<div dir="ltr"><div>Hi Kraishak,</div><div><br></div><div><i><span class="gmail-im">{<br> "Dhcp6": {<br> "interfaces-config": {<br> "interfaces": ["ens192"] # The network interface the DHCPv6 server listens on<br> },<br></span></i></div><div><i><span class="gmail-im"><br></span></i></div><div>This may leave Kea listening only on the link local address and the local multicast address. Try adding the IPv6 address you would like Kea to listen upon. Something like this:</div><div><br></div><div><pre><span class="gmail-s2">"Dhcp6"</span><span class="gmail-p">:</span> <span class="gmail-p">{</span>
<span class="gmail-s2">"interfaces-config"</span><span class="gmail-p">:</span> <span class="gmail-p">{</span>
<span class="gmail-s2">"interfaces"</span><span class="gmail-p">:</span> <span class="gmail-p">[</span> <span class="gmail-s2">"</span><span class="gmail-im">ens192</span><span class="gmail-s2">/2001:db8::1234:abcd"</span> <span class="gmail-p">]</span>
<span class="gmail-p">},</span></pre>See here for further information:<a href="https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#interface-configuration">https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#interface-configuration</a></div><div><br></div><div>You can confirm where Kea is currently listening like this:</div><div><br></div><div><font face="monospace">sudo ss -ulnap | grep 547</font></div><div><font face="monospace"><br></font></div><div><font face="arial,sans-serif">You will probably find only the fe80 link local address in the resultant output.</font></div><div><font face="arial,sans-serif"><br></font></div><div><font face="arial,sans-serif">Thank you,</font></div><div><font face="arial,sans-serif">Darren Ankney</font></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 12:30 AM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com">kraishak.edu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi <span style="color:rgb(31,31,31);font-size:0.875rem;font-family:"Google Sans",Roboto,RobotoDraft,Helvetica,Arial,sans-serif">Darren & </span><span style="color:rgb(0,0,0);font-family:Times;font-size:medium">Owen DeLong</span><div><font color="#000000" face="Times" size="3"><br></font><div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Thanks for your reply and for sharing the information. I have trouble dealing with multiple subnets in kea-dhcpv6 mode.</span></font></div></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div>Previously, I used ISC DHCPv6, where I successfully obtained leases from both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this setup, the OPNsense router was configured as a relay with the IP 2001:470:edb5:200::23.(server IP, not router IP)<br><br>After migrating to Kea DHCPv6, leases are being assigned correctly within the local subnet, but clients from 2001:470:edb5:300::/64 are unable to obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a client requests a lease from the relayed subnet. However, a network traffic capture confirms that packets are being forwarded correctly, yet my Kea server does not respond. <br><br>### Troubleshooting Steps Attempted: <br>1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64 subnet, using the Kea server's IP address → No success. <br>2. Updated the `relay-ip` statement in the ......300::/64 subnet to match 2001:470:edb5:300::1, as observed in the packet capture → No success. <br><br>A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows identical behavior, yet Kea is not assigning leases for the relayed subnet. <br><br></div><div>Here is my config </div><div><i>{<br> "Dhcp6": {<br> "interfaces-config": {<br> "interfaces": ["ens192"] # The network interface the DHCPv6 server listens on<br> },<br><br> "multi-threading": {<br> "packet-queue-size": 28,<br> "enable-multi-threading": true,<br> "thread-pool-size": 4<br> },<br> <br> "lease-database": {<br> "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",<br> "type": "memfile", # In-memory lease database (useful for testing)<br> "persist": true # Save leases to disk<br> },<br> <br> "preferred-lifetime": 3000,<br> "valid-lifetime": 4000,<br> <br> "renew-timer": 1000,<br> "rebind-timer": 2000,<br><br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Define DNS servers for clients<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>" # Domain search list<br> }<br> ],<br><br> "subnet6": [<br> {<br> "subnet": "2001:470:edb5:200::/64", # The subnet from which addresses are allocated<br> "interface": "ens192",<br> "pools": [<br> {"pool": "2001:470:edb5:200::2-2001:470:edb5:200::15"},<br> {"pool": "2001:470:edb5:200::3e-2001:470:edb5:200::51"},<br> {"pool": "2001:470:edb5:200::52-2001:470:edb5:200::65"}<br> ],<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> },<br> {<br> "subnet": "2001:470:edb5:300::/64", # The subnet from which addresses are allocated<br> "pools": [<br> {"pool": "2001:470:edb5:300::16-2001:470:edb5:300::1f"},<br> {"pool": "2001:470:edb5:300::2-2001:470:edb5:300::b"},<br> {"pool": "2001:470:edb5:300::c-2001:470:edb5:300::15"}<br> ],"relay": {<br> "ip-addresses": ["2001:470:edb5:300::1" ]<br> },<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> }<br><br> ],<br><br> # Logging configuration<br> <br> "loggers": [{<br> "name": "kea-dhcp6",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6.log"<br> }],<br> "severity": "INFO",<br> "debuglevel": 99<br> },<br> {<br> "debuglevel": 99,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-packets.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.packets"<br> },<br> {<br> "debuglevel": 55,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-leases.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.leases"<br> }<br><br><br>]<br> }<br>}</i></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Traffic capture screenshot of kea</span></font></div><div><img src="cid:ii_m7ebw37i0" alt="image.png" width="562" height="155"><br></div><div>Traffic capture screenshot of ISC(ISC granted lease)</div><div><img src="cid:ii_m7ebxi9u1" alt="image.png" width="562" height="111"><br></div><div><br></div><div><div>Would appreciate insights on potential configuration mistakes, if any, in my Kea DHCPv6 config, </div><br></div><div>Thanks in Advance </div><div>Kraishak</div><div><br></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <<a href="mailto:darren.ankney@gmail.com" target="_blank">darren.ankney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Kraishak,<br>
<br>
> Q)<br>
> 1)Is it mandatory to add the interface line in every subnet6 section, unlike subnet4<br>
<br>
subnet4 will most likely need the interface specified for a local<br>
subnet as well (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client</a>).<br>
<br>
> 2)If that is mandatory, how can I use multiple subnets? Let's say I have one more network range using the same DHCPv6 appliance, but I don't have any interface on the box. How can we use that<br>
<br>
It is indeed mandatory, for the same reason (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection</a>).<br>
<br>
If you have another subnet to which the DHCP server has no interface<br>
attached, then there will be a relay agent forwarding the traffic to<br>
the DHCP server. Then you will use the "relay: {}" mechanism (see<br>
here: <a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet</a>).<br>
But you may not have to if the relay agent source IP is actually part<br>
of one of the subnets configured on your DHCP server.<br>
<br>
Thank you,<br>
Darren Ankney<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>