24.1 - DHCP server moves to KEA - implications?

[Monju0525]

Open the ur config-OPNsense*.xml, the reservation uuid is unique per reservation and should have one subnet uuid if they belong to that subnet.

      </reservations>
          <reservation uuid="6a688941-02f8-46aa-abc6-8121fa434809">
            <subnet>7046c7cb-a9fb-4a50-8a49-3b6e77d42809</subnet>
            <ip_address>192.168.1.100</ip_address>
            <hw_address>90:a1:b1:c1:d1:e11</hw_address>
            <hostname/>
            <description/>
       </reservations>
   

[knaggsy2000]

> Personally, I don't think Kea is ready to be added to OPNsense at this time.

Fair enough, but stating 3 obvious points and concluding we should not ship it which means we will stop improving it in the first place is a bit strange IMHO.

If you meant to say it's not ready for your use your wording could benefit from improvements.

No disrespect, just stating the obvious (again).

Cheers,
Franco

As a software developer/engineer myself, when including new features that *typically* gets put into an alpha or beta build or some other testing environment - NOT the mainstream/stable one.  That is bad practice.  As for the "obvious" points, they were mainly from other users.

Kea IS CLEARLY not ready, as it can't replace the original ISC DHCP.

I can understand you want feedback, but you also see where I'm coming from right?  I can symbolise.

Please talk to me as an human being.

[knaggsy2000]

Open the ur config-OPNsense*.xml, the reservation uuid is unique per reservation and should have one subnet uuid if they belong to that subnet.

      </reservations>
          <reservation uuid="6a688941-02f8-46aa-abc6-8121fa434809">
            <subnet>7046c7cb-a9fb-4a50-8a49-3b6e77d42809</subnet>
            <ip_address>192.168.1.100</ip_address>
            <hw_address>90:a1:b1:c1:d1:e11</hw_address>
            <hostname/>
            <description/>
       </reservations>

But that shouldn't even required - as OPNsense is mainly a web-based OS.  Mentioned about his before.

[hansen97124]

below is an example of from the config file.

looks ok to me.  Still not sure why the reservations are being ignored.   The client camera is set to DHCP, as it should be.

Code Select Expand

<reservation uuid="de71a788-801a-450f-b238-9ed0c4ee8656">
            <subnet>19b11319-3d95-40c0-8668-56b15a05a6c0</subnet>
            <ip_address>192.168.1.241</ip_address>
            <hw_address>9c:8e:cd:1e:xx:xx</hw_address>
            <hostname>amcrest1080</hostname>
            <description>amcrest1080</description>
          </reservation>


(changed MAC address to xx:xx at the end.   No other changes made to the code.)

[Monju0525]

Hansen97124
Is it in between    <reservations> and  </reservations> tags?
Does the reservations show up in the kea reservation gui?
Are u sure the reservation subnet uuid is correct for your network?
Search on the subbnet uuid. 19b11319-3d95-40c0-8668-56b15a05a6c0

It should match ur network u declared earlier.

[hansen97124]

EDITED:  I Figured it out!!

Previously, I Had a problem with KEA DHCP reservations being ignored.  (several posts above)

Simple mistake.  For subnet I entered

192.168.1.0/24  instead of
192.168.1.1/24

I honestly thought it needed to be "zero" at the end, and not "one" for subnet name.   The docs section for KEA DHCP even uses 192.168.1.0/24 as the prime example.   

Maybe someone may be able to explain why mine has to be 192.168.1.1/24 in order to get reservations to work.  <please>   

Live and learn.   Back to using KEA DHCP. 

Thanks all for the help!!

[hansen97124]

Hansen97124

Search on the subbnet uuid. 19b11319-3d95-40c0-8668-56b15a05a6c0

It should match ur network u declared earlier.

It didn't match.  This was the major hint that I needed to get to the solution described in the post just above this one. 

Thanks again.

[EasyGoing1]

Hi and thanks for clarifications. If I use, let's say, MAC-reserved IPs for different IPs and not much more, what will the process of transition to KEA look like?

Install the new KEA plugin (?) and move (manually? automagically?) my current DHCP config to the new plugin?

Many thanks in advance.

I wrote a utility to make that migration painless.

https://github.com/EasyG0ing1/Migration

Mike

[EasyGoing1]

There were no plans for migrating the existing DHCP data to Kea as far as I now.

This certainly is a deal breaker. I do have more than 50 DHCP Static Mappings on about 20 VLANs. I am not really inclined to recreate all of them manually.

https://github.com/EasyG0ing1/Migration

[EasyGoing1]

I was about to make the switch in my home lab when I found you cannot even serve the domain name to clients. Sorry, that is not going to fly.

You assign the domain name to the subnet in the Kea service, though you are correct you cannot assign a domain name that is different for each static mapping. Though I'm not sure why anyone would want different domain names for IP addys that are on the same subnet...?

Also, check this out for migrating your statics

https://github.com/EasyG0ing1/Migration

[sbecker]

switching from isc to kea worked fine for me.
- as reported I could not continue using isc and kea in combination (I have different vlans)

In ISC DHCP it was possible to activate "Deny unknow Clients"

I'd imported all my subnets, settings and reservations, was about to make the switch when I noticed that this option was missing. Are there any plans to add it in the near future?

-the easiest way for me to solve: leave subnet / pools empty

[EasyGoing1]

switching from isc to kea worked fine for me.
- as reported I could not continue using isc and kea in combination (I have different vlans)

In ISC DHCP it was possible to activate "Deny unknow Clients"

I'd imported all my subnets, settings and reservations, was about to make the switch when I noticed that this option was missing. Are there any plans to add it in the near future?

-the easiest way for me to solve: leave subnet / pools empty

I didn't know this was an option ... I assumed that subnets were mandatory for Kea so that it knows which IP pools to draw from when an inbound request for an address happens where it gets a request for an IP address, looks at the subnet that it came from, matches that subnet to one that is defined in Kea, then pulls an IP address from one of those pools.  Are you saying that it will still do that correctly for multiple subnets without defining the subnet specifically within Kea?

[almodovaris]

And if you don't like neither, you may use dnsmasq. Yup, you can run both dnsmasq and unbound (on different ports), e.g. dnsmasq forwarding calls to unbound.

[sbecker]

I didn't know this was an option ... I assumed that subnets were mandatory for Kea so that it knows which IP pools to draw from when an inbound request for an address happens where it gets a request for an IP address, looks at the subnet that it came from, matches that subnet to one that is defined in Kea, then pulls an IP address from one of those pools.  Are you saying that it will still do that correctly for multiple subnets without defining the subnet specifically within Kea?

no. subnets need to be defined, but within the subnet page you can leave the pools section empty. in that case only predefined clients (reservations) are served. This is similar to "deny unknown clients" in isc.
Others asked to implement this option in kea but I do belive it is included that way.

[h3krn]

Hi all,

I'm not really sure where to post this, but for my own purposes I rewrote the `unbound_watcher.py` script to ingest DHCP leases from kea instead of dhcpd and create DNS registrations. This breaks dhcpd compatibility but for me it brings the added bonus that I now have synced DNS registation on both my HA opnsense nodes. It's far from perfect, but I hope someone finds this useful?

https://gist.github.com/h3krn/17c6610281e585d6b4efb43d1395802d

Grtz, Harm