Not sure what version you are running but see following links for Kea
documentation around TLS, cert-required, agent and kea-shell:
cert-required - this boolean parameter allows a server to not require the
client certificate. Its default value is true, which means the client
certificate is
And confirmed, with the switch to 2.5.6, I can see two separate entries as
expected.
Thank you !
Marek
-Original Message-
From: Marek Hajduczenia
Sent: Wednesday, March 13, 2024 2:17 PM
To: 'Kea user's list'
Subject: RE: [Kea-users] KEA Option 17 structure (example)
Thanks, Darren
Interesting. I had assumed they were supplemental and not necessarily
conflicting (IE that the certificate provided encrypted transmission and
not necessarily authentication like a web-browser.) I was also under the
guidance of the HA required certificates, although in cursory testing at
the
When “cert-required” is set to true, you must provide a client certificate and
key to authenticate. A client cert is not required for using TLS connection (a
server cert is). The client cert can be used in lieu of username/password. In
the case of kea-shell, this is done with —cert and —key
I appreciate the suggestion. It might be worth noting that documentation
should include -u for authentication headers IMO, not that I'm expert.
curl (and telnet) to the server's DNS address has the connection refused
(to http and https to FQDN or localhost) but by ip address almost works:
"Empty
Hi,
You might try using "curl" as shown here:
https://kea.readthedocs.io/en/kea-2.4.1/arm/ctrl-channel.html#using-the-control-channel
I know very little about SSL, but `--insecure` added to the curl
command line will cause it to not check validity of certificates. You
can also specify cert
Thanks for the reply Rick. In this deployment I have specified in the
control agent conf:
"cert-required": true,
"trust-anchor": "Certificate_Autority.pem",
"cert-file": "ca1_cert.pem",
"key-file": "ca1_key.pem",
all pointing to self signed certs created with the help of (basically) the
script I
I believe that error indicates your Kea server requires a client certificate.
Per Kea documentation, the config parameter "cert-required” default is true.
Would indicate your server config didn’t set or is set to true and you did not
provide one in the sample command line. If you don’t
Hi Andy,
I altered my configuration to remove the pool and add the ip of
ens256. I was able to delete just one entry from the subnet as
before. Perhaps provide your configuration and all of your API
commands and I could try using your (slightly modified to match
interface) configuration? Here
Hi Marek,
Using Kea 2.4.0 with the attached configuration in my test lab with
perfdhcp (two virtual servers ... one for Kea and one for perfdhcp):
`perfdhcp -6 -r 1 -p 10 -l ens256 -R 1`
resulted in the attached .pcap file which shows both option 17
versions being attached to the packet. I
Hi Darren,
Thanks for taking the time to test this. I queried the API for the version and it says 2.4.1.
I am using the same config lines as you show below, with two exceptions:
On the interfaces, I have specified the address on eth1 that it is to listen on:
"interfaces-config": {
11 matches
Mail list logo
