<div dir="ltr">Looks like my previous message is not aligned properly with the config, let me share them as files <div><br></div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 10:59 AM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com">kraishak.edu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi <span style="color:rgb(31,31,31);font-size:0.875rem;font-family:"Google Sans",Roboto,RobotoDraft,Helvetica,Arial,sans-serif">Darren & </span><span style="color:rgb(0,0,0);font-family:Times;font-size:medium">Owen DeLong</span><div><font color="#000000" face="Times" size="3"><br></font><div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Thanks for your reply and for sharing the information. I have trouble dealing with multiple subnets in kea-dhcpv6 mode.</span></font></div></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div>Previously, I used ISC DHCPv6, where I successfully obtained leases from both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this setup, the OPNsense router was configured as a relay with the IP 2001:470:edb5:200::23.(server IP, not router IP)<br><br>After migrating to Kea DHCPv6, leases are being assigned correctly within the local subnet, but clients from 2001:470:edb5:300::/64 are unable to obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a client requests a lease from the relayed subnet. However, a network traffic capture confirms that packets are being forwarded correctly, yet my Kea server does not respond. <br><br>### Troubleshooting Steps Attempted: <br>1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64 subnet, using the Kea server's IP address → No success. <br>2. Updated the `relay-ip` statement in the ......300::/64 subnet to match 2001:470:edb5:300::1, as observed in the packet capture → No success. <br><br>A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows identical behavior, yet Kea is not assigning leases for the relayed subnet. <br><br></div><div>Here is my config </div><div><i>{<br> "Dhcp6": {<br> "interfaces-config": {<br> "interfaces": ["ens192"] # The network interface the DHCPv6 server listens on<br> },<br><br> "multi-threading": {<br> "packet-queue-size": 28,<br> "enable-multi-threading": true,<br> "thread-pool-size": 4<br> },<br> <br> "lease-database": {<br> "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",<br> "type": "memfile", # In-memory lease database (useful for testing)<br> "persist": true # Save leases to disk<br> },<br> <br> "preferred-lifetime": 3000,<br> "valid-lifetime": 4000,<br> <br> "renew-timer": 1000,<br> "rebind-timer": 2000,<br><br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Define DNS servers for clients<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>" # Domain search list<br> }<br> ],<br><br> "subnet6": [<br> {<br> "subnet": "2001:470:edb5:200::/64", # The subnet from which addresses are allocated<br> "interface": "ens192",<br> "pools": [<br> {"pool": "2001:470:edb5:200::2-2001:470:edb5:200::15"},<br> {"pool": "2001:470:edb5:200::3e-2001:470:edb5:200::51"},<br> {"pool": "2001:470:edb5:200::52-2001:470:edb5:200::65"}<br> ],<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> },<br> {<br> "subnet": "2001:470:edb5:300::/64", # The subnet from which addresses are allocated<br> "pools": [<br> {"pool": "2001:470:edb5:300::16-2001:470:edb5:300::1f"},<br> {"pool": "2001:470:edb5:300::2-2001:470:edb5:300::b"},<br> {"pool": "2001:470:edb5:300::c-2001:470:edb5:300::15"}<br> ],"relay": {<br> "ip-addresses": ["2001:470:edb5:300::1" ]<br> },<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> }<br><br> ],<br><br> # Logging configuration<br> <br> "loggers": [{<br> "name": "kea-dhcp6",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6.log"<br> }],<br> "severity": "INFO",<br> "debuglevel": 99<br> },<br> {<br> "debuglevel": 99,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-packets.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.packets"<br> },<br> {<br> "debuglevel": 55,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-leases.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.leases"<br> }<br><br><br>]<br> }<br>}</i></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Traffic capture screenshot of kea</span></font></div><div><img src="cid:ii_m7ebw37i0" alt="image.png" width="562" height="155"><br></div><div>Traffic capture screenshot of ISC(ISC granted lease)</div><div><img src="cid:ii_m7ebxi9u1" alt="image.png" width="562" height="111"><br></div><div><br></div><div><div>Would appreciate insights on potential configuration mistakes, if any, in my Kea DHCPv6 config, </div><br></div><div>Thanks in Advance </div><div>Kraishak</div><div><br></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <<a href="mailto:darren.ankney@gmail.com" target="_blank">darren.ankney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Kraishak,<br>
<br>
> Q)<br>
> 1)Is it mandatory to add the interface line in every subnet6 section, unlike subnet4<br>
<br>
subnet4 will most likely need the interface specified for a local<br>
subnet as well (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client</a>).<br>
<br>
> 2)If that is mandatory, how can I use multiple subnets? Let's say I have one more network range using the same DHCPv6 appliance, but I don't have any interface on the box. How can we use that<br>
<br>
It is indeed mandatory, for the same reason (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection</a>).<br>
<br>
If you have another subnet to which the DHCP server has no interface<br>
attached, then there will be a relay agent forwarding the traffic to<br>
the DHCP server. Then you will use the "relay: {}" mechanism (see<br>
here: <a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet</a>).<br>
But you may not have to if the relay agent source IP is actually part<br>
of one of the subnets configured on your DHCP server.<br>
<br>
Thank you,<br>
Darren Ankney<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
</blockquote></div>