Messages

Hi Franco,

I poked these 2 nodes a fair amount over the weekend, trying to get the issue to occur again, and have been unable to do so.  The screenshot I posted immediately after first setup, before rebooting both nodes.  Since the reboot, I've been unable to get the defined relays, or new relays, to become red.  And even when they were read, dhcp relay appeared to work.

So, maybe the trick is after first setup, reboot the node.

Thanks again and best of luck!

Al

Hi Franco,

I can have CheckMK look for the processes to ensure all are running.

I see the log in the GUI but it's always blank and I do not know how to have it start logging.  Is there a log in the CLI I can look at?

I did see 2 processes per relay for anything green.  Didn't notice (my bad) for the reds.

I'll poke it some more and see how it goes.

Thanks!
Al

Hello Franco,

I tested this further.  DHCP Relay works as you described.  The only "oddity" is when modifying (enable/disable) a relay, very intermittently it comes up red however DHCP relay still works.  A reboot fixes that.  I tried to stop/start again and 9 / 10 times the status would show green.  I did an HA Sync, nothing was green on the standby dashboard, and no matter how I enabled/disabled/etc, they would not change. A reboot of the standby node fixed it and the relays came up green and stayed that way even after enable/disable.

Thanks for the feedback and clarification on how DHCP Relay works in HA/CARP.

Have a good one!

Al

I'll do some more testing.  I did see on the CLI there are 2 processes for each defined relay on the first node, I don't recall looking on the second node to see the status, only that in the dashboard they were not running.

One last observation from some testing with CARP/HA.

I've added DHCRelay to the XMLRPC Sync under HA Settings and performed a sync.

When the CARP interfaces fail over to the standby node (2) , the DHCRelay services stay running on node 1, and never become active on node 2.

Not sure this is expected behavior.  My assumption is that since there's an option under HA Sync that it might work with HA.

Franco, thanks for the replies, they are very much appreciated!!!

There is one relay per gateway interface on the VLANs I want to relay for.

I did find a problem unrelated in testing, my standby KEA server had a very old global option name server config that I'd neglected to update during previous changes, doubt it'd be related.

Have a great day!

Al

Rebooting the opnsense node has brought all DHCP Relays to green status.

In spite of the service showing red on the GUI, DHCP relay is working.

I have a test VM that I've been using to test this change to ensure its working on all VLANs.  The st VM is getting an IP address on all the defined relays.  It's getting IP addresses on all the VLANs when I move the test VM between the VLANs.  And the KEA logs are showing that for that test VM, DHCP traffic is coming from the OPNSense server to the Kea server.

Code Select Expand

Sep 17 15:23:38 infra-01 kea-dhcp4[18584]: INFO  DHCP4_QUERY_LABEL received query: [hwtype=1 bc:24:11:0b:2c:8a], cid=[ff:ca:53:09:5a:00:02:00:00:ab:11:fe:32:c4:10:63:9d:d9:b2], tid=0x8904150a
Sep 17 15:23:38 infra-01 kea-dhcp4[18584]: INFO  DHCP4_PACKET_RECEIVED [hwtype=1 bc:24:11:0b:2c:8a], cid=[ff:ca:53:09:5a:00:02:00:00:ab:11:fe:32:c4:10:63:9d:d9:b2], tid=0x8904150a: DHCPREQUEST (type 3) received from 10.10.5.2 to 10.10.2.4 on interface ens18
Sep 17 15:23:38 infra-01 kea-dhcp4[18584]: INFO  DHCP4_INIT_REBOOT [hwtype=1 bc:24:11:0b:2c:8a], cid=[ff:ca:53:09:5a:00:02:00:00:ab:11:fe:32:c4:10:63:9d:d9:b2], tid=0x8904150a: client is in INIT-REBOOT state and requests address 10.10.8.102
Sep 17 15:23:38 infra-01 kea-dhcp4[18584]: INFO  DHCP4_PACKET_SEND [hwtype=1 bc:24:11:0b:2c:8a], cid=[ff:ca:53:09:5a:00:02:00:00:ab:11:fe:32:c4:10:63:9d:d9:b2], tid=0x8904150a: trying to send packet DHCPNAK (type 6) from 10.10.2.4:67 to 10.10.5.2:67 on interface ens18


EDIT: The log above is for the VM attached on the User relay which is showing red in the GUI.

Thanks Franco!  I just noticed too that the "new" services representing the new relays are red also on the dashboard, hadn't noticed it before.

How can I enable logging for the DHCP relay service to help troubleshoot why DHCP relay is working on some interfaces and not others?  In the General log I see

Code Select Expand

/usr/local/sbin/pluginctl: plugins_configure dhcrelay (execute task : dhcrelay_configure_do(1,))

Hello All,

Do the status colors on the DHCP Relay -> Configuration -> Relays page have a meaning?  Out of 6 defined relays, 2 are green, 4 are red.  All are working.

I was really glad to see ISC Kea make it into OPNsense.  Unfortunately Kea on OPNsense does not have the same feature set as roll your own ISC kea with ISC Bind and High Availability.

I see that each release is adding of Kea on OPNsense is adding more and more functionality which I think is great.

Hopefully on OPNsense, at some point whatever DNS server comes into the mix with continued improvement of Kea will allow users running OPNSense CARP/HA to have DHCP and DNS high availability as well, allowing us to drop a couple of external servers.  ;D

Updated the 2nd node of my 2-node HA/CARP cluster from 24.1.10_3 to 24.7r1, then to r2, today to 24.7.  No problems with the upgrade, or CARP/HA.  The 2nd node is normally the standby node however since the updates, I've been forcing it to be the primary.  No problems at all.

Brand new install using 2 Proxmox VMs, w/ CARP.  Working perfectly.  The only issue I noticed was that the wizard did not apply the settings entered.  I noticed later in the System -> Settings -> General page.  No biggie to fix, just entered the settings there and moved on.

Looking forward to being able to replace ISC Kea running on 2 VMs w/ ISC Kea integrated with OPNsense, just needs a few more features :)

Thanks for the hard work!!!

Al

For others that might have the same issue and not have the "Resolve plugin conflicts" button, which I did not see on the firmware status page either.

For the button "Resolve plugin conflicts" to show up, I had to run an audit on the Status page, and then select "Health".  Once that completed the "Resolve plugin conflicts showed up with action.  When I selected "Resolve all local conflicts" and the action was completed, the button disappeared again.

Hope that helps someone.

Outstanding, that did the trick!  Thanks again for your help on this and the update issue.