Thanks for the response. I do have another Kea DHCP server on the network, and I thought I only had it configured to listen on the interfaces that weren't on the main network, but it was configured to listen on all interfaces.
I've changed that, and when I have a chance to test again, I'll retest capturing tcpdump packets. To answer your one question about still not getting an IP, after turning the interface off and on, I never see the IP address populate through ifconfig or the graphical interface. I only see it once the DHCP Relay is turned back on. I'll report back when I'm able to test this again. -Ubence On Tue, Jul 23, 2024 at 12:01 AM DDFR | Ronald Blaas <[email protected]> wrote: > Hi, > > From what I am seeing in the tcpdump. > The Client is getting an IP and acknowledge this > > Look for the DORA process (Discover -> Offer -> Request -> Ack) > Looking in the dhcp-client_without_relay.txt I am seeing these steps. > > So DHCP is working 🙂 > > How do you conclude that your client did not get an IP ? > > As for the tcpdump with relay I did not see the DORA process. Only request > and ack . > > As for the server side tcpdump.. I was expecting to see the same DORA > process. > Are there any other DHCP servers in your network? (please check) > > Regards > > Ronald > > ------------------------------ > *From:* Kea-users <[email protected]> on behalf of Ubence > Quevedo <[email protected]> > *Sent:* Monday, July 22, 2024 12:54 > *To:* Kea user's list <[email protected]> > *Subject:* Re: [Kea-users] [EXTERNAL] Re: Need to have DHCP Relay in > order for Kea to work...? > > I tested over the weekend by turning the DHCP Relay off on the pfSense > gateway, and did a tcpdump on both the client and the server. > > I think I'm seeing the broadcasts from the client I was testing on the > server, and it *looks* like the client is receiving the response, but the > IP isn't getting assigned to the system. > > This is illustrated in the traffic from dhcp-client_without_relay.txt > and dhcp-server_without_relay.txt. > > As soon as I turned the DHCP Relay back on, the client properly got an IP > address which is illustrated in dhcp_with_relay.txt. > > Maybe I have something misconfigured in my Kea conf? I'm a bit baffled by > this since other broadcast traffic is working on my network. > > Any thoughts on what I should be looking at next or checking in my Kea > conf? > > -Ubence > > > On Fri, Jul 19, 2024 at 4:18 AM Ubence Quevedo <[email protected]> wrote: > > Thanks for the response and the link, it is very helpful. > > I'm seeing the DHCP relay traffic I would expect to see. > > I'm going to test over the weekend disabling the DHCP relay and see what I > see then. > > -Ubence > > On Thu, Jul 18, 2024 at 1:29 AM DDFR | Ronald Blaas <[email protected]> > wrote: > > A yes I see. > > You are using virtual interfaces. > This should work. > > As for relay, no you do not need relay as the DHCP server is configured > inside the same network. > > Like suggested by others you need to run a tcpdump to see what/if packets > are received by your dhcp server. > > An example would be: tcpdump -i eno2.11 port 67 or port 68 -e -n -vv > (source <https://unixhealthcheck.com/blog?id=433>) > > Should be run as root (or sudo) > > You should see some traffic from machines requesting DHCP > > > regards > > > Ronald Blaas > > > > > ------------------------------ > *From:* Kea-users <[email protected]> on behalf of Ubence > Quevedo <[email protected]> > *Sent:* Wednesday, July 17, 2024 13:30 > *To:* Kea user's list <[email protected]> > *Subject:* Re: [Kea-users] [EXTERNAL] Re: Need to have DHCP Relay in > order for Kea to work...? > > U ontvangt niet vaak e-mail van [email protected]. Meer informatie over > waarom dit belangrijk is <https://aka.ms/LearnAboutSenderIdentification> > Thanks for the response. > > Here are the interfaces configured on the server. eno2 is the main > interface [untagged] and then there is eno2.11 and eno2.12 respectively for > vlan 11 and 12: > eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.10.3 netmask 255.255.255.0 broadcast 192.168.10.255 > inet6 fe80::f604:def0:9990:a797 prefixlen 64 scopeid 0x20<link> > ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet) > RX packets 21002000 bytes 4720351435 (4.7 GB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 5775391 bytes 1207246387 (1.2 GB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > device interrupt 16 memory 0x51200000-51220000 > > eno2.11: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.11.3 netmask 255.255.255.0 broadcast 192.168.11.255 > inet6 fd19:e769:2155:aa4a:2ca5:722f:5815:fd88 prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:8123:1ebe:15d1:88a1 prefixlen 64 > scopeid 0x0<global> > inet6 fe80::1b5:af43:403b:d5d7 prefixlen 64 scopeid 0x20<link> > inet6 fd19:e769:2155:aa4a:8997:46a6:a4fc:ddbc prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:83de:c6c8:c181:5dbe prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:596c:3610:d7b4:1d18 prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:a2ed:50cf:5609:5e0e prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:bcfe:867f:4dc:c8f8 prefixlen 64 > scopeid 0x0<global> > inet6 fd19:e769:2155:aa4a:14a6:e870:b2ad:d2d9 prefixlen 64 > scopeid 0x0<global> > ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet) > RX packets 5820439 bytes 1191558319 (1.1 GB) > RX errors 0 dropped 11 overruns 0 frame 0 > TX packets 2733488 bytes 637055127 (637.0 MB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > eno2.12: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.12.3 netmask 255.255.255.0 broadcast 192.168.12.255 > inet6 fe80::fda3:7df7:98b0:d9e6 prefixlen 64 scopeid 0x20<link> > ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet) > RX packets 7737728 bytes 1816607005 (1.8 GB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 529891 bytes 125658614 (125.6 MB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > My interfaces in kea-dhcp4.conf are configured like: > "interfaces": [ "eno2/192.168.10.3","eno2.11/192.168.11.3","eno2.12/ > 192.168.12.3" ] > > This is why I'm a little baffled why I need the dhcp relay since all of > the interfaces should be listening on each vlan but aren't picking up the > traffic. > > Routing has been an issue on my network, which is related to another post > I'm going to make later with bridged interfaces and dhcp requests from VMs > to those bridged interfaces not getting IP addresses even though the server > is receiving the request but the client isn't acknowledging them for some > reason. > > -Ubence > > On Tue, Jul 16, 2024 at 11:52 PM DDFR | Ronald Blaas <[email protected]> > wrote: > > Hi > > Not really sure what you mean here: "has one interface that I've setup > with vlan interfaces" > > Like what has been said before, either the DHCP server has an IP address > in every IP subnet or you will have to make use of DHCP relay. > > The DHCP server must know from which network the DHCP request is coming > from. > > As for logging, if there is nothing in the log you must have a routing > problem (it is always routing 😋) > > > > Ronald > > ------------------------------ > *From:* Kea-users <[email protected]> on behalf of Ubence > Quevedo <[email protected]> > *Sent:* Tuesday, July 16, 2024 13:04 > *To:* Kea user's list <[email protected]> > *Subject:* Re: [Kea-users] [EXTERNAL] Re: Need to have DHCP Relay in > order for Kea to work...? > > U ontvangt niet vaak e-mail van [email protected]. Meer informatie over > waarom dit belangrijk is <https://aka.ms/LearnAboutSenderIdentification> > Thanks for all of the responses on this. > > The system that is the Kea DHCP server [an Ubuntu system] has one > interface that I've setup with vlan interfaces. > > I can access these other interfaces and verified through nmap that port 67 > is open on all interfaces. > > I can't seem to find any kind of ip helper option in the Unifi Controller > [v8.2.93 running on a virtual Ubuntu system]. > > I've reconfigured the DHCP Relay on the pfSense to point to all of the > interfaces, and I'm now seeing the traffic I'm expecting to see, which is > fine since. understand a little better of what might be going on. > > Just a little confused as to why the broadcast traffic for DHCP requests > doesn't seem to be picked up on the vlan interfaces on the server. > > I do have another question, but I'll put that in a separate post since it > doesn't seem to be related to this question at hand. > > -Ubence > > On Mon, Jul 15, 2024 at 6:59 AM Joe Craig <[email protected]> > wrote: > > Question about the setup. On the network switches that the DHCP requests > would hit first, do you have IP Helpers configured? In my experience that’s > what I’ve had to do to ensure that the packets make it to the DHCP server > without a DHCP Relay. I’m in an environment where I cannot deploy a DHCP > Relay service, so I am leveraging the IP Helpers on an L3 switch to forward > those requests. This is passing through an Cisco firewall and all that. > Hope that helps. > > > > Thanks, > > > > *Joseph Craig* > Systems Engineer > > > > > *From:* Kea-users <[email protected]> *On Behalf Of *DDFR | > Ronald Blaas > *Sent:* Monday, July 15, 2024 2:15 AM > *To:* [email protected] > *Subject:* [EXTERNAL] Re: [Kea-users] Need to have DHCP Relay in order > for Kea to work...? > > > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Not really sure how you have your network setup. > > > > But in my belief, if you want dhcp to work without RELAY you have to make > sure your DHCP server is directly connected to all the LANs. So your DHCP > server will need to have multiple Nics. > > > > Is there a particular reason you do not want to have a dhcp relay? > > > > I have a kinda similar setup and am using DHCP relay. It is operating as > expected and without problems. > > > > It is also wise to share the output of your log file with the error you > are receiving. > > Tis helps in pinpointing the problem. > > > > Regards > > > > > > Ronald > > > > > ------------------------------ > > *From:* Kea-users <[email protected]> on behalf of Ubence > Quevedo <[email protected]> > *Sent:* Monday, July 15, 2024 00:26 > *To:* [email protected] <[email protected]> > *Subject:* [Kea-users] Need to have DHCP Relay in order for Kea to > work...? > > > > U ontvangt niet vaak e-mail van [email protected]. Meer informatie over > waarom dit belangrijk is <https://aka.ms/LearnAboutSenderIdentification> > > Hi Everyone, > > > > I’ve been using Kea for just under a year for a home setup on a Linux > Ubuntu server. I switched from isc dhcp since it was end of life. My > setup has a lot of MAC address reservations with some general pools for > systems that don’t have IP reservations. > > > > I also have a few vlans set up with the reservations for devices on each > of the vlans. I’m using pfSense as my gateway with some Unifi equipment > that is vlan aware. > > > > I’m running into an issue and I’m not sure why and would love some advice > on how to look into this. > > > > I have the interfaces on the system setup that is running Kea, to > advertise on the untagged network [mostly some servers], vlan 11 [user > systems], and vlan12 [IoT devices]. > > > > I don’t have the firewall in pfSense to block traffic between these > networks yet, so they can all freely talk to each other. > > > > Even though I have my Kea configured to advertise on all of the interfaces > [untagged, 11, 12], I can’t seem to get anything to work unless I have the > DHCP Relay service setup on the pfSense device to redirect all DHCP traffic > to the Kea system’s untagged IP address [192.168.10.3]. > > > > I can verify through nmap that udp port 67 is running on all three > interfaces. > > > > If I turn off the DHCP Relay service, I was expecting the interfaces to > pick up on the DHCP requests from devices on all of these networks. > > > > This doesn’t happen and devices don’t get addresses. I’ve even watched > the logs I’ve split out and nothing is written for the duration that the > relay service is turned off. As soon as I turn it back on, I start seeing > traffic again. > > > > I’m running Kea 2.6.0. > > > > I’d love to turn the DHCP Relay off to then try to troubleshoot another > issue I’m having with bridging interfaces to VMs and then having the VM > interface assigned to a vlan other than the bridged interface. It seems to > work for something else I’m doing, but just trying to rule some things > out. Probably another post if I can figure out why the DHCP Relay seems to > need to be on. > > > > Any ideas why I need the DHCP Relay service on another device even though > all of the interfaces on each respective vlan are configured to listen for > dhcp requests? > > > > -Ubence > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users >
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
