<div dir="ltr"><div>Hi Kraishak,</div><div><br></div><div>I am not able to understand what is happening with screenshots of packet captures. Please describe the problem you are having currently and attach the actual .pcap file for analysis. Looking at your DHCPv6 configuration, I would say again that your kea-dhcp6 is likely only listening on the link local (fe80) address. This is due to:</div><div><br></div><div> "interfaces-config": {<br> "interfaces": ["ens192"] # The network interface the DHCPv6 server listens on<br> },</div><div><br></div><div>Kea will pick the first address it finds on the interface and link to it. This is almost always the link local rather than the unique global (or local) address.</div><div><br></div><div>Please try changing the above to "ens192/<address>" where address is the aforementioned unique local (ULA) or global address (UGA). That is assuming that statements such as:</div><div><br></div><div>"relay": {<br> "ip-addresses": ["2001:470:edb5:300::1" ]<br> },</div><div><br></div><div>reflect a relay agent that is configured to forward packets to the kea-dhcp6 server at the ULA or UGA.</div><div><br></div><div>Thank you,</div><div>Darren Ankney</div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Feb 27, 2025 at 8:33 AM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com">kraishak.edu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Looks like my previous message is not aligned properly with the config, let me share them as files <div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 10:59 AM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com" target="_blank">kraishak.edu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi <span style="color:rgb(31,31,31);font-size:0.875rem;font-family:"Google Sans",Roboto,RobotoDraft,Helvetica,Arial,sans-serif">Darren & </span><span style="color:rgb(0,0,0);font-family:Times;font-size:medium">Owen DeLong</span><div><font color="#000000" face="Times" size="3"><br></font><div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Thanks for your reply and for sharing the information. I have trouble dealing with multiple subnets in kea-dhcpv6 mode.</span></font></div></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div>Previously, I used ISC DHCPv6, where I successfully obtained leases from both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this setup, the OPNsense router was configured as a relay with the IP 2001:470:edb5:200::23.(server IP, not router IP)<br><br>After migrating to Kea DHCPv6, leases are being assigned correctly within the local subnet, but clients from 2001:470:edb5:300::/64 are unable to obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a client requests a lease from the relayed subnet. However, a network traffic capture confirms that packets are being forwarded correctly, yet my Kea server does not respond. <br><br>### Troubleshooting Steps Attempted: <br>1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64 subnet, using the Kea server's IP address → No success. <br>2. Updated the `relay-ip` statement in the ......300::/64 subnet to match 2001:470:edb5:300::1, as observed in the packet capture → No success. <br><br>A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows identical behavior, yet Kea is not assigning leases for the relayed subnet. <br><br></div><div>Here is my config </div><div><i>{<br> "Dhcp6": {<br> "interfaces-config": {<br> "interfaces": ["ens192"] # The network interface the DHCPv6 server listens on<br> },<br><br> "multi-threading": {<br> "packet-queue-size": 28,<br> "enable-multi-threading": true,<br> "thread-pool-size": 4<br> },<br> <br> "lease-database": {<br> "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",<br> "type": "memfile", # In-memory lease database (useful for testing)<br> "persist": true # Save leases to disk<br> },<br> <br> "preferred-lifetime": 3000,<br> "valid-lifetime": 4000,<br> <br> "renew-timer": 1000,<br> "rebind-timer": 2000,<br><br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Define DNS servers for clients<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>" # Domain search list<br> }<br> ],<br><br> "subnet6": [<br> {<br> "subnet": "2001:470:edb5:200::/64", # The subnet from which addresses are allocated<br> "interface": "ens192",<br> "pools": [<br> {"pool": "2001:470:edb5:200::2-2001:470:edb5:200::15"},<br> {"pool": "2001:470:edb5:200::3e-2001:470:edb5:200::51"},<br> {"pool": "2001:470:edb5:200::52-2001:470:edb5:200::65"}<br> ],<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> },<br> {<br> "subnet": "2001:470:edb5:300::/64", # The subnet from which addresses are allocated<br> "pools": [<br> {"pool": "2001:470:edb5:300::16-2001:470:edb5:300::1f"},<br> {"pool": "2001:470:edb5:300::2-2001:470:edb5:300::b"},<br> {"pool": "2001:470:edb5:300::c-2001:470:edb5:300::15"}<br> ],"relay": {<br> "ip-addresses": ["2001:470:edb5:300::1" ]<br> },<br> <br> "preferred-lifetime": 600,<br> "valid-lifetime": 1200,<br> "option-data": [<br> {<br> "name": "dns-servers",<br> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet<br> },<br> {<br> "name": "domain-search",<br> "data": "<a href="http://tester.com" target="_blank">tester.com</a>"<br> }<br> ]<br> }<br><br> ],<br><br> # Logging configuration<br> <br> "loggers": [{<br> "name": "kea-dhcp6",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6.log"<br> }],<br> "severity": "INFO",<br> "debuglevel": 99<br> },<br> {<br> "debuglevel": 99,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-packets.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.packets"<br> },<br> {<br> "debuglevel": 55,<br> "severity": "DEBUG",<br> "output_options": [{<br> "output": "/var/log/kea-dhcp6-leases.log",<br> "maxver": 5,<br> "flush": true,<br> "maxsize": 10240000<br> }],<br> "name": "kea-dhcp6.leases"<br> }<br><br><br>]<br> }<br>}</i></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px">Traffic capture screenshot of kea</span></font></div><div><img src="cid:ii_m7ebw37i0" alt="image.png" width="562" height="155"><br></div><div>Traffic capture screenshot of ISC(ISC granted lease)</div><div><img src="cid:ii_m7ebxi9u1" alt="image.png" width="562" height="111"><br></div><div><br></div><div><div>Would appreciate insights on potential configuration mistakes, if any, in my Kea DHCPv6 config, </div><br></div><div>Thanks in Advance </div><div>Kraishak</div><div><br></div><div><font color="#1f1f1f" face="Google Sans, Roboto, RobotoDraft, Helvetica, Arial, sans-serif"><span style="font-size:14px"><br></span></font></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <<a href="mailto:darren.ankney@gmail.com" target="_blank">darren.ankney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Kraishak,<br>
<br>
> Q)<br>
> 1)Is it mandatory to add the interface line in every subnet6 section, unlike subnet4<br>
<br>
subnet4 will most likely need the interface specified for a local<br>
subnet as well (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client</a>).<br>
<br>
> 2)If that is mandatory, how can I use multiple subnets? Let's say I have one more network range using the same DHCPv6 appliance, but I don't have any interface on the box. How can we use that<br>
<br>
It is indeed mandatory, for the same reason (see here:<br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection</a>).<br>
<br>
If you have another subnet to which the DHCP server has no interface<br>
attached, then there will be a relay agent forwarding the traffic to<br>
the DHCP server. Then you will use the "relay: {}" mechanism (see<br>
here: <a href="https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet</a>).<br>
But you may not have to if the relay agent source IP is actually part<br>
of one of the subnets configured on your DHCP server.<br>
<br>
Thank you,<br>
Darren Ankney<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
</blockquote></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>