Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
24.7 KEA DHCP w/ HA
« previous
next »
Print
Pages: [
1
]
Author
Topic: 24.7 KEA DHCP w/ HA (Read 639 times)
DocGonzo74
Newbie
Posts: 30
Karma: 3
24.7 KEA DHCP w/ HA
«
on:
July 31, 2024, 01:03:17 am »
I was running into issues trying to migrate to KEA DHCP. It's still somewhat half-baked, but I have it working well enough for my purposes.
Word of caution. When you change something in KEA DHCP on your master node and a config sync happens, some settings get improperly changed on the backup. I'll highlight these as I walk through the install.
I did the whole configuration on the primary and then sync'd to the backup. All of this is done on the Primary .. i think I called it master earlier. Moving on.
Configure Control Agent:
I used my CARP IP address (local IP) and left it port 8000
Configure KEA DHCP > Settings
I leave it disabled until done. Then I disable the ISC instances and then enable the KEA DHCP. A PITA to change back when I'm testing, but it is what it is.
Interfaces,
I checked all my inside network interfaces (LAN, IoT, Guest, Lab). When I did this, I kept having issues where clients wouldn't get an address intermittently. I figured my CARP interface might help somehow.. I'm not sure how I got there, but when I assigned my CARP interface to the group, it started working. My CARP is directly connected between my firewalls.. no man in the middle worries there.. Unless my cats are up to something.
The valid lifetime (lease timer)
is set to 4000 by default. I feel that's too low. I'm running 7200. That said, I tried something like 28800 and a bunch of my IoT devices (camera, alarms) lost their leases and couldn't reconnect. I checked the leases, and the clients were reporting a 0 lease timer. I'm guessing the IoT devices are hard-coded to some lower number and they don't understand the longer lease time.
For High Availabliity,
check "Enabled". Here, you have to enter your full server name (PRIMARY.awesomeserver.com). I had this just set to PRIMARY and HA wouldn't work until I matched my hostname.
The next tab is Subnets
. I left this default and all kinds of oddness occurred. What I found is, by default, the option data is checked and the default values were hidden. When I unchecked this, I saw that KEA was giving my physical IP and not my virtual interface, so the default gateway was wrong. I also had to fix DNS and NTP. Kea assumes everything is in a single server configuration, so defaults match a non-HA environment.
Reservations.
I have about 100. There is a tool out there that will convert your ISC DHCP reservations to KEA dhcp reservations. It worked for me :
https://forum.opnsense.org/index.php?topic=39342.0
When you add new reservations, make sure you use the a1:b2:c3 format and not CAPS or -. I put some in manually with - and caps and they didn't work.
Finally HA peers
: This is another one that was part of HA working properly.. it's right there in the title.
You have to create both the PRIMARY and BACKUP HA peers and assign them the roles primary/standby. (Another thing I think is half-baked. The active node should consider itself the primary when it's the HA MASTER. It appears that the secondary is always considered secondary, regardless of it's current HA state.
When I first set this up, I assumed you only had to create the remote peer. I was looking over everything and said "why not".. set up both primary and secondary.. and poof. It worked.
I hope this helps someone set up KEA DHCP with HA on Opnsense. Figured I'd type it up, stream of consciousness style in case someone else is stuck like I was.
Logged
DocGonzo74
Newbie
Posts: 30
Karma: 3
Re: 24.7 KEA DHCP w/ HA
«
Reply #1 on:
July 31, 2024, 08:53:35 pm »
Moving this to the HA thread.. just noticed it again.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
24.7 KEA DHCP w/ HA