Hello everyone,
I'm currently trying to get Kea DHCPv6 to work with a FortiGate (model 900D) as
a DHCPv6 relay agent. Unfortunately, although Kea receives the relay-forward
packets (confirmed via tcpdump), it does not respond at all — and worse, it
doesn't even log any processing activity or errors.
I run Kea in debug mode with `debuglevel 99`, and I see no indication that Kea
is handling the packets. The system has no firewall active, and the
relay-forward messages appear correct.
Details:
- OS: Ubuntu 24.04
- Kea version: 2.5.6
- IP6: fd10::1/64
- IP6 GW: fd10::256
- Relay: FortiGate 900D
- Relay link-address: `fd20::254`
- Interface-ID: `00000044` (binary format)
- Kea is listening on interface `ens33`
- No IPv6 forwarding enabled (`net.ipv6.conf.all.forwarding = 0`)
- Firewall is inactive (`ufw status` and `ip6tables -L` confirm)
I’ve tried several variations with `interface-id` in the config, including the
escaped binary version. Nothing results in Kea processing or responding to the
packets.
Here’s the **relevant Kea configuration**:
```json
{
"Dhcp6": {
"interfaces-config": {
"interfaces": [ "ens33" ]
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp6.leases",
"lfc-interval": 3600
},
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "stdout"
}
],
"severity": "DEBUG",
"debuglevel": 99
}
],
"shared-networks": [
{
"name": "shared1",
"relay": {
"ip-addresses": [ "fd20::254" ]
},
"subnet6": [
{
"id": 1,
"subnet": "fd20::/64",
"interface-id": "\u0000\u0000\u0000D",
"pools": [
{
"pool": "fd20::10 - fd20::ffff"
}
],
"option-data": [
{
"name": "dns-servers",
"code": 23,
"space": "dhcp6",
"data": "fd10::1"
},
{
"name": "domain-search",
"code": 24,
"space": "dhcp6",
"data": "domain.com"
}
]
}
]
}
]
}
}
Here’s a short tcpdump excerpt, confirming Kea receives the relay-forward
packet:
23:23:32.316253 IP6 _gateway.dhcpv6-server > dhcp04.dhcpv6-server:
dhcp6 relay-fwd (linkaddr=fd20::254 peeraddr=fe80::b450:e39e:1239:30d
(relay-message (dhcp6 solicit (xid=87f8d9 ... )))
(interface-ID 00000044...))
At this point, I’m not sure if the issue is:
• A misconfiguration in my Kea config (e.g., interface-id
encoding)?
• An incompatibility with FortiGate relay packets?
• A limitation or bug in Kea?
I’d really appreciate any insights or suggestions on what to try next.
Thanks in advance!
Best regards,
Ugur
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-users
