I’d say it is the very same problem I ran into, i.e., your DHCPv6 Kea process
is not bound to unicast v6 address on your interface eth1 when using only
interface name. Check out
https://gitlab.isc.org/isc-projects/kea/-/issues/2212#note_454562 and consider
adding the unicast IPv6 address to your interface statement.
Regards
Marek
From: Kea-users <kea-users-boun...@lists.isc.org> on behalf of Django [Bastard
Operator from Hell] via Kea-users <kea-users@lists.isc.org>
Date: Saturday, May 4, 2024 at 6:49 AM
To: kea-users@lists.isc.org <kea-users@lists.isc.org>
Cc: Django [Bastard Operator from Hell] <dja...@nausch.org>
Subject: [Kea-users] kea-dhcpv6 won't offer adresses to clients
HI,
I am currently familiarising myself with Kea and am trying to switch
from ISC-dhcpd to the new Kea server.
The distribution of IPv4 addresses works so far without any problems,
but I'm having a hard time with IPv6 and DHCPv6.
O.K. what have I done: I have installed Kea on an Arch Lunux host:
root@vml000110:~# kea-dhcp6 -v
2.4.1
The rudimentary kea-dhcp6.conf looks like this:
{
‘Dhcp6’: {
‘interfaces-config’: {
‘interfaces’: [‘eth1’]
},
‘subnet6’: [
{
‘subnet’: ‘2003:a:e0d:7607::/64’,
‘pools’: [
{
‘pool’: ‘2003:a:e0d:7607:10:0:10:1000 -
2003:a:e0d:7607:10:0:10:2000’,
‘option-data’: [
{
‘name’: ‘domain-search’,
‘data’: ‘nausch.org’
}
]
}
]
}
]
}
}
Calling kea-dhcp6 with the -t option shows the following:
root@vml000110:~# kea-dhcp6 -t /etc/kea/kea-dhcp6.conf
2024-05-04 14:29:26.477 INFO [kea-dhcp6.hosts/1936.129529300112128]
HOSTS_BACKENDS_REGISTERED the following host backend types are
available: mysql postgresql
2024-05-04 14:29:26.478 WARN [kea-dhcp6.dhcpsrv/1936.129529300112128]
DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when
multi-threading is enabled.
2024-05-04 14:29:26.478 WARN [kea-dhcp6.dhcp6/1936.129529300112128]
DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and
host reservations lookup is always performed first.
2024-05-04 14:29:26.478 WARN [kea-dhcp6.dhcpsrv/1936.129529300112128]
DHCPSRV_CONFIGURED_SUBNET_WITHOUT_ID a subnet was configured without an
id: 2003:a:e0d:7607::/64
2024-05-04 14:29:26.478 INFO [kea-dhcp6.dhcpsrv/1936.129529300112128]
DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration:
2003:a:e0d:7607::/64 with params: valid-lifetime=7200, rapid-commit is false
2024-05-04 14:29:26.478 INFO [kea-dhcp6.dhcpsrv/1936.129529300112128]
DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2024-05-04 14:29:26.478 INFO [kea-dhcp6.dhcpsrv/1936.129529300112128]
DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1
The daemon starts without any apparent problems:
root@vml000110:~# systemctl status kea-dhcp6.service
● kea-dhcp6.service - ISC Kea IPv6 DHCP daemon
Loaded: loaded (/usr/lib/systemd/system/kea-dhcp6.service;
disabled; preset: disabled)
Active: active (running) since Sat 2024-05-04 12:40:29 CEST; 1h
50min ago
Docs: man:kea-dhcp6(8)
Main PID: 1618 (kea-dhcp6)
Tasks: 9 (limit: 9510)
Memory: 2.5M (peak: 5.4M)
CPU: 415ms
CGroup: /system.slice/kea-dhcp6.service
└─1618 /usr/bin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
May 04 13:40:29 vml000110 kea-dhcp6[1618]: 2024-05-04 13:40:29.919 INFO
[kea-dhcp6.dhcpsrv/1618.130457064129280] DHCPSRV_MEMFILE_LFC_START starti>
May 04 13:40:29 vml000110 kea-dhcp6[1618]: 2024-05-04 13:40:29.921 INFO
[kea-dhcp6.dhcpsrv/1618.130457064129280] DHCPSRV_MEMFILE_LFC_EXECUTE exec>
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_START Starting lease file cleanup
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_PROCESSING Previous file: /var/lib/kea/kea-leases6.csv.2, copy file: >
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO
[DhcpLFC.dhcpsrv.128999924676480] DHCPSRV_MEMFILE_LEASE_FILE_LOAD
loading leases from file /var/lib>
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO
[DhcpLFC.dhcpsrv.128999924676480] DHCPSRV_MEMFILE_LEASE_FILE_LOAD
loading leases from file /var/lib>
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_READ_STATS Leases: 0, attempts: 2, errors: 0.
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_WRITE_STATS Leases: 0, attempts: 0, errors: 0.
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_ROTATING LFC rotating files
May 04 13:40:29 vml000110 DhcpLFC[1740]: INFO [DhcpLFC.128999924676480]
LFC_TERMINATE LFC finished processing
The relevant ports are also open:
root@vml000110:~# ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 10.0.10.110:67 0.0.0.0:*
users:((‘kea-dhcp4’,pid=892,fd=17))
udp UNCONN 0 0 10.0.0.110:67 0.0.0.0:*
users:((‘kea-dhcp4’,pid=892,fd=15))
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:((‘chronyd’,pid=491,fd=8))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:((‘chronyd’,pid=491,fd=5))
udp UNCONN 0 0 [::]:123 [::]:* users:((‘chronyd’,pid=491,fd=7))
udp UNCONN 0 0 [::1]:323 [::]:* users:((‘chronyd’,pid=491,fd=6))
udp UNCONN 0 0 [fe80::7:10:ff:fe10:110]%eth1:547 [::]:*
users:((‘kea-dhcp6’,pid=1618,fd=10))
udp UNCONN 0 0 [ff02::1:2]%eth1:547 [::]:*
users:((‘kea-dhcp6’,pid=1618,fd=11))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((‘sshd’,pid=512,fd=3))
tcp LISTEN 0 128 [::]:22 [::]:* users:((‘sshd’,pid=512,fd=4))
If I now connect a client (Linux laptop) to the dial-up router of my
ISP, I automatically get a global-scop IPv6 address from my fixed IPv6
address block! So far so good!
But if I connect my laptop to the eth1 interface of my Arch Linux host,
I get nothing! :(
# ip addr show enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 3c:97:0e:81:e4:d8 brd ff:ff:ff:ff:ff:ff:ff
inet 10.0.10.73/24 brd 10.0.10.255 scope global dynamic
noprefixroute enp0s25
valid_lft 2811sec preferred_lft 2811sec
inet6 fe80::e9a6:bb03:1544:b000/64 scope link noprefixroute
valid_lft forever preferred_lft forever
By the way, it does not matter whether the firewall is active on the
Arch Linux host or not.
If the packet filter is active, the following traffic relationships are
permitted on eth1, among others:
rule family=‘ipv6’ port port=‘546’ protocol=‘udp’ accept
rule family=‘ipv6’ port port=‘547’ protocol=‘udp’ accept
rule family=‘ipv4’ port port=‘67’ protocol=‘udp’ accept
services: dhcp dhcpv6 smtp ssh
If I use tcpdump to see what traffic to IP6 appears on eth1 of my Arch
Linux host, on which the Kea daemon is running, I ‘only’ see it:
root@vml000110:~# tcpdump -v -i eth1 | grep IP6
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length
262144 bytes
14:42:18.976611 IP6 (hlim 1, next-header Options (0) payload length: 56)
:: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6,
multicast listener report v2, 2 group record(s) [gaddr ff02::fb to_ex, 0
source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0 source(s)]
14:42:19.336692 IP6 (hlim 1, next-header Options (0) payload length: 56)
:: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6,
multicast listener report v2, 2 group record(s) [gaddr ff02::fb to_ex, 0
source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0 source(s)]
14:42:19.912693 IP6 (hlim 255, next-header ICMPv6 (58) payload length:
32) :: > ff02::1:ff44:b000: [icmp6 sum ok] ICMP6, neighbour
solicitation, length 32, who has fe80::e9a6:bb03:1544:b000
14:42:20. 936902 IP6 (hlim 1, next-header Options (0) payload length:
56) fe80::e9a6:bb03:1544:b000 > ff02::16: HBH (rtalert: 0x0000) (padn)
[icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s)
[gaddr ff02::fb to_ex, 0 source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0
source(s)]
14:42:21.078914 IP6 (flowlabel 0xf2caa, hlim 255, next-header UDP (17)
payload length: 148) fe80::e9a6:bb03:1544:b000.mdns > ff02::fb.mdns:
[udp sum ok] 0*- [0q] 2/0/0
0.0.0.b.4.4.5.1.3.0.b.b.6.a.9.e.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.
(cache flush) PTR nitropad.local., nitropad.local. (cache flush) AAAA
fe80::e9a6:bb03:1544:b000 (140)
14:42:21.179682 IP6 (flowlabel 0x05605, hlim 255, next-header ICMPv6
(58) payload length: 8) fe80::e9a6:bb03:1544:b000 > ff02::2: [icmp6 sum
ok] ICMP6, router solicitation, length 8
14:42:21. 448693 IP6 (hlim 1, next-header Options (0) payload length:
56) fe80::e9a6:bb03:1544:b000 > ff02::16: HBH (rtalert: 0x0000) (padn)
[icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s)
[gaddr ff02::fb to_ex, 0 source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0
source(s)]
14:42:22.062569 IP6 (flowlabel 0xf2caa, hlim 255, next-header UDP (17)
payload length: 149) fe80::e9a6:bb03:1544:b000.mdns > ff02::fb.mdns:
[udp sum ok] 0 [9q] PTR (QM)? _nfs._tcp.local. PTR (QM)?
_ipp._tcp.local. PTR (QM)? _ipps._tcp.local. PTR (QM)? _ftp._tcp.local.
PTR (QM)? _webdav._tcp.local. PTR (QM)? _webdavs._tcp.local. PTR (QM)?
_sftp-ssh._tcp.local. PTR (QM)? _smb._tcp.local. PTR (QM)?
_afpovertcp._tcp.local. (141)
14:42:23.258017 IP6 (flowlabel 0xf2caa, hlim 255, next-header UDP (17)
payload length: 148) fe80::e9a6:bb03:1544:b000.mdns > ff02::fb.mdns:
[udp sum ok] 0*- [0q] 2/0/0
0.0.0.b.4.4.5.1.3.0.b.b.6.a.9.e.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.
(cache flush) PTR nitropad.local., nitropad.local. (cache flush) AAAA
fe80::e9a6:bb03:1544:b000 (140)
14:42:24.885918 IP6 (flowlabel 0x05605, hlim 255, next-header ICMPv6
(58) payload length: 8) fe80::e9a6:bb03:1544:b000 > ff02::2: [icmp6 sum
ok] ICMP6, router solicitation, length 8
14:42:26.065219 IP6 (flowlabel 0xf2caa, hlim 255, next-header UDP (17)
payload length: 149) fe80::e9a6:bb03:1544:b000.mdns > ff02::fb.mdns:
[udp sum ok] 0 [9q] PTR (QM)? _nfs._tcp.local. PTR (QM)?
_ipp._tcp.local. PTR (QM)? _ipps._tcp.local. PTR (QM)? _ftp._tcp.local.
PTR (QM)? _webdav._tcp.local. PTR (QM)? _webdavs._tcp.local. PTR (QM)?
_sftp-ssh._tcp.local. PTR (QM)? _smb._tcp.local. PTR (QM)?
_afpovertcp._tcp.local. (141)
14:42:30. 148646 IP6 (hlim 1, next-header Options (0) payload length:
56) fe80::e9a6:bb03:1544:b000 > ff02::16: HBH (rtalert: 0x0000) (padn)
[icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s)
[gaddr ff02::fb to_ex, 0 source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0
source(s)]
14:42:31. 144728 IP6 (hlim 1, next-header Options (0) payload length:
56) fe80::e9a6:bb03:1544:b000 > ff02::16: HBH (rtalert: 0x0000) (padn)
[icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s)
[gaddr ff02::fb to_ex, 0 source(s)] [gaddr ff02::1:ff44:b000 to_ex, 0
source(s)]
14:42:32.326422 IP6 (flowlabel 0x05605, hlim 255, next-header ICMPv6
(58) payload length: 8) fe80::e9a6:bb03:1544:b000 > ff02::2: [icmp6 sum
ok] ICMP6, router solicitation, length 8
14:42:34.069747 IP6 (flowlabel 0xf2caa, hlim 255, next-header UDP (17)
payload length: 149) fe80::e9a6:bb03:1544:b000.mdns > ff02::fb.mdns:
[udp sum ok] 0 [9q] PTR (QM)? _nfs._tcp.local. PTR (QM)?
_ipp._tcp.local. PTR (QM)? _ipps._tcp.local. PTR (QM)? _ftp._tcp.local.
PTR (QM)? _webdav._tcp.local. PTR (QM)? _webdavs._tcp.local. PTR (QM)?
_sftp-ssh._tcp.local. PTR (QM)? _smb._tcp.local. PTR (QM)?
_afpovertcp._tcp.local. (141)
^C80 packets captured
81 packets received by filter
0 packets dropped by kernel
I have absolutely no idea what is going wrong, or where I have
misinterpreted and misconfigured something. It's probably quite simple
and I've just overlooked something. But right now I don't understand the
world anymore and can't see the wood for the trees, as they say here.
Hence my request and question. What's going on here? Where is my
(thinking) mistake? Where can I still look? What can I do to narrow down
the error further?
I am very grateful for any tips!
ttyl
Django
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
