<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:601575716;
mso-list-type:hybrid;
mso-list-template-ids:1056364310 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">Hello Ugur,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">Two suggestions:<o:p></o:p></span></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">I include the IPv6 Address in interfaces:<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">"Dhcp6": {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "interfaces-config": {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "interfaces": [ "ens224/fc00:d2c0:10:170::23" ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<ol style="margin-top:0in" start="2" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">I turn up many more loggers to see everything when testing in LAB . Specifically – turn up the packets to see if you
are getting the packet to Kea.<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif">"loggers": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "name": "kea-dhcp6",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "severity": "DEBUG",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "debuglevel": 99,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output_options": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output": "/var/log/kea/dhcp6.log",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "maxver": 10<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "name": "kea-dhcp6.lease-query-hooks",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "severity": "DEBUG",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "debuglevel": 99,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output_options": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output": "/var/log/kea/dhcp6-blq.log",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "maxver": 10<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "name": "kea-dhcp6.dhcpsrv",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "severity": "DEBUG",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "debuglevel": 99,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output_options": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output": "/var/log/kea/dhcp6-dhcpsrv.log",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "maxver": 10<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "name": "kea-dhcp6.leases",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "severity": "DEBUG",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "debuglevel": 99,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output_options": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output": "/var/log/kea/dhcp6-leases.log",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "maxver": 10<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> },<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "name": "kea-dhcp6.packets",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "severity": "DEBUG",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "debuglevel": 99,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output_options": [<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "output": "/var/log/kea/isc-dhcp6-like-logging.log",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> "maxver": 10<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"> ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Kea-users <kea-users-bounces@lists.isc.org> on behalf of Ugur Ucar <ugur.ucar@live.de><br>
<b>Date: </b>Wednesday, July 23, 2025 at 7:46</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black">PM<br>
<b>To: </b>kea-users@lists.isc.org <kea-users@lists.isc.org><br>
<b>Subject: </b>[Kea-users] Kea DHCPv6 does not respond to relay-forward packets from FortiGate<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Hello everyone,<br>
<br>
I'm currently trying to get Kea DHCPv6 to work with a FortiGate (model 900D) as a DHCPv6 relay agent. Unfortunately, although Kea receives the relay-forward packets (confirmed via tcpdump), it does not respond at all — and worse, it doesn't even log any processing
activity or errors.<br>
<br>
I run Kea in debug mode with `debuglevel 99`, and I see no indication that Kea is handling the packets. The system has no firewall active, and the relay-forward messages appear correct.<br>
<br>
Details:<br>
<br>
- OS: Ubuntu 24.04<br>
- Kea version: 2.5.6<br>
- IP6: fd10::1/64<br>
- IP6 GW: fd10::256<br>
- Relay: FortiGate 900D<br>
- Relay link-address: `fd20::254`<br>
- Interface-ID: `00000044` (binary format)<br>
- Kea is listening on interface `ens33`<br>
- No IPv6 forwarding enabled (`net.ipv6.conf.all.forwarding = 0`)<br>
- Firewall is inactive (`ufw status` and `ip6tables -L` confirm)<br>
<br>
I’ve tried several variations with `interface-id` in the config, including the escaped binary version. Nothing results in Kea processing or responding to the packets.<br>
<br>
Here’s the **relevant Kea configuration**:<br>
<br>
```json<br>
{<br>
"Dhcp6": {<br>
"interfaces-config": {<br>
"interfaces": [ "ens33" ]<br>
},<br>
"lease-database": {<br>
"type": "memfile",<br>
"persist": true,<br>
"name": "/var/lib/kea/dhcp6.leases",<br>
"lfc-interval": 3600<br>
},<br>
"loggers": [<br>
{<br>
"name": "kea-dhcp6",<br>
"output_options": [<br>
{<br>
"output": "stdout"<br>
}<br>
],<br>
"severity": "DEBUG",<br>
"debuglevel": 99<br>
}<br>
],<br>
"shared-networks": [<br>
{<br>
"name": "shared1",<br>
"relay": {<br>
"ip-addresses": [ "fd20::254" ]<br>
},<br>
"subnet6": [<br>
{<br>
"id": 1,<br>
"subnet": "fd20::/64",<br>
"interface-id": "\u0000\u0000\u0000D",<br>
"pools": [<br>
{<br>
"pool": "fd20::10 - fd20::ffff"<br>
}<br>
],<br>
"option-data": [<br>
{<br>
"name": "dns-servers",<br>
"code": 23,<br>
"space": "dhcp6",<br>
"data": "fd10::1"<br>
},<br>
{<br>
"name": "domain-search",<br>
"code": 24,<br>
"space": "dhcp6",<br>
"data": "domain.com"<br>
}<br>
]<br>
}<br>
]<br>
}<br>
]<br>
}<br>
}<br>
<br>
Here’s a short tcpdump excerpt, confirming Kea receives the relay-forward packet:<br>
<br>
23:23:32.316253 IP6 _gateway.dhcpv6-server > dhcp04.dhcpv6-server: <br>
dhcp6 relay-fwd (linkaddr=fd20::254 peeraddr=fe80::b450:e39e:1239:30d<br>
(relay-message (dhcp6 solicit (xid=87f8d9 ... )))<br>
(interface-ID 00000044...))<br>
<br>
At this point, I’m not sure if the issue is:<br>
• A misconfiguration in my Kea config (e.g., interface-id encoding)?<br>
• An incompatibility with FortiGate relay packets?<br>
• A limitation or bug in Kea?<br>
<br>
I’d really appreciate any insights or suggestions on what to try next.<br>
<br>
Thanks in advance!<br>
<br>
Best regards,<br>
Ugur<br>
<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at
<a href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
Kea-users@lists.isc.org<br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users">https://lists.isc.org/mailman/listinfo/kea-users</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>