Messages

Agreed - very strange.

I'm not a code wizard, but is there a way to directly monitor the hooks /sockets for activity?

Something relatively simple that I can use to help debug?

Or a way to set a flag for generating debug information in the hooks themselves?

Code Select Expand

# /usr/local/opnsense/scripts/kea/get_kea_leases.py --proto inet6
#
# /usr/local/opnsense/scripts/kea/get_kea_leases.py --proto inet
{"records":[{"address":"192.168.144.3","prefix_len":128,"type":"","hwaddr":"24:5e:be:74:d2:4b","duid":"","client_id":"01:24:5e:be:74:d2:4b","iaid":"","valid_lifetime":86400,"expire":1778926767,"hostname"...

The hook library is there (both dhcp6 and dhcp4):

Code Select Expand

    "hooks-libraries": [
      {
        "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
      },
      {
        "library": "/usr/local/lib/kea/hooks/libdhcp_host_cmds.so"
      }
    ],
The script works - but only returns IPv4 leases...

So this one is weird.

If you recall, I'm the oddball that uses manual configs for my DHCP setup (the whole Cable Modem shared network /IP thing).

With the latest update to v26.1.8_5, the DHCP6 server has started exhibiting strange behavior.

Setting the stage...

The OpnSense Kea platform is the only DHCPv6 in my environment.

It appears to be the latest version from OpnSense:

Code Select Expand

# kea-dhcp6 -v
3.0.3
With the "Shared Networks" config in `kea-dhcp6.conf`, I can run the extended tests and they come back clean:

Code Select Expand

# kea-dhcp6 -T /usr/local/etc/kea/kea-dhcp6.conf
2026-05-15 12:10:01.791 WARN  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-05-15 12:10:01.791 WARN  [kea-dhcp6.dhcp6/71095.0x4b07eb05c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-05-15 12:10:01.792 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully closed
2026-05-15 12:10:01.793 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_host_cmds.so successfully closed
2026-05-15 12:10:01.793 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:579:4c:2700::/64 with params: t1=21600, t2=37800, preferred-lifetime=27000, valid-lifetime=43200, rapid-commit is false
2026-05-15 12:10:01.793 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fde4:b3e2:db9e:1000::/64 with params: t1=21600, t2=37800, preferred-lifetime=27000, valid-lifetime=43200, rapid-commit is false
2026-05-15 12:10:01.794 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:579:4c:2701::/64 with params: t1=21600, t2=37800, preferred-lifetime=27000, valid-lifetime=43200
2026-05-15 12:10:01.794 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fde4:b3e2:db9e:2000::/64 with params: t1=21600, t2=37800, preferred-lifetime=27000, valid-lifetime=43200
2026-05-15 12:10:01.794 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-05-15 12:10:01.794 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface ixl0
2026-05-15 12:10:01.794 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface vlan01
2026-05-15 12:10:01.796 INFO  [kea-dhcp6.lease-cmds-hooks/71095.0x4b07eb05c008] LEASE_CMDS_INIT_OK loading Lease Commands hooks library successful
2026-05-15 12:10:01.796 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_LOADED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully loaded
2026-05-15 12:10:01.797 INFO  [kea-dhcp6.host-cmds-hooks/71095.0x4b07eb05c008] HOST_CMDS_INIT_OK loading Host Commands hooks library successful
2026-05-15 12:10:01.797 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_LOADED hooks library /usr/local/lib/kea/hooks/libdhcp_host_cmds.so successfully loaded
2026-05-15 12:10:01.797 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-05-15 12:10:01.797 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 17 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.hosts/71095.0x4b07eb05c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.dhcpsrv/71095.0x4b07eb05c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.database/71095.0x4b07eb05c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.host-cmds-hooks/71095.0x4b07eb05c008] HOST_CMDS_DEINIT_OK unloading Host Commands hooks library successful
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.lease-cmds-hooks/71095.0x4b07eb05c008] LEASE_CMDS_DEINIT_OK unloading Lease Commands hooks library successful
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_host_cmds.so successfully closed
2026-05-15 12:10:01.798 INFO  [kea-dhcp6.hooks/71095.0x4b07eb05c008] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully closed
The server starts and tracks handing out addresses from the 2001:579:4c:2700:: range, but does not log anything in the fde4:b3e2:db9e:1000:: range.

Code Select Expand

2026-05-15T09:26:13-05:00Informationalkea-dhcp6INFO [kea-dhcp6.dhcpsrv.0x515279a5c008] DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
2026-05-15T09:26:11-05:00Informationalkea-dhcp4INFO [kea-dhcp4.dhcpsrv.0x516d8645c008] DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: /usr/local/sbin/kea-lfc -4 -x /var/db/kea/kea-leases4.csv.2 -i /var/db/kea/kea-leases4.csv.1 -o /var/db/kea/kea-leases4.csv.output -f /var/db/kea/kea-leases4.csv.completed -p /var/db/kea/kea-leases4.csv.pid -c ignored-path
2026-05-15T09:26:11-05:00Informationalkea-dhcp4INFO [kea-dhcp4.dhcpsrv.0x516d8645c008] DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
2026-05-15T09:20:51-05:00Informationalkea-dhcp6INFO [kea-dhcp6.commands.0x515279a5c008] COMMAND_RECEIVED Received command 'lease6-get-all'
2026-05-15T09:20:51-05:00Informationalkea-dhcp6INFO [kea-dhcp6.commands.0x515279a5c008] COMMAND_RECEIVED Received command 'config-get'
2026-05-15T09:20:49-05:00Informationalkea-dhcp4INFO [kea-dhcp4.commands.0x516d8645c008] COMMAND_RECEIVED Received command 'lease4-get-all'
2026-05-15T09:20:49-05:00Informationalkea-dhcp4INFO [kea-dhcp4.commands.0x516d8645c008] COMMAND_RECEIVED Received command 'config-get'
2026-05-15T09:16:53-05:00Informationalkea-dhcp6INFO [kea-dhcp6.dhcp6.0x515279a76008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:84:69:93:8f:d0:ca], [no hwaddr info], tid=0x6e1e19
2026-05-15T09:13:19-05:00Informationalkea-dhcp6INFO [kea-dhcp6.packets.0x515279a76008] DHCP6_PACKET_SEND duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4031d4: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::469:89b5:704e:d6e9]:546 on interface ixl0
2026-05-15T09:13:19-05:00Informationalkea-dhcp6INFO [kea-dhcp6.leases.0x515279a76008] DHCP6_LEASE_ALLOC duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4031d4: lease for address 2001:579:4c:2700::3 and iaid=0 has been allocated for 43200 seconds
2026-05-15T09:13:19-05:00Informationalkea-dhcp6INFO [kea-dhcp6.packets.0x515279a76008] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4031d4: REQUEST (type 3) received from fe80::469:89b5:704e:d6e9 to ff02::1:2 on interface ixl0
2026-05-15T09:13:19-05:00Informationalkea-dhcp6INFO [kea-dhcp6.dhcp6.0x515279a76008] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4031d4
2026-05-15T09:13:18-05:00Informationalkea-dhcp6INFO [kea-dhcp6.packets.0x515279a76008] DHCP6_PACKET_SEND duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4acd6: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::469:89b5:704e:d6e9]:546 on interface ixl0
2026-05-15T09:13:18-05:00Informationalkea-dhcp6INFO [kea-dhcp6.leases.0x515279a76008] DHCP6_LEASE_ADVERT duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4acd6: lease for address 2001:579:4c:2700::3 and iaid=0 will be advertised
2026-05-15T09:13:18-05:00Informationalkea-dhcp6INFO [kea-dhcp6.packets.0x515279a76008] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4acd6: SOLICIT (type 1) received from fe80::469:89b5:704e:d6e9 to ff02::1:2 on interface ixl0
2026-05-15T09:13:18-05:00Informationalkea-dhcp6INFO [kea-dhcp6.dhcp6.0x515279a76008] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0], [no hwaddr info], tid=0x4acd6
Despite that, clients receive both 2001:579:4c:2700:: and fde4:b3e2:db9e:1000 addresses from OpnSense/Kea.

Code Select Expand

   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:579:4c:2700::4(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, May 14, 2026 23:40:48
   Lease Expires . . . . . . . . . . : Friday, May 15, 2026 22:55:48
   IPv6 Address. . . . . . . . . . . : 2001:579:4c:2700:67e0:5d83:785d:2d2c(Preferred)
   IPv6 Address. . . . . . . . . . . : fde4:b3e2:db9e:1000:2941:55e:e973:29ad(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:579:4c:2700:e992:445d:788e:8d84(Preferred)
   Temporary IPv6 Address. . . . . . : fde4:b3e2:db9e:1000:8141:11bc:3518:2088(Deprecated)
   Link-local IPv6 Address . . . . . : fe80::1f87:9cc:d92e:b807%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.144.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 12, 2026 23:33:42
   Lease Expires . . . . . . . . . . : Saturday, May 16, 2026 04:22:55
On top of it all, even though there are leases recorded in the `/var/log/db/kea/kea-leases6.csv` and `/var/log/db/kea/kea-leases.csv.2` files, the WebUI reports no results found (screen capture attached).

Code Select Expand

# cat /var/db/kea/kea-leases6.csv.2
address,duid,valid_lifetime,expire,subnet_id,pref_lifetime,lease_type,iaid,prefix_len,fqdn_fwd,fqdn_rev,hostname,hwaddr,state,user_context,hwtype,hwaddr_source,pool_id
2001:579:4c:2700::1,00:03:00:01:ac:5a:f0:32:d4:46,43200,1778886008,1,27000,0,4029862982,128,1,1,dynamic-2001-579-4c-2700--1.lan.null-route.us.,ac:5a:f0:32:d4:46,0,,1,2,0
2001:579:4c:2700::2,00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0,43200,1778895409,1,27000,0,1,128,1,1,dynamic-2001-579-4c-2700--2.lan.null-route.us.,6c:7e:67:bb:73:f0,0,,1,2,0
2001:579:4c:2700::3,00:01:00:01:2d:a9:af:f9:6c:7e:67:bb:73:f0,43200,1778897599,1,27000,0,0,128,1,1,dynamic-2001-579-4c-2700--3.lan.null-route.us.,6c:7e:67:bb:73:f0,0,,1,2,0
2001:579:4c:2700::4,00:01:01:00:2f:06:d4:e6:9c:6b:00:aa:e2:94,43200,1778890248,1,27000,0,127691520,128,0,1,dynamic-2001-579-4c-2700--4.lan.null-route.us.,9c:6b:00:aa:e2:94,0,,256,2,0
2001:579:4c:2700::5,00:04:e1:18:49:99:32:fc:ad:1a:6e:cd:4b:f4:8c:94:e4:d2,43200,1778884562,1,27000,0,3055685611,128,1,1,dynamic-2001-579-4c-2700--5.lan.null-route.us.,,0,,,,0
2001:579:4c:2700::6,00:04:14:01:94:3d:5e:e1:43:c6:ef:f0:2f:6e:d3:15:9b:36,43200,1778889956,1,27000,0,726689589,128,1,1,dynamic-2001-579-4c-2700--6.lan.null-route.us.,,0,,,,0
2001:579:4c:2700::7,00:04:7d:69:f4:9b:51:6d:d2:61:44:7e:be:66:23:bb:f8:af,43200,1778890603,1,27000,0,4174257057,128,1,1,dynamic-2001-579-4c-2700--7.lan.null-route.us.,,0,,,,0
2001:579:4c:2700::8,00:04:47:f8:73:e6:1d:05:55:e8:aa:1b:a0:8a:7c:50:84:9b,43200,1778890230,1,27000,0,726689589,128,1,1,dynamic-2001-579-4c-2700--8.lan.null-route.us.,,0,,,,0
2001:579:4c:2700:aab:4e87:b033:ca45,00:03:00:01:bc:32:b2:a9:57:35,86392,1778896156,1,14392,0,0,128,1,1,,bc:32:b2:a9:57:35,4,,1,2,0
2001:579:4c:2700:1f60:865e:90da:b0cd,00:03:00:01:58:79:e0:21:af:00,86393,1778895689,1,14393,0,0,128,1,1,,58:79:e0:21:af:00,4,,1,2,0
2001:579:4c:2700:2177:9653:8512:3125,00:03:00:01:bc:32:b2:a9:57:35,86392,1778932177,1,14392,0,0,128,1,1,,bc:32:b2:a9:57:35,4,,1,2,0
2001:579:4c:2700:2659:ac73:43d1:1a7f,00:03:00:01:58:79:e0:21:af:00,86392,1778895688,1,14392,0,0,128,1,1,,58:79:e0:21:af:00,4,,1,2,0
2001:579:4c:2700:5df4:3144:fa64:a004,00:03:00:01:ac:c0:48:f0:79:89,86393,1778929395,1,14393,0,0,128,1,1,,ac:c0:48:f0:79:89,4,,1,2,0
2001:579:4c:2700:9efa:b659:3293:8bf2,00:03:00:01:bc:32:b2:a9:57:35,86393,1778896089,1,14393,0,0,128,1,1,,bc:32:b2:a9:57:35,4,,1,2,0
2001:579:4c:2700:c864:942c:b236:4510,00:03:00:01:ac:c0:48:f0:79:89,86393,1778929395,1,14393,0,0,128,1,1,,ac:c0:48:f0:79:89,4,,1,2,0
2001:579:4c:2700:cc20:ce97:a15c:252c,00:03:00:01:bc:32:b2:a9:57:35,86392,1778932178,1,14392,0,0,128,1,1,,bc:32:b2:a9:57:35,4,,1,2,0
My config files for Kea DHCP haven't changed since v25.* (and were working as expected in that release series), so I'm not sure what's going on here...

Any thoughts?  Clues?  Other things for me to dig out and post for review?

Part of digging in to the new DDNS options (and my subsequent Github request for a "manual" flag), lead to reviewing logs.

I notice that in the latest 26.1.6 release of Kea, where the WebUI searches for lease information has changed.

It used to be that the "standard" was to send tagged logs ("kea-dhcp4" or "kea-dhcp6") to "syslog".

With the update from 26.1.5 to 26.1.6, the "leases" screens show "No results found", even though the CSV files are present in /var/db/kea.

The built-in ".sample" files now have the log output set as "kea-dhcp4.log" or "kea-dhcp6.log" versus "syslog", so I switched over and restarted the daemons.

Leases were being posted in "syslog" and are now being posted in "kea-dhcp4" or "6" log, but the WebUI still shows "No results found".

Where should the daemons be logging in this release?

Is there a custom location for leases information with the latest update?  If so, where should I post lease data?

Thank you.

Update to v26.1.6 didn't add any new options /fields in the Kea DDNS or DHCP tabs.

https://github.com/opnsense/ports/issues/265 filed at GitHub to request the "Manual" flag.

Thank you!

Under each subnet's settings there are the DDNS options.

If you're using the WebUI, you are 100% correct.

Unfortunately, I'm weird and roll my own config file manually - which removes the option from the WebUI.

Update to v26.1.6 didn't add any new options /fields in the Kea DDNS or DHCP tabs.

https://github.com/opnsense/ports/issues/265 filed at GitHub to request the "Manual" flag.

Thank you!

In my firewall - these (attached) are all I see for options, configs, etc.

Nothing that looks relevant to DDNS in either of the DHCP tabs...

So I'll unwrap a bit...

I'm one of the oddballs that uses manual Kea DHCPv4 and v6 configurations, which works fine.

Prior to the "official" availability of the DDNS Agent, I was able to configure DDNS and enable it as a service.

Once it became official, my custom config file was overwritten with the default as soon as I "enabled" the Agent in the WebUI.

I did try going back to manually enabling the service, but the platform automation caught it and refreshed my config with the default.

So my working DDNS config (attached as kea-ddns-redacted.txt), becomes the default "empty" file (attached as kea-ddns-opn-default.txt).

Reading the online documentation - the only guidance seems to be "Add the DDNS config to the DHCPv4 /v6 config".

I'm guessing that the GUI config screens have updated as well to include DDNS config information, but without breaking my Kea deploy I can't disable the manual flag (I did try this in the past - it resets the config to default when I do so).

Until the "manual" option is added to the DDNS (to match DHCPv4 and v6), where can I find the template that is in use so I can use my working config in it's place?

I feel like I missed something very basic here...

Is there a way to specify a manual config file should be used versus the default template?

The various options for DHCP-DDNS (tsig-keys, ddns-domains, etc.) are overwritten with the default empty values whenever I start the Agent, and I can't seem to find where that overlay is hiding in the system.

The current OpnSense docs say to put the settings in the DHCP4 or DHCP6 files, but the DDNS variables are not recognized by those daemons.

I have a valid DDNS config (or at least the command line validation says it's all good), but the overwrite is driving me even more batty than usual.

Help?

Thank you for that link "ONT" is a new TLA for me, so my searching wouldn't have found it...

New update, new rules - I'm up and running.

Previously working in v25.* series OpnSense.

Internal LAN is 192.168.144.0/24
The ISP modem is connected to the WAN port (bridge mode) and is hard-coded to use 192.168.100.1 for it's WebUI, allowing connection only from the 192.168.100.0/24 network.

In the v25 releases I had a NAT "Outbound" rule that masked any traffic from the LAN destined for the ISP Modem to use 192.168.100.100 (any source /destination ports).

That NAT stopped working when I upgraded to v26, but I recalled that when I went from v24 to v25 the same thing happened and it required deleting and rebuilding the NAT rule.

So I rebuilt again, with no luck.

I also tried a "Source NAT" rule - again, no dice.

I cannot reach the ISP Modem WebUI (though oddly, it is ICMP pingable...), even though in the logs it _looks_ like the NAT is applying and traffic is passing:

Code Select Expand

$ ping -c 5 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=63 time=1.451 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=63 time=1.921 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=63 time=2.084 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=63 time=1.313 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=63 time=1.402 ms

--- 192.168.100.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.313/1.634/2.084/0.308 ms

$ nc -zv 192.168.100.1 80
nc: connect to 192.168.100.1 port 80 (tcp) failed: Operation timed out

WAN Out 2026-02-06T12:12:14-06:00 TCP 192.168.100.100:38311 192.168.100.1:80 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:12:14-06:00 TCP 192.168.144.17:35649 192.168.100.1:80 nat nat rule
WAN Out 2026-02-06T12:12:06-06:00 ICMP 192.168.100.100 192.168.100.1 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:12:06-06:00 ICMP 192.168.144.17 192.168.100.1 nat nat rule
WAN Out 2026-02-06T12:11:51-06:00 TCP 192.168.100.100:64757 192.168.100.1:80 pass let out anything from firewall host itself
WAN Out 2026-02-06T12:11:51-06:00 TCP 192.168.144.17:24923 192.168.100.1:80 nat nat rule
Any suggestions on what to try next?  Did I miss something in the new v26 NAT documentation?

I completely re-created the FR as Feature Request: Kea DHCP: Enable shared networks for DHCPv4 and DHCPv6, a sanity check would be appreciated if time permits...

Thank you.

I did receive an email from the core "auto-responder" - apparently my feature request used the wrong template?

There was a help link about policies, but it wasn't much help (or I am running on too little sleep and too much caffeine to fully comprehend what I need to change...).

Any clue-by-fours you can swing my direction?

https://github.com/opnsense/ports/issues/243

Has been submitted - though it appears that the project has been idle since August?

Is there a new /different Git repo where I should have dropped the request?