Hi Geoff,
You might need to specify your IP address on which to listen in your
interfaces-config. You can check with the command: `ss -ulnp`. In
the output, look what address is listed with 547. It might be your
LLA for the interface. If it is that instead of your GLA for the
interface, then you need to specify the address. Something like this:
"interfaces-config": {
"interfaces": [
"ens18/2001:db8::12"
]
},
See here:
https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration
Thank you,
Darren Ankney
On Tue, Feb 11, 2025 at 1:28 AM Geoff Sweet <thegorf+...@gmail.com> wrote:
>
> Greetings everyone,
> I have a Kea 2.6 installation that for the most part is going great.
> However, I'm not able to figure out the config to make it work with IPv6
> relayed DHCPv6 requests. At the end of this email is my complete config. So,
> my firewall is doing all DHCP relaying. I can see via tcpdump that the
> request originates in the local subnet, is received by the firewall relay
> agent, forwards it to the subnet with the Kea server on it, and forwards it.
> On the Kea server itself I can see the request arrive for instance:
>
> 22:00:52.949059 IP6 (hlim 64, next-header UDP (17) payload length: 133)
> 2603:3023:62c:e160::1.547 > 2603:3023:62c:e160::11.547: [udp sum ok] dhcp6
> relay-fwd (linkaddr=2603:3023:62c:e101::1 peeraddr=fe80::14fb:97ff:fe88:25a7
> (interface-ID 04000000...) (relay-message (dhcp6 solicit (xid=4d2037
> (elapsed-time 0) (client-ID hwaddr type 1 16fb978825a7) (IA_PD IAID:0 T1:0
> T2:0 (IA_PD-prefix ::/64 pltime:0 vltime:0)) (option-request opt_82)
> (rapid-commit))))
>
> I'm not sure why the interface-ID is set the way it is. So opted to ignore it
> and instead focus on the linkaddr. But while the documentation mentions it,
> for the life of me I can NOT find a single example of how to configure it. So
> I'm kinda throwing things at the wall now. As you can see below. Can anyone
> offer any insight into what I am doing wrong? Also,could someone tell me if
> my loggers are configured correctly? They literally produce exactly the same
> output no matter what I do with severity and debuglevel. Part of the reason
> this is so frustrating to troubleshoot.
>
> Thanks everyone!
>
> #######
> kea-dhcpv6.conf
> #######
> {
> "Dhcp6": {
> "renew-timer": 21600,
> "rebind-timer": 43200,
> "valid-lifetime": 86400,
> "interfaces-config": {
> "interfaces": [
> "ens18"
> ]
> },
> "lease-database": {
> "type": "memfile",
> "persist": true,
> "name": "/var/lib/kea/dhcp6.leases"
> },
> "option-data": [
> {
> "name": "dns-servers",
> "data": "2603:3023:62c:e101::10, 2603:3023:62c:e101::12"
> },
> {
> "name": "domain-search",
> "data": "iotlab.loc"
> }
> ],
> "dhcp-ddns": {
> "enable-updates": true,
> "server-ip": "127.0.0.1",
> "server-port": 53001
> },
> "ddns-override-client-update": true,
> "ddns-override-no-update": true,
> "ddns-qualifying-suffix": "iotlab.loc",
> "ddns-update-on-renew": true,
> "subnet6": [
> # Home Subnet
> {
> "subnet": "2603:3023:62c:e101::/64",
> "id": 6100,
> "pools": [
> {
> "pool": "2603:3023:62c:e101::1000 - 2603:3023:62c:e101::ffff"
> }
> ],
> "relay": {
> "linkaddr": [ "2603:3023:62c:e101::1" ]
> }
> },
> # DMZ Subnet
> {
> "subnet": "2603:3023:62c:e110::/64",
> "id": 6110,
> "pools": [
> {
> "pool": "2603:3023:62c:e110::1000 - 2603:3023:62c:e110::ffff"
> }
> ],
> "relay": {
> "ip-addresses": [ "2603:3023:62c:e110::1" ]
> }
> },
> # IoT Subnet
> {
> "subnet": "2603:3023:62c:e130::/64",
> "id": 6130,
> "pools": [
> {
> "pool": "2603:3023:62c:e130::1000 - 2603:3023:62c:e130::ffff"
> }
> ],
> "relay": {
> "ip-addresses": [ "2603:3023:62c:e130::1" ]
> }
> },
> # Guest Subnet
> {
> "subnet": "2603:3023:62c:e150::/64",
> "id": 6150,
> "pools": [
> {
> "pool": "2603:3023:62c:e150::1000 - 2603:3023:62c:e150::ffff"
> }
> ],
> "relay": {
> "ip-addresses": [ "2603:3023:62c:e150::1" ]
> }
> },
> {
> "subnet": "2603:3023:62c:e160::/64",
> "id": 6160,
> "interface": "ens18",
> "pools": [
> {
> "pool": "2603:3023:62c:e160::1000 - 2603:3023:62c:e160::ffff"
> }
> ]
> }
> ],
> "loggers": [
> {
> "name": "kea-dhcp6",
> "severity": "DEBUG",
> "debuglevel": "99",
> "output_options": [
> {
> "output": "/var/log/kea/dhcp6.log",
> "maxver": 10
> }
> ]
> },
> {
> "name": "kea-dhcp6.dhcpsrv",
> "severity": "DEBUG",
> "debuglevel": "99",
> "output_options": [
> {
> "output": "/var/log/kea/dhcp6-dhcpsrv.log",
> "maxver": 10
> }
> ]
> },
> {
> "name": "kea-dhcp6.leases",
> "severity": "DEBUG",
> "debuglevel": "99",
> "output_options": [
> {
> "output": "/var/log/kea/dhcp6-leases.log",
> "maxver": 10
> }
> ]
> },
> {
> "name": "kea-netconf",
> "severity": "DEBUG",
> "debuglevel": "99",
> "output_options": [
> {
> "output": "/var/log/kea/kea-netconf.log",
> "maxver": 10
> }
> ]
> }
> ]
> }
> }
>
>
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
