kea-dhcp4.conf instead of kea.conf.</div><div>Of course the actual name does not matter, but is there an intended separate usage for kea.conf and kea-dhcp4.conf?</div><div><br></div><div>Best regards,</div><div>Ben Monroe</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 3, 2018 at 7:35 PM, Ben Monroe <span dir="ltr"><<a href="mailto:bendono@gmail.com" target="_blank">bendono@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi.<div>I installed Kea and configured the settings.</div><div>It seems that it is working, but I am having trouble verifying it.</div><div>What makes me suspicious is that client PCs are only receiving one of the two DNS server defined.</div><div><br></div><div>Also, I have tried to verify the the following DHCP test client, but it fails to detect a response to the DHCP discover broadcast:</div><div><a href="https://blog.thecybershadow.net/2013/01/10/dhcp-test-client/" target="_blank">https://blog.thecybershadow.<wbr>net/2013/01/10/dhcp-test-<wbr>client/</a><br></div><div><br></div><div><div>dhcptest v0.7 - Created by Vladimir Panteleev</div><div><a href="https://github.com/CyberShadow/dhcptest" target="_blank">https://github.com/<wbr>CyberShadow/dhcptest</a></div><div>Run with --help for a list of command-line options.</div><div><br></div><div>Listening for DHCP replies on port 68.</div><div>Type "d" to broadcast a DHCP discover packet, or "help" for details.</div><div>d</div><div>Sending packet:</div><div> op=BOOTREQUEST chaddr=53:0D:B0:61:DF:4F hops=0 xid=2946C459 secs=0 flags=8000</div><div> ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=</div><div> 1 options:</div><div> 53 (DHCP Message Type): discover</div><div><br></div><div>[Me: After a bit of time, q to quit.]</div><div>q</div><div>Error on listening thread:</div></div><div><br></div><div>Previously I was doing DHCP on the router, so I disabled that.</div><div>There should not be any other DHCP servers on the network.</div><div><br></div><div>I start the server:</div><div><div># keactrl start</div><div>INFO/keactrl: Starting /usr/bin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf</div><div>INFO/keactrl: Starting /usr/bin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf</div><div>INFO/keactrl: Starting /usr/bin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf</div><div><br></div></div><div>Here is the status:</div><div><div># keactrl status</div><div>DHCPv4 server: active</div><div>DHCPv6 server: active</div><div>DHCP DDNS: inactive</div><div>Control Agent: active</div><div>Kea DHCPv4 configuration file: /etc/kea/kea-dhcp4.conf</div><div>Kea DHCPv6 configuration file: /etc/kea/kea-dhcp6.conf</div><div>Kea DHCP DDNS configuration file: /etc/kea/kea-dhcp-ddns.conf</div><div>Kea Control Agent configuration file: /etc/kea/kea-ctrl-agent.conf</div><div>keactrl configuration file: /etc/kea/keactrl.conf</div></div><div><br></div><div>I would expect that it would be listening on UDP port 67.</div><div>But when I check, I cannot verify that.</div><div><div># netstat -tlpn</div><div>Active Internet connections (only servers)</div><div>Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name</div><div>tcp 0 0 <a href="http://0.0.0.0:5355" target="_blank">0.0.0.0:5355</a> 0.0.0.0:* LISTEN 315/systemd-resolve</div><div>tcp 0 0 <a href="http://127.0.0.1:8080" target="_blank">127.0.0.1:8080</a> 0.0.0.0:* LISTEN 436/kea-ctrl-agent</div><div>tcp 0 0 <a href="http://0.0.0.0:22" target="_blank">0.0.0.0:22</a> 0.0.0.0:* LISTEN 318/sshd</div><div>tcp6 0 0 :::5355 :::* LISTEN 315/systemd-resolve</div><div>tcp6 0 0 :::22 :::* LISTEN 318/sshd</div><div><br></div></div><div>Also, when I try to telnet to the DHCP server over port 67 (also tried 68) it is unsuccessful.</div><div><br></div><div>The firewall is disabled on the server:</div><div><div># systemctl status iptables</div><div>* iptables.service - Packet Filtering Framework</div><div> Loaded: loaded (/usr/lib/systemd/system/<wbr>iptables.service; disabled; vendor preset: disabled)</div><div> Active: inactive (dead)</div></div><div><br></div><div>This is my configuration file.</div><div>I modified the default configuration file.</div><div>I'm sure it can be improved, but I first want to confirm that it is generally working.</div><div>Comments removed so as to keep the e-mail short.</div><div><br></div><div>At this stage, it is hard to stay if it is working or now.</div><div>Are there any best practices for testing?</div><div>As mentioned above, the client PCs are receiving only one of the two DNS servers.</div><div>Though the above DHCP test client is completely failing, so it may not even be functional.</div><div>It would be great if someone more experience could help review this.</div><div>The environment is Arch Linux.</div><div><br></div><div><div>{</div><div><br></div><div>"Dhcp4": {</div><div> "interfaces-config": {</div><div> "interfaces": [ "eth0" ]</div><div> },</div><div><br></div><div> "control-socket": {</div><div> "socket-type": "unix",</div><div> "socket-name": "/tmp/kea-dhcp4-ctrl.sock"</div><div> },</div><div><br></div><div> "lease-database": {</div><div> "type": "memfile",</div><div> "lfc-interval": 3600</div><div> },</div><div><br></div><div> "expired-leases-processing": {</div><div> "reclaim-timer-wait-time": 10,</div><div> "flush-reclaimed-timer-wait-<wbr>time": 25,</div><div> "hold-reclaimed-time": 3600,</div><div> "max-reclaim-leases": 100,</div><div> "max-reclaim-time": 250,</div><div> "unwarned-reclaim-cycles": 5</div><div> },</div><div><br></div><div> "renew-timer": 900,</div><div> "rebind-timer": 1800,</div><div> "valid-lifetime": 3600,</div><div><br></div><div> "option-data": [</div><div> {</div><div> "name": "domain-name-servers",</div><div> "data": "10.10.10.250, 10.10.10.251"</div><div> },</div><div><span style="white-space:pre-wrap"> </span></div><div> {</div><div> "code": 15,</div><div> "data": "dono.local"</div><div> },</div><div><br></div><div><br></div><div> {</div><div> "name": "domain-search",</div><div> "data": "dono.local"</div><div> },</div><div><br></div><div> {</div><div> "name": "boot-file-name",</div><div> "data": "EST5EDT4\\,M3.2.0/02:00\\,<wbr>M11.1.0/02:00"</div><div> },</div><div><br></div><div><br></div><div> {</div><div> "name": "default-ip-ttl",</div><div> "data": "0xf0"</div><div> }</div><div> ],</div><div><br></div><div> "client-classes": [</div><div> {</div><div> "name": "voip",</div><div> "test": "substring(option[60].hex,0,6) == 'Aastra'",</div><div> "next-server": "192.0.2.254",</div><div> "server-hostname": "hal9000",</div><div> "boot-file-name": "/dev/null"</div><div> }</div><div> ],</div><div><br></div><div> "subnet4": [</div><div> {</div><div> "subnet": "<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a>",</div><div> "pools": [ { "pool": "10.10.10.50 - 10.10.10.150" } ],</div><div> "option-data": [</div><div> {</div><div> "name": "routers",</div><div> "data": "10.10.10.254"</div><div> },</div><div> {</div><div> "name": "domain-name-servers",</div><div> "data": "10.10.10.250"</div><div> }</div><div> ],</div><div><br></div><div> "reservations": [</div><div> {</div><div> "hw-address": "1a:1b:1c:1d:1e:1f",</div><div> "ip-address": "192.0.2.201"</div><div> },</div><div><br></div><div> {</div><div> "client-id": "01:11:22:33:44:55:66",</div><div> "ip-address": "192.0.2.202",</div><div> "hostname": "special-snowflake"</div><div> },</div><div><br></div><div><br></div><div> {</div><div> "duid": "01:02:03:04:05",</div><div> "ip-address": "192.0.2.203",</div><div> "option-data": [ {</div><div> "name": "domain-name-servers",</div><div> "data": "10.1.1.202, 10.1.1.203"</div><div> } ]</div><div> },</div><div><br></div><div> {</div><div> "client-id": "01:12:23:34:45:56:67",</div><div> "ip-address": "192.0.2.204",</div><div> "option-data": [</div><div> {</div><div> "name": "vivso-suboptions",</div><div> "data": "4491"</div><div> },</div><div> {</div><div> "name": "tftp-servers",</div><div> "space": "vendor-4491",</div><div> "data": "10.1.1.202, 10.1.1.203"</div><div> }</div><div> ]</div><div> },</div><div><br></div><div> {</div><div> "client-id": "01:0a:0b:0c:0d:0e:0f",</div><div> "ip-address": "192.0.2.205",</div><div> "next-server": "192.0.2.1",</div><div> "server-hostname": "hal9000",</div><div> "boot-file-name": "/dev/null"</div><div> },</div><div><br></div><div> {</div><div> "flex-id": "'s0mEVaLue'",</div><div> "ip-address": "192.0.2.206"</div><div> }</div><div> ]</div><div> }</div><div> ]</div><div><br></div><div>},</div><div><br></div><div>"Logging":</div><div>{</div><div> "loggers": [</div><div> {</div><div> "name": "kea-dhcp4",</div><div> "output_options": [</div><div> {</div><div> "output": "/var/log/kea-dhcp4.log"</div><div> }</div><div> ],</div><div> "severity": "INFO",</div><div> "debuglevel": 0</div><div> }</div><div> ]</div><div>}</div><div>}</div></div><div><br></div><div>Thank you,</div><div>Ben Monroe</div><div><br></div></div>
</blockquote></div><br></div>