Stefan G. Weichinger <li...@xunil.at> wrote:
>> I will start by stopping one of my 2 kea-nodes, and then remove the VLAN
>> interfaces on the remaining one. Plus enable the DHCP-relay, plus adding
>> that fw-rule.
>> In kea I have to remove the various vlan-interfaces and edit the subnets to
>> all listen on the same and only LAN-interface.
>
> Did my changes but today there are no more workers on site there so it's a
> bit hard to test for me from remote.
>
> Went back to the old setup for now.
>
> questions around config:
>
> Could I remove the separate interface lines from the subnets:
>
>
> {
> "interface": "enp0s31f6", # THIS LINE
> "id": 3,
> "subnet": "192.168.103.0/24",
>
>
> In the first lines I already have:
>
>
> {
> "Dhcp4": {
> "interfaces-config": {
> "interfaces": [ "enp0s31f6" ],
> "dhcp-socket-type": "raw",
> "service-sockets-require-all": false,
> "service-sockets-max-retries": 1000,
> "service-sockets-retry-wait-time": 10000
> },
>
>
> That defines the interface anyway, right?
I think so, but I’m not a Kea user and have only had a fairly quick look at the
documentation - most of the previous advice is based on relaying being generic
and not really affecting server config much/at all.
With dhcpd (where my experience is for about 25 years !), the only config for
interfaces is to specify which ones to listen on.
> "dhcp-socket-type" is ok? "raw" seems to be the default anyway.
The manual at
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration
says :
> Kea supports responding to directly connected clients which do not have an
> address configured. This requires the server to inject the hardware address
> of the destination into the data-link layer of the packet being sent to the
> client. The DHCPv4 server uses raw sockets to achieve this, and builds the
> entire IP/UDP stack for the outgoing packets. The downside of raw socket use,
> however, is that incoming and outgoing packets bypass the firewalls (e.g.
> iptables).
> Using UDP sockets automatically disables the reception of broadcast packets
> from directly connected clients. This effectively means that UDP sockets can
> be used for relayed traffic only. When using raw sockets, both the traffic
> from the directly connected clients and the relayed traffic are handled.
So it’s clear that you want to keep raw sockets (default, no need to specify
it) if you have any locally connected clients - but if you have no locally
connected clients and want packets to pass through a firewall then use UDP.
Also, looking at
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#dhcp4-subnet-selection
it seems fairly clear that you don’t need to tie subnets to interfaces in the
config - simply defining the interfaces to listen on, and the subnets to be
served, is sufficient for the server to automagically associate clients with
the right subnet.
Simon
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
