Hi Daniel, This looks similar to: https://gitlab.isc.org/isc-projects/kea/-/issues/3662 but perhaps not the same since you stated it happens regardless of socket type used. I suspect this might be happening due to some strangeness in the packet sent by nmap. Please try testing with perfdhcp (https://kea.readthedocs.io/en/stable/man/perfdhcp.8.html) instead. This may do a better job of simulating a proper DHCP client.
A simple command line to use with perfdhcp that would match `nmap -sU -p67 --script dhcp-discover AddressServer` would be: `perfdhcp -4 -r 1 -R 1 -p 2 AddressServer` The above will perform a 4-way exchange (DORA). If you only want the DISCOVER / OFFER part, then add `-i` to the command. If that still results in the DHCP4_PACKET_SEND_FAIL error, then your full configuration, debug log messages, and a packet capture will probably be needed to understand what is happening. Thank you, Darren Ankney On Tue, Dec 9, 2025 at 10:03 AM Daniel Garrapucho Levy <[email protected]> wrote: > > Greetings ! > > We just installed isc-kea in our server and configured it according to what > is instructed in the Documentation. > The server receives DHCP DISCOVERY packages, but it doesn't seem to be able > to send back any ACK response. > The only clue we have so far is the log file we configured for dhcp packets : > Given the following variables, this is what we get whenever we simulate a > DHCP Discovery broadcast with nmap > > AddressCliet: IP address of the client from which we run the tests > AddressServer: IP address of the server where Kea DHCP is installed > MACClient: MAC address of the client from which we run the tests. > > > Command used from the client: nmap -sU -p67 --script dhcp-discover > AddressServer > > DHCP4_BUFFER_RECEIVED received buffer from AddressClient:RandomPort to > AddressServer:67 over interface NetworkInterface > DHCP4_PACKET_RECEIVED [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: > DHCPDISCOVER (type 1) received from AddressClient to AddressServer on > interface NetworkInterface > DHCP4_PACKET_SEND [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: trying > to send packet DHCPOFFER (type 2) from AddressServer:67 to 255.255.255.255:68 > on interface NetworkInterface > DHCP4_PACKET_SEND_FAIL [hwtype=1 MACClient], cid=[no info], tid=0x624894ca: > failed to send DHCPv4 packet: pkt4 send failed: sendmsg() returned with an > error: Permission denied > > > We have already made sure that the subnet we have configured is using the > rigth network interface and we have opened both UDP ports 67/68 on the server > using ufw, but to no avail. Using udp or raw packets gives the same outcome. > > We also checked that the kea sockets directory is owned by user _kea:_kea > with mode 0755 > > This is the information of the server where Kea is installed > > > OS > Ubuntu 22.04.5 LTS > Kea version > 3.0.2 > Installation method > Package from Cloudsmith repository > > > And this is the configuration of the dhcp server service: > [Unit] > Description=ISC KEA IPv4 DHCP daemon > Documentation=man:kea-dhcp4(8) > Wants=network-online.target mariadb.service > Requires=kea-ctrl-agent.service > After=network-online.target mariadb.service mysql.service > > [Service] > ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf > RuntimeDirectory=kea > > [Install] > WantedBy=multi-user.target > > Any idea what can be wrong ? Many thanks for the hard work ! > > > Daniel Garrapucho Lévy > > Tècnic informàtic > > Departament de Física de la Matèria Condensada > Facultat de Física > Martí i Franquès, 1 > 08028 Barcelona > Despatx 344 > Email: [email protected] > > > > Aquest missatge, i els fitxers adjunts que hi pugui haver, pot contenir > informació confidencial o protegida legalment i s’adreça exclusivament a la > persona o entitat destinatària. Si no consteu com a destinatari final o no > teniu l’encàrrec de rebre’l, no esteu autoritzat a llegir-lo, retenir-lo, > modificar-lo, distribuir-lo, copiar-lo ni a revelar-ne el contingut. Si l’heu > rebut per error, informeu-ne el remitent i elimineu del sistema tant el > missatge com els fitxers adjunts que hi pugui haver. > > Este mensaje, y los ficheros adjuntos que pueda incluir, puede contener > información confidencial o legalmente protegida y está exclusivamente > dirigido a la persona o entidad destinataria. Si usted no consta como > destinatario final ni es la persona encargada de recibirlo, no está > autorizado a leerlo, retenerlo, modificarlo, distribuirlo o copiarlo, ni a > revelar su contenido. Si lo ha recibido por error, informe de ello al > remitente y elimine del sistema tanto el mensaje como los ficheros adjuntos > que pueda contener. > > This email message and any attachments it carries may contain confidential or > legally protected material and are intended solely for the individual or > organization to whom they are addressed. If you are not the intended > recipient of this message or the person responsible for processing it, then > you are not authorized to read, save, modify, send, copy or disclose any part > of it. If you have received the message by mistake, please inform the sender > of this and eliminate the message and any attachments it carries from your > account. > > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > [email protected] -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
