Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - GerhardHeus

Pages1
#1
25.1, 25.4 Legacy Series / Re: Referring to CRL Distribution Point as quick hack?
February 25, 2026, 01:00:35 PM
Dear reader, I want to use opnsense managed CA and certificates within my own network of W11 and Ubuntu machines, also for RDP. W11 RDP wants to have a CRL DP. I just wonder, if it is possible to manually modify the opnsense.cnf file to add the CRL DP on my network and then this gets included in the certificates? Is it possible and will it work and are there caveats?
#2
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 13, 2026, 12:48:47 PM
Thank you Cedrik.

I did the following:
- Disconnected Frtiz
- stopped KEA DHCPv6 and deleted the csv's in /var/db/kea
- Rebooted OPNsense and power-cycled Fritz
- After OPNsense came back reconnected Fritz
- Fritz had connection buit no delegated prefix
- Started KEA DHCPv6 in OPNsense
- Saw Fritz obtained correct /60 prefix; saw no route message in KEA log also no error
- Fritz client could not reach internet via IPv6
- Restarted KEA DHCPv6 from the user interface (pressed circled arrow)
- Then I saw the route message appearing
- Everything works as expected now
#3
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 13, 2026, 11:07:07 AM
I was a bit too early with my conclusion. Once transient effects (that need time, next to reboots) had passed, I saw that Fritz was getting a single /64 delegation, but not the second one for the guest network.

The Fritz documentations says: "A FRITZ!Box expects to obtain an IPv6 prefix of 62 or fewer bits (e.g., /56 or /60) from your internet service provider (ISP)."

In my PD Pools, I have both my Prefix length and my Delegated length < 62, so I imagine that I satisfy the Fritz requirement one way or the other.

In the leases files, however, I see consistently a Prefix length of /64.

Is the designed behavior?

Now my current KEA configuration (everything anonymized) is:

root@OPNsense:/usr/local/etc/kea # cat kea-dhcp6.conf
{
    "Dhcp6": {
        "valid-lifetime": 4000,
        "interfaces-config": {
            "interfaces": [
                "igc0"
            ]
        },
        "lease-database": {
            "type": "memfile",
            "persist": true
        },
        "control-socket": {
            "socket-type": "unix",
            "socket-name": "\/var\/run\/kea\/kea6-ctrl-socket"
        },
        "loggers": [
            {
                "name": "kea-dhcp6",
                "output_options": [
                    {
                        "output": "syslog"
                    }
                ],
                "severity": "INFO"
            }
        ],
        "subnet6": [
            {
                "id": 1,
                "subnet": "2001:db8:abcd::\/48",
                "option-data": [],
                "pools": [
                    {
                        "pool": "2001:db8:abcd::1000-2001:db8:abcd::2000"
                    }
                ],
                "pd-pools": [
                    {
                        "prefix": "2001:db8:abcd:ff00::",
                        "prefix-len": 56,
                        "delegated-len": 60
                    }
                ],
                "reservations": [],
                "interface": "igc0"
            }
        ]
    }

My leases file /var/db/kea/kea-leases6.csv says:
address   duid   valid_lifetime   expire   subnet_id   pref_lifetime   lease_type   iaid   prefix_len   fqdn_fwd   fqdn_rev   hostname   hwaddr   state   user_context   hwtype   hwaddr_source   pool_id
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770975331   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770975331   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770976581   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770976581   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   0   1770972581   1   0   0   1962703124   128   0   0      0c:72:74:fc:79:14   3      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   0   1770972581   1   0   2   1962703124   64   0   0      0c:72:74:fc:79:14   3      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770977356   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770977356   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770978606   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770978606   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd::1000   00:03:00:01:0c:72:74:fc:79:14   4000   1770979856   1   2500   0   1962703124   128   0   0      0c:72:74:fc:79:14   0      1   2   0
2001:db8:abcd:ff00::   00:03:00:01:0c:72:74:fc:79:14   4000   1770979856   1   2500   2   1962703124   64   0   0      0c:72:74:fc:79:14   0      1   2   0

and my log says

2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:44:16   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc3070008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xc52c70
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x196cc3070008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x196cc3070008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:23:26   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc3070008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xd3c078
2026-02-13T10:03:52   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x196cc305c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x196cc305c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x196cc305c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T10:03:52   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x196cc305c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T10:03:52   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x196cc305c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T10:03:52   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T10:03:52   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3be0e825c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x341c8
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T10:02:35   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:49:41   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xed7f48
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e8265808] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e8265808] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:28:51   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e8265808] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x61ad20
2026-02-13T09:23:37   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup using: /usr/local/sbin/kea-lfc -6 -x /var/db/kea/kea-leases6.csv.2 -i /var/db/kea/kea-leases6.csv.1 -o /var/db/kea/kea-leases6.csv.output -f /var/db/kea/kea-leases6.csv.completed -p /var/db/kea/kea-leases6.csv.pid -c ignored-path
2026-02-13T09:23:37   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T09:08:01   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x298173
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_RENEW duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2: RENEW (type 5) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:47:12   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x1b04c2
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:22   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x5e8d9
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:26:20   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ALLOC duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for address 2001:db8:abcd::1000 and iaid=1962703124 has been allocated for 4000 seconds
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: REQUEST (type 3) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_PD_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for prefix 2001:db8:abcd:ff00::/64 and iaid=1962703124 will be advertised
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_LEASE_ADVERT duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: lease for address 2001:db8:abcd::1000 and iaid=1962703124 will be advertised
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97: SOLICIT (type 1) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:43   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0xa6ac97
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_SEND duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::e72:74ff:fefc:7914]:546 on interface igc0
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 expired on release
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_PD duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: prefix 2001:db8:abcd:ff00::/64 for iaid=1962703124 was released properly
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA_EXPIRED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: binding for address 2001:db8:abcd::1000 and iaid=1962703124 expired on release
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.leases.0x3be0e826e008] DHCP6_RELEASE_NA duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: binding for address 2001:db8:abcd::1000 and iaid=1962703124 was released properly
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.packets.0x3be0e826e008] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e: RELEASE (type 8) received from fe80::e72:74ff:fefc:7914 to ff02::1:2 on interface igc0
2026-02-13T08:24:42   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e826e008] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:0c:72:74:fc:79:14], [no hwaddr info], tid=0x690c2e
2026-02-13T08:23:36   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x3be0e825c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x3be0e825c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3be0e825c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T08:23:36   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x3be0e825c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T08:23:36   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x3be0e825c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T08:23:36   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T08:23:36   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x41a353c5c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-13T08:23:25   Notice   kea-dhcp6    add route 2001:db8:abcd:ff00::/64 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:abcd::/48
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 2 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x41a353c5c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x41a353c5c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x41a353c5c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:abcd::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-13T08:23:25   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x41a353c5c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-13T08:23:25   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x41a353c5c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-13T08:23:25   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x309d9c65c008] DHCP6_SHUTDOWN server shutdown
2026-02-13T08:23:25   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x309d9c65c008] COMMAND_RECEIVED Received command 'shutdown'
   

#4
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 07:01:03 PM
Thank you. Maybe one suggestion: in the KEA documentation of OPNsense, the example for prefix delegation shows a delegated length of 56. It might be worthwhile to mention that there may be systems that require 64 as a delegation length.
#5
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 06:17:56 PM
Dear Naurice and Cedrik, once again many thanks for your support and comments. It *seems* to work now with KEA with GUA + Legacy Track Interface + RA without configuration active for LAN. There were two things needed: 1) the route must be set up; this is now working fine after the patch and 2) I originally set the delegated length in KEA to a value lower than 64, knowing that Fritz needs at least 2 /64 prefixes. Then I read in some documentation that ISC DHCPv6 supplies prefixes in /64's; when I changed the delegated length in KEA to 64, also Fritz accepted the prefixes for both its guest and non-guest networks (the numbering is slightly different than in the ISC DHCPv6 case, but that doesn't matter.

It is running now for a few hours; maybe it is too early to give a definitive judgement, but I am alreay v ery happy about the result. Onve again, many thanks!
#6
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 01:57:31 PM
Quote from: Monviech (Cedrik) on February 12, 2026, 01:44:27 PMOkay so the routing from OPNsense to Fritzbox should be okay now.

Are you having Router Advertisements set up on OPNsense, so that the Fritzbox gets a default gateway advertised on the link its connected on (igc0).

I have is activated without specific settings per (V)LAN interfacve; I added a specific configuration for LAN and disabled it, so for LAN it should now be disabled. I did not notice any difference in behaviour in any of the systems.
#7
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 01:26:45 PM
Quote from: Monviech (Cedrik) on February 12, 2026, 11:47:19 AMYeah oops there was a typo in the link (commits instead of commit)

https://github.com/opnsense/core/commit/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a

Try this link, if it opens in your browser it will also work as patch.

The error disappeared, see log below. IPNsense seems to be OK, but Friz does not work with usual settings.

root@OPNsense:~ # netstat -rn -f inet6 | grep fd39                              fd39:e72c:9f6::1                  link#3                        UHS             lo0
fd39:e72c:9f6:8000::/56           fe80::e72:74ff:fefc:7914%igc0 UGS            igc0
fd39:e72c:9f6:ff00::/60           fe80::e72:74ff:fefc:7914%igc0 UGS            igc0

The 8000 entry is from an earlier, now stale and expired entry in the leases. Maybe I need to wait until this disappears; have rebooted everything several times, but still there.

Fritz reports:
Internet, IPv6   verbonden sinds 12-02-2026, 12:46 uur,
IPv6-adres: fd39:e72c:9f6:ff00:e72:74ff:fefc:7914/64, geldigheid: 2901/1401s
IPv6-prefix: fd39:e72c:9f6:ff00::/60, geldigheid: 2901/1401s

But in the IPv6 page it shows:
Gebruikte IPv6-prefixen:
Thuisnetwerk::/0
Netwerk voor gasten::/0
WANfd39:e72c:9f6:ff00::/64


A linux client in Fritz shows:
root@pluto:~# ip -6 route show
fd39:e72c:9f6:ff01::/64 dev eth0 proto ra metric 100 expires 6276sec mtu 1500 hoplimit 255 pref medium
fda9:2c7a:3760::/64 dev eth0 proto ra metric 100 expires 6656sec mtu 1500 hoplimit 255 pref medium
fda9:2c7a:3760::/64 via fe80::e72:74ff:fefc:7917 dev eth0 proto ra metric 100 expires 1256sec mtu 1500 hoplimit 255 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

Log after restart of KEA:
2026-02-12T13:18:55   Notice   kea-dhcp6    add route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914%igc0
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x30a0b085c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x30a0b085c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x30a0b085c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T13:18:55   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x30a0b085c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T13:18:55   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x30a0b085c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T13:18:55   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3ba6ee25c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T13:18:55   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3ba6ee25c008] COMMAND_RECEIVED Received command 'shutdown'
   

#8
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 11:36:07 AM
Quote from: Monviech (Cedrik) on February 12, 2026, 10:51:53 AMHello, thank you, could you test the above patch on 26.1.1?

Go into the opnsense root shell (same spot you e.g. executed netstat on OPNsense) and execute the following patch:

Code Select
opnsense-patch https://github.com/opnsense/core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a
Afterwards try to restart KEA, or reboot, and check if the route is added now.

I get:

root@OPNsense:~ # opnsense-patch https://github.com/opnsense/core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a
fetch: /var/cache/opnsense-patch/~core-core/commits/e4cc9e7f4d55f63f6669dcb2a81d21b53fa1117a: open(): No such file or directory
#9
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 10:33:23 AM
Quote from: Monviech (Cedrik) on February 12, 2026, 09:53:00 AMHello, which OPNsense version are you using right now?

I feel like the scope ID is missing here when adding the route, but I want to double check on which script version you run (since it changed recently)

If its 26.1.1, I think this could be the issue: https://github.com/opnsense/core/pull/9778

Thank you for your reply. This I copied from the Dashboard:

System Information
Name
OPNsense.internal
Versions
OPNsense 26.1.1-amd64
FreeBSD 14.3-RELEASE-p8
OpenSSL 3.0.19

#10
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 12, 2026, 09:45:21 AM
Dear all, I decided to test KEA based on a static prefix and ULA prefix. I set up LAN as Static IPv6 and created a KEA configuration following the documentation. Fritz basically needs a /60. Subnet: fd39:e72c:09f6::/48; Pools: fd39:e72c:09f6::100-fd39:e72c:09f6::199; Prefix: fd39:e72c:09f6:ff00::; Prefix length: 56, Delegated length: 60. I tried some variations, also with Prefix/Delegated exactly as in the documentation (52/56), all with the same result.

I reooted both OPNsense and Fritz and saw initially some old reservations still being logged, so I let the system settle for a night and then agian rebooted both OPNsense and Fritz. Fritz reports IPv6 connection and /60 reservations properly, but fails to assign the /64 prefixes (ff00 and ff01) to the guest and non-guest networks as it would do in the ISC DHCPv6 case.

In OPNsense, I see a val;id lease for fd39:e72c:9f6:ff00:: pointing at the Fritz. However in the KEA log I see an error when restarting the service:

The "failed adding route" also appeared in my previous attempts:

2026-02-12T09:06:11   Error   kea-dhcp6    failed adding route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x3613cc25c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x3613cc25c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3613cc25c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T09:06:11   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x3613cc25c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T09:06:11   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x3613cc25c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T09:06:11   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T09:06:11   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x1d62b965c008] COMMAND_RECEIVED Received command 'shutdown'
2026-02-12T08:50:27   Error   kea-dhcp6    failed adding route fd39:e72c:9f6:ff00::/60 -> fe80::e72:74ff:fefc:7914
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_STARTED Kea DHCPv6 server version 3.0.2 started
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd39:e72c:9f6::/48
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_USING_SERVERID server is using server-id 00:01:00:87:31:1b:94:d4:64:62:66:2f:50:f0 and stores in the file /var/db/kea/kea-dhcp6-serverid
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 1 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/db/kea/kea-leases6.csv.2
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MEMFILE_DB opening memory file lease database: persist=true type=memfile universe=6
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.database.0x1d62b965c008] CONFIG_BACKENDS_REGISTERED the following config backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_FORENSIC_BACKENDS_REGISTERED the following forensic backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.hosts.0x1d62b965c008] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_LEASE_MGR_BACKENDS_REGISTERED the following lease backend types are available: memfile
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x1d62b965c008] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/run/kea/kea6-ctrl-socket
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igc0
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd39:e72c:9f6::/48 with params: valid-lifetime=4000, rapid-commit is false
2026-02-12T08:50:27   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcp6.0x1d62b965c008] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2026-02-12T08:50:27   Warning   kea-dhcp6    WARN  [kea-dhcp6.dhcpsrv.0x1d62b965c008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2026-02-12T08:50:27   Notice   kea-dhcp6    startup kea prefix watcher
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.dhcp6.0x3d5ad3a5c008] DHCP6_SHUTDOWN server shutdown
2026-02-12T08:50:27   Informational   kea-dhcp6    INFO  [kea-dhcp6.commands.0x3d5ad3a5c008] COMMAND_RECEIVED Received command 'shutdown'

A linux client (also rebooted) in Fritz non-guest network fails to set up a default route:

In OPNsense, I see:
netstat -rn -f inet6 | grep fd39
fd39:e72c:9f6::1                  link#3                        UHS             lo0

Please let me know if you need additional information.
#11
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 11, 2026, 09:00:15 PM
Thanks everyone for the detailed explanations and for pointing me to the KEA static PD documentation.

After working through the feedback and testing different approaches, my conclusion is that there are two valid and clean solutions for my use case with a downstream FritzBox:

1. Stay entirely within the ISP-provided global prefix and configure everything statically
In this model, OPNsense acts as a classic border router. The /48 is subnetted manually into /64s for LAN, VLANs, and a routed /64 toward the FritzBox. Router Advertisements are sufficient; no internal DHCPv6 server is required. This is very robust and avoids all PD lifecycle issues.

2. Use a locally generated ULA prefix for the FritzBox side and KEA DHCPv6
Here, the FritzBox receives IA_NA and IA_PD from KEA exactly as described in the documentation, but using ULAs instead of the ISP prefix. This cleanly avoids any dependency on the ISP PD lifecycle and keeps everything manageable through the OPNsense GUI.

For now, I'll keep my working legacy setup, but this gives me a clear migration path once ISC DHCPv6 is retired. Thanks again for the insights — especially around prefix ownership and lifecycle, which turned out to be the key point.
#12
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 11, 2026, 05:51:34 PM
Thanks for all the discussion so far — it helped clarify a lot. I wanted to summarize my situation and share some observations for others who might have similar setups:

Current Setup

My ISP provides a fixed /48 IPv6 prefix, anonymized: ( 2001:db8:abcd ::/48) that has been assigned to me for years.

On the OPNsense WAN (PPPoE), this prefix is delivered via DHCPv6-PD, and OPNsense relies on it to configure the global IPv6 address, default route, and delegated prefixes.

Internally, I run Track Interface + ISC DHCPv6 + RA on LAN and VLANs. Downstream devices (including a FritzBox managing its own guest and non-guest subnets) receive IPv6 addresses properly, and IPv6 routing works.

Why KEA / IA_PD did not work

KEA requires full static ownership of the prefix to assign delegated prefixes and manage routes.

Even though my /48 is "fixed" at the ISP level, it is still delivered dynamically via DHCPv6-PD. IA_PD with KEA cannot safely manage this prefix without risk of breaking downstream connectivity.

This is why earlier attempts to migrate to KEA with Identity Association and RA parameterization failed.

IPv4 vs IPv6 distinction

Fixed IPv4 works fine; OPNsense can assign it manually.

Fixed IPv6 is technically possible to test, but OPNsense may not route properly without DHCPv6-PD. The WAN address, default route, and RA to downstream networks may fail if the ISP expects dynamic PD delivery.

Future Considerations

For now, I will keep the current working setup (Track Interface + ISC DHCPv6 + RA).

Once ISC DHCPv6 is retired in OPNsense, I will need to explore:

Whether Static IPv6 can be safely used with a fixed /48 from my ISP.

Whether KEA could be configured to support this type of "fixed but delivered via DHCPv6-PD" scenario.
#13
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 11, 2026, 02:36:18 PM
Thanks for the explanation — there is one important detail in my setup that may change the assessment.

I do not receive a changing IPv6 prefix. My ISP (Freedom Internet NL) has assigned me a fixed (anonymized) 2001:db8:abcd ::/48 for years, which is also visible in their customer configuration, and I additionally have a static IPv4 address.

From an architectural perspective, this places my OPNsense much closer to an "ISP edge" than a typical residential dynamic-PD setup.

Given this, I would expect IA + KEA + RA with downstream PD (e.g. to a FritzBox) to work in principle. However, in practice only legacy Track Interface + ISC DHCPv6 behaves correctly.

This leads me to suspect interoperability gaps between KEA, RA, and downstream routers rather than a fundamental IPv6 design issue.
#14
26.1 Series / Re: IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 11, 2026, 01:21:29 PM
Thanks for the insight! To give some context, my home setup is designed primarily to segregate IoT devices and other traffic that I don't want in my home network into separate VLANs, so that all non‑trusted devices are kept outside of the main home network. This allows me to apply more granular firewalling, intrusion detection, logging and overall network management, which dictated the current topology.

Beyond this, there is an ambition to get IPv6 running as cleanly and reliably as possible. One might argue "if IPv4 works, why bother with IPv6?" — but for my use case, I want a consistent and future-proof setup, including autonomous operation of downstream routers like FritzBox.

My observation is that:

Using Track Interface + ISC DHCPv6 + basic RA, the FritzBox operates autonomously and reliably, with PD sub-delegation working for both guest and non-guest networks.

Attempts to replicate the same behavior with IA + KEA + parameterized RA have so far been fragile; small misconfigurations can break downstream IPv6 connectivity.

I'm sharing this to highlight that there are real-world home/own built domotica scenarios where OPNsense essentially behaves like an ISP, even with dynamic PD. It would be useful if future KEA/IA guidance explicitly addressed such use cases, so that advanced setups can migrate cleanly when ISC DHCPv6 is eventually deprecated.
#15
26.1 Series / IPv6 downstream router (FritzBox) requires OPNsense to behave like ISP
February 11, 2026, 11:33:36 AM
Topology

Code Select
ISP (DHCPv6-PD /48)
        │
        ▼
OPNsense (pppoe0, dhcp6c)
        │
Legacy Track Interface
(assign /64s via Prefix IDs)
        │
 ┌──────┼────────┐
 │      │        │
LAN   VLAN1    VLAN2
ID 0  ID 4     ID 6
 │
 ▼
    FritzBox
    ├─ non-guest (/64)
    └─ guest     (/64)
    (Fritz runs its own RA/DHCPv6/DNSv6)
Core requirement:
OPNsense must behave like an IPv6 ISP, so the downstream FritzBox can operate fully autonomously.
Working Setup (Stable)
  • Legacy Track Interface on all internal interfaces
  • ISC DHCPv6 enabled
  • Router Advertisements enabled (basic / unmanaged)
  • FritzBox internal DHCPv6 + DNSv6 enabled
Behavior:
  • OPNsense slices the ISP /48 using Prefix IDs
  • FritzBox successfully receives sub-delegated prefixes
  • Guest and non-guest IPv6 work reliably
  • Prefix renewals and reboots are handled cleanly
ISC DHCPv6 (Working, Anonymized)

Code Select
option dhcp6.domain-search "internal";
option dhcp6.rapid-commit;
default-lease-time 7200;
max-lease-time 86400;
authoritative;
subnet6 2001:db8:abcd::/64 {
  range6 2001:db8:abcd::1000 2001:db8:abcd::2000;
  option dhcp6.name-servers 2001:db8:abcd::1;
  # Prefix delegation to downstream router (FritzBox)
  prefix6 2001:db8:abcd:8000:: 2001:db8:abcd:ff00::/60;
}
This configuration:
  • Delegates prefixes cleanly
  • Automatically installs kernel routes
  • Aligns PD lifetimes with RA behavior
  • Allows FritzBox to act as a real downstream ISP customer
Attempted Setup (Problematic)
  • Identity Association (IA) addressing
  • KEA DHCPv6
  • Parameterized Router Advertisements
Despite many variations, this does not allow FritzBox to function autonomously.
Observed problems:
  • Delegated prefixes not reliably routed
  • Guest IPv6 disappears
  • IPv6 breaks when KEA is stopped/restarted
  • Removing PD pools breaks downstream IPv6 even though OPNsense still has global IPv6
  • FritzBox internal DHCPv6/DNSv6 cannot be enabled reliably
KEA DHCPv6 (Attempted, Anonymized)

Code Select
{
  "Dhcp6": {
    "interfaces-config": {
      "interfaces": [ "lan0" ]
    },
    "subnet6": [
      {
        "subnet": "2001:db8:abcd::/48",
        "pd-pools": [
          {
            "prefix": "2001:db8:abcd:ff00::",
            "prefix-len": 60,
            "delegated-len": 64
          }
        ],
        "reservations": [
          {
            "duid": "00:03:00:01:xx:xx:xx:xx:xx:xx",
            "ip-addresses": [ "2001:db8:abcd::2000" ]
          }
        ]
      }
    ]
  }
}
Even with variations:
  • PD routing is fragile or missing
  • RA behavior must be manually aligned
  • Downstream router does not behave as with ISC DHCPv6
Key Observation
FritzBox internal DHCPv6/DNSv6 only works when upstream behaves exactly like an ISP.
  • ✔ Track Interface + ISC DHCPv6 → Fritz autonomous
  • ✖ IA + KEA + RA → Fritz breaks or degrades
This suggests that either:
  • KEA lacks functionality needed for downstream routers, or
  • OPNsense's current KEA + IA + RA integration does not fully model ISP-like behavior
Questions / Migration Path
  • Is it currently possible to fully replace
     Track Interface + ISC DHCPv6 + basic RA
     with
     IA + KEA + RA
     while still supporting autonomous downstream routers?
  • Are PD pools mandatory in KEA for downstream routers?
  • Is the lack of automatic route installation for delegated prefixes a known limitation?
  • Is ISC DHCPv6 expected to remain for this use case, or is there a recommended migration path?
Summary
  • My setup is stable today
  • I am not looking for workarounds
  • I want to understand whether a clean KEA/IA migration path exists for "OPNsense as ISP" deployments
Any guidance from developers or users running downstream routers would be appreciated.
Pages1