24.7 HA with KEA DHCP

Started by DocGonzo74, July 31, 2024, 08:54:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 31, 2024, 08:54:12 PM
I was running into issues trying to migrate to KEA DHCP in my OpnSense HA environment. It's still somewhat half-baked, but I have it working well enough for my purposes.   

Word of caution.  When you change something in KEA DHCP on your master node and a config sync happens, some settings get improperly changed on the backup.  I'll highlight these as I walk through the install.

I did the whole configuration on the primary and then sync'd to the backup.   All of this is done on the Primary .. i think I called it master earlier.  Moving on.

Configure Control Agent:
I used my CARP IP address (local IP) and left it port 8000

Configure KEA DHCP > Settings
I leave it disabled until done.   Then I disable the ISC instances and then enable the KEA DHCP.  A PITA to change back when I'm testing, but it is what it is.

Interfaces,
I checked all my inside network interfaces (LAN, IoT, Guest, Lab). When I did this, I kept having issues where clients wouldn't get an address intermittently.  I figured my CARP interface might help somehow.. I'm not sure how I got there, but when I assigned my CARP interface to the group, it started working.   My CARP is directly connected between my firewalls.. no man in the middle worries there.. Unless my cats are up to something.

The valid lifetime (lease timer) is set to 4000 by default.   I feel that's too low.  I'm running 7200.  That said, I tried something like 28800 and a bunch of my IoT devices (camera, alarms) lost their leases and couldn't reconnect.   I checked the leases, and the clients were reporting a 0 lease timer.  I'm guessing the IoT devices are hard-coded to some lower number and they don't understand the longer lease time.


For High Availabliity,
check "Enabled".  Here, you have to enter your full server name (PRIMARY.awesomeserver.com).  I had this just set to PRIMARY and HA wouldn't work until I matched my hostname.


The next tab is Subnets.  I left this default and all kinds of oddness occurred.   What I found is, by default, the option data is checked and the default values were hidden.   When I unchecked this, I saw that KEA was giving my physical IP and not my virtual interface, so the default gateway was wrong.  I also had to fix DNS and NTP.  Kea assumes everything is in a single server configuration, so defaults match a non-HA environment.


Reservations.  I have about 100. There is a tool out there that will convert your ISC DHCP reservations to KEA dhcp reservations.  It worked for me : https://forum.opnsense.org/index.php?topic=39342.0

When you add new reservations, make sure you use the a1:b2:c3 format and not CAPS or -.  I put some in manually with - and caps and they didn't work.


Finally HA peers:  This is another one that was part of HA working properly.. it's right there in the title.

You have to create both the PRIMARY and BACKUP HA peers  and assign them the roles primary/standby.    (Another thing I think is half-baked.  The active node should consider itself the primary when it's the HA MASTER.  It appears that the secondary is always considered secondary, regardless of it's current HA state.   


When I first set this up, I assumed  you only had to create the remote peer.   I was looking over everything and said "why not".. set up both primary and secondary.. and poof.  It worked.




I hope this helps someone set up KEA DHCP with HA  on Opnsense.   Figured I'd type it up, stream of consciousness style in case someone else is stuck like I was.
August 14, 2024, 06:03:02 PM #1 Last Edit: August 21, 2024, 05:39:04 PM by Siggi
Update: The port chosen under control agend -> bind port must differ from the port given in the URL in Kea DHCPv4 -> HA Peers. I'm pretty sure I had the same ports there before 24.7.1. Now that the ports differ it works fine again.

------
Hi. I have an issue since upgrading to 24.7.1 where KeaDHCP is working stand-alone only.
I was running kea with HA for months now without any major problems. What I can see in the log is:

Code Select
ERROR [kea-dhcp4.dhcp4.0x1ee295012000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind']

I tried it with another port already. Before I was using 8000 and 8001 on the secondary device. Unfortunately port change doesn't help either.

Any ideas?

Thanks.
Print
Go Up Pages1
User actions