KEA DHCP

Started by Monju0525, February 05, 2024, 12:02:13 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 05, 2024, 12:02:13 AM Last Edit: February 05, 2024, 12:19:20 PM by Monju0525
I read the kea documents and I set my kea pool range to 10.59.11.215 to .220
But it still pickup the isc-dhcp static lease lan at  10.59.11.200. Both isc and kea are using the same lan interface.
Are there any good procedures?
February 05, 2024, 12:12:31 AM #1
!!! One server per interface, there's no way around it !!!

If you want to run KEA on an interface you need to disable ISC DHCP first on that interface
February 05, 2024, 03:34:12 AM #2 Last Edit: February 22, 2024, 05:41:46 PM by RedVortex
Quote from: newsense on February 05, 2024, 12:12:31 AM
!!! One server per interface, there's no way around it !!!

If you want to run KEA on an interface you need to disable ISC DHCP first on that interface

FWIW, I tried running KEA and ISC side-by-side, each on his own interface and I wasn't able to.

ISC bind to 0.0.0.0:67 whatever you do and that prevents KEA from starting. If you start KEA first, ISC will not complain and start anyways but it will take precedence and KEA will stop working and also not be able to restart once ISC is started.

From my tests, either you switch everything or you don't, I wasn't able to run them both properly. Even if you are able to run both, you'll conflict because ISC runs on 0.0.0.0:67.

https://forum.opnsense.org/index.php?topic=38215.msg187335#msg187335

https://forum.opnsense.org/index.php?topic=38215.msg188537#msg188537
February 05, 2024, 03:46:25 AM #3
Here's the situation you have even if you are able to start both services

Code Select
root@opnsense:~ # sockstat -4l -p 67
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
dhcpd    dhcpd      61078 13 udp4   *:67                  *:*
root     kea-dhcp4  964   14 udp4   192.168.22.1:67       *:*
root     kea-dhcp4  964   16 udp4   192.168.42.1:67       *:*
root     kea-dhcp4  964   18 udp4   192.168.62.1:67       *:*
root     kea-dhcp4  964   20 udp4   192.168.63.1:67       *:*

As you can see, this will not work. ISC always bind to *:67 whatever you do. They cannot co-exists.
February 05, 2024, 04:52:10 AM #4
Thanks. I guess during opnsense kea and isc configuration the client needs to have a static ip address and then switch later to a dynamic dhcp to verify that kea is being a dhcp server. Am I correct?
February 05, 2024, 05:45:28 AM #5
Quote from: RedVortex on February 05, 2024, 03:46:25 AM
Here's the situation you have even if you are able to start both services

Code Select
root@opnsense:~ # sockstat -4l -p 67
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
dhcpd    dhcpd      61078 13 udp4   *:67                  *:*
root     kea-dhcp4  964   14 udp4   192.168.22.1:67       *:*
root     kea-dhcp4  964   16 udp4   192.168.42.1:67       *:*
root     kea-dhcp4  964   18 udp4   192.168.62.1:67       *:*
root     kea-dhcp4  964   20 udp4   192.168.63.1:67       *:*

As you can see, this will not work. ISC always bind to *:67 whatever you do. They cannot co-exists.

They can, as long as you disable ISC DHCP on said interface before starting it in Kea. - in the screenshot it's the LAN one.

February 05, 2024, 05:48:30 AM #6
Quote from: Monju0525 on February 05, 2024, 04:52:10 AM
Thanks. I guess during opnsense kea and isc configuration the client needs to have a static ip address and then switch later to a dynamic dhcp to verify that kea is being a dhcp server. Am I correct?

Sure, you can do the migration with a static IP on the VLAN you're on, move back to DHCP after.

And you don't need to switch anything, there's a Leases tab that will show you what has been served already.
February 05, 2024, 12:21:38 PM #7
Newsense. Thanks I will give it a try.
February 05, 2024, 04:38:02 PM #8
Assigning a static ip and then do kea dhcp migration worked!
February 22, 2024, 04:45:02 PM #9 Last Edit: February 22, 2024, 04:56:53 PM by cprsn
Quote from: RedVortex on February 05, 2024, 03:46:25 AM
Here's the situation you have even if you are able to start both services

Code Select
root@opnsense:~ # sockstat -4l -p 67
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
dhcpd    dhcpd      61078 13 udp4   *:67                  *:*
root     kea-dhcp4  964   14 udp4   192.168.22.1:67       *:*
root     kea-dhcp4  964   16 udp4   192.168.42.1:67       *:*
root     kea-dhcp4  964   18 udp4   192.168.62.1:67       *:*
root     kea-dhcp4  964   20 udp4   192.168.63.1:67       *:*

As you can see, this will not work. ISC always bind to *:67 whatever you do. They cannot co-exists.

It seems to me this is still an unresolved issue.  I have disabled ISC on all but one interface and migrated the rest to Kea.  For this to work, I found I had to stop ISC entirely, restart Kea, then restart ISC.  Otherwise, the Kea log reports "Address already in use - is another DHCP server running?" errors.  If I then have to reboot opnsense (e.g. after firmware updates), it seems ISC will start before Kea and I will not have DHCP servers active on any of the interfaces except the one that I still have on ISC (Kea will report "address already in use" for the other interfaces).

Is the intent for now to support running ISC on some interfaces and Kea on others or are uses expected to migrate all interfaces to Kea?
February 22, 2024, 05:41:20 PM #10
Quote from: cprsn on February 22, 2024, 04:45:02 PM

It seems to me this is still an unresolved issue.  I have disabled ISC on all but one interface and migrated the rest to Kea.  For this to work, I found I had to stop ISC entirely, restart Kea, then restart ISC.  Otherwise, the Kea log reports "Address already in use - is another DHCP server running?" errors.  If I then have to reboot opnsense (e.g. after firmware updates), it seems ISC will start before Kea and I will not have DHCP servers active on any of the interfaces except the one that I still have on ISC (Kea will report "address already in use" for the other interfaces).

Is the intent for now to support running ISC on some interfaces and Kea on others or are uses expected to migrate all interfaces to Kea?

This is my experience, it is impossible to run both. franco also confirmed this earlier. ISC gets a hold of all interfaces and prevents KEA from binding to it, as you saw.

In my case, kea was missing too many features that I need before migrating (dhcp custom options for additional routes and also unbound DNS registration) which I rely on heavily thus preventing me from migrating the subnets that I could right away and keep the others on ISC.

For now, it's unfortunately all or nothing, not because of kea, but because ISC bind to all IPs as the output for sockstat shows and from what I read on ISC, it seems to be by design.

Kea however worked well in my case when I tested but unfortunately is missing too many things for me to migrate, yet.
March 01, 2024, 08:06:07 PM #11
I am just trying to migrate one VLAN from ICS to KEA but find out that ICS is binding *.67 s KEA is not able to start.
hope this will be solve soon so we could run both.
Print
Go Up Pages1
User actions