Hi Christian, This requires further investigation. Please could you supply available logs for these 12 clients? In particular, it would be interesting to see the logs of the DISCOVER and OFFER for these clients. This log:
2024-11-11T09:02:27.438849+01:00 kea1 kea-dhcp4: INFO [kea-dhcp4.packets.140287699904192] DHCP4_PACKET_SEND [hwtype=1 b8:27:eb:12:96:74], cid=[01:b8:27:eb:12:96:74], tid=0x64e8d7d5: trying to send packet DHCPACK (type 5) from 10.0.30.111:67 to 255.255.255.255:68 on interface ens192 Shouldn't be possible when you set: "dhcp-socket-type": "udp". The 255.255.255.255:68 indicates the Kea server is trying to broadcast the response for some reason. It would also be interesting to see the output of the API command: config-get as this will show all of the parameters that are applied to that subnet. Finally, it would be interesting to see a packet capture of the exchange between one of these clients and the Kea server where this log message occurs. If you don't want to send this much detail to the public mailing list, you can send it to me offline: darren dot ankney at gmail dot com. Thank you, Darren Ankney On Tue, Nov 12, 2024 at 6:55 AM BÖSCH Christian <boe...@fhv.at> wrote: > > Hi Darren, > > > > There are about 380 different clients in 15 subnets in the log, and 12 of > these clients have this error. > > All of the clients with the error are in the same subnet. > > > > Best regards, Christian > > > > On 12.11.24, 12:23, "Kea-users" <kea-users-boun...@lists.isc.org> wrote: > > > > Hi Christian, > > Do other clients experience this permission denied or is it only this > single client? > > Thank you, > Darren Ankney > > On Mon, Nov 11, 2024 at 5:13 AM BÖSCH Christian <boe...@fhv.at> wrote: > > > > Hi Peter, > > > > > > > > All the dhcp requests are coming through a relay agent. > > > > So the server isn’t in the same broadcast domain. Therefore I’ve configured > > dhcp-socket-type to “udp” as it’s mentioned in the documentation you posted > > below: > > > > “Therefore, in deployments where the server does not need to provision the > > directly connected clients and only receives the unicast packets from the > > relay agents, the Kea server should be configured to use UDP sockets > > instead of raw sockets. “ > > > > > > > > BR, Christian > > > > > > > > On 11.11.24, 10:39, "Kea-users" <kea-users-boun...@lists.isc.org> wrote: > > > > > > > > Hi Christian, > > > > The incoming request was from 172.21.11.104, and the lease request is for > > > > 172.21.11.104. > > > > > > > > I don't know what the request packet contains, but Kea tries to send the > > reply > > > > to 255.255.255.255 - this is a Limited Scope Broadcast Address; unlike other > > > > types of broadcasts, packets sent to 255.255.255.255 do not pass through > > routers. > > > > Therefore, it's confined to the sender's local network segment. > > > > > > > > If the client with mac address b8:27:eb:12:96:74 is located in the same > > broadcast > > > > domain as the Kea server, you will need to define "dhcp-socket-type": "raw". > > > > > > > > See: > > https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp4-srv.html#interface-configuration > > > > > > > > /Peter > > > > ________________________________ > > > > From: "BÖSCH Christian" <boe...@fhv.at> > > To: "Kea-users@lists.isc.org" <kea-users@lists.isc.org> > > Sent: Monday, 11 November, 2024 09:40:40 > > Subject: Re: [Kea-users] error message > > > > > > > > Hi Peter, > > > > > > > > Dhcp-socket-type is: > > > > "dhcp-socket-type": "udp" > > > > > > > > Kea is running as user “_kea”, installed on debian with the subscriber > > package from isc in version 2.6.1. > > > > In general kea works, but some clients get this error. > > > > I’ve shared the config in this thread on the email before to Darren. > > > > > > > > Best regards, Christian > > > > > > > > On 10.11.24, 11:11, "Kea-users" <kea-users-boun...@lists.isc.org> wrote: > > > > > > > > Hi Christian, > > > > What is the value of "dhcp-socket-type" in your "interfaces-config" > > definition? > > > > > > > > Also, what users are you running Kea as? If Kea is not run as root, there > > may be > > > > permissions issues. > > > > > > > > > > -- > > ISC funds the development of this software with paid support subscriptions. > > Contact us at https://www.isc.org/contact/ for more information. > > > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > > > Kea-users mailing list > > Kea-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/kea-users > > > > -- > > ISC funds the development of this software with paid support subscriptions. > > Contact us at https://www.isc.org/contact/ for more information. > > > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > > > Kea-users mailing list > > Kea-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/kea-users > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
