"
Hello all,
We are running two physical firewalls with opnsense (version OPNsense 24.4.3-amd64). If we run the service in HA mode (Settings > HA enabled, configured server name as well as peers with machine names) we run into the following issue:
2025-03-12T13:14:30 Error kea-dhcp4 ERROR [kea-dhcp4.ha-hooks.0x83a362400] HA_TERMINATED HA service terminated due to an unrecoverable condition. Check previous error message(s), address the problem and restart!
2025-03-12T13:14:30 Error kea-dhcp4 ERROR [kea-dhcp4.ha-hooks.0x83a362400] HA_LEASE_UPDATE_REJECTS_CAUSED_TERMINATION too many rejected lease updates cause the HA service to terminate
On the documentation for keaDHCP (https://kea.readthedocs.io/en/latest/kea-messages.html) i read that this is due to the current value exceeding the definition in max-rejected-lease-updates. Is there a way to check / change this value in OpnSense?
After HA Mode is Terminated, even changing a lease reservation will cause the dhcp server to crash with:
INFO [kea-dhcp4.ha-hooks.0x83bce5800] HA_TERMINATED_RESTART_PARTNER waiting for the partner in the TERMINATED state to be restarted
INFO [kea-dhcp4.ha-hooks.0x831bea000] HA_LOCAL_DHCP_DISABLE local DHCP service is disabled while the fw1 is in the WAITING state
Informational kea-dhcp4 INFO [kea-dhcp4.dhcp4.0x8341f0000] DHCP4_SHUTDOWN server shutdown
- Would changing the max-rejected-lease-updates value resolve this issue?
- What could be causing the lease updates to fail? We have around 20 VLANs, one VLAN (19 netmask) is being served from external DHCP Server.
- Should we revert to ISC DHCP and/or turn off HA on the KeaDHCP?
- Will there be a fix in a newer version or is this planned?
Thank you for one (or several) answers :)
sha256
We are running two physical firewalls with opnsense (version OPNsense 24.4.3-amd64). If we run the service in HA mode (Settings > HA enabled, configured server name as well as peers with machine names) we run into the following issue:
2025-03-12T13:14:30 Error kea-dhcp4 ERROR [kea-dhcp4.ha-hooks.0x83a362400] HA_TERMINATED HA service terminated due to an unrecoverable condition. Check previous error message(s), address the problem and restart!
2025-03-12T13:14:30 Error kea-dhcp4 ERROR [kea-dhcp4.ha-hooks.0x83a362400] HA_LEASE_UPDATE_REJECTS_CAUSED_TERMINATION too many rejected lease updates cause the HA service to terminate
On the documentation for keaDHCP (https://kea.readthedocs.io/en/latest/kea-messages.html) i read that this is due to the current value exceeding the definition in max-rejected-lease-updates. Is there a way to check / change this value in OpnSense?
After HA Mode is Terminated, even changing a lease reservation will cause the dhcp server to crash with:
INFO [kea-dhcp4.ha-hooks.0x83bce5800] HA_TERMINATED_RESTART_PARTNER waiting for the partner in the TERMINATED state to be restarted
INFO [kea-dhcp4.ha-hooks.0x831bea000] HA_LOCAL_DHCP_DISABLE local DHCP service is disabled while the fw1 is in the WAITING state
Informational kea-dhcp4 INFO [kea-dhcp4.dhcp4.0x8341f0000] DHCP4_SHUTDOWN server shutdown
- Would changing the max-rejected-lease-updates value resolve this issue?
- What could be causing the lease updates to fail? We have around 20 VLANs, one VLAN (19 netmask) is being served from external DHCP Server.
- Should we revert to ISC DHCP and/or turn off HA on the KeaDHCP?
- Will there be a fix in a newer version or is this planned?
Thank you for one (or several) answers :)
sha256
