Try taking out the “relay” clauses. I’ve never had to use those for DHCP6 relay, and I suspect that since your relay is sending the packets to the kea server via it’s link local address (fe80::…), it’s failing to match the “relay” statement.
Owen > On Feb 15, 2025, at 00:10, [email protected] wrote: > > Send Kea-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/kea-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Kea-users digest..." > > > Today's Topics: > > 1. Re: Not processing DHPCv6 Relayed requests (Geoff Sweet) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 15 Feb 2025 00:10:18 -0800 > From: Geoff Sweet <[email protected]> > To: "Kea user's list" <[email protected]> > Subject: Re: [Kea-users] Not processing DHPCv6 Relayed requests > Message-ID: > <CAPkbxkr9AXEH+f9Hc0e=upZHkhx=jwuymp8fhgdsu3uwrz2...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Thanks kindly there Darren, that did make a difference and solved part of > the problem. I also made a change in the configuration. Check this out, the > config is shared-network now and the debug logs clearly show that it now > receives the request and looks for a subnet. What is strange here is this > log entry: > > 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304] > ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK > duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907: > failed to allocate a lease in the shared network Site Subnets: 0 subnets > have no available leases, 15 subnets have no matching pools > > I don't know where it's getting that 15 subnets from. Or why it thinks > there are 0 subnets with available leases. By the way, that sentence is an > odd double negative. > > Anyway, I'm just throwing stuff against the wall in this config now. > Current subnet configuration and block of logs below: > > #### > Config > #### > "shared-networks": [ > { > "name": "Site Subnets", > "subnet6": [ > { > "id":6100, > "subnet":"2603:3023:62c:e101::/64", > "pools":[ { "pool":"2603:3023:62c:e101::1000 - > 2603:3023:62c:e101::ffff" } ], > "relay":{ > "ip-addresses":[ "2603:3023:62c:e101::1" ] > }, > "interface": "ens18" > }, > { > "id":6110, > "subnet":"2603:3023:62c:e110::/64", > "pools":[ { "pool":"2603:3023:62c:e110::1000 - > 2603:3023:62c:e110::ffff" } ], > "relay":{ > "ip-addresses":[ "2603:3023:62c:e110::1" ] > }, > "interface": "ens18" > }, > { > "id":6130, > "subnet":"2603:3023:62c:e130::/64", > "pools":[ { "pool":"2603:3023:62c:e130::1000 - > 2603:3023:62c:e130::ffff" } ], > "relay":{ > "ip-addresses":[ "2603:3023:62c:e130::1" ] > }, > "interface": "ens18" > }, > { > "id":6150, > "subnet":"2603:3023:62c:e150::/64", > "pools":[ { "pool":"2603:3023:62c:e150::1000 - > 2603:3023:62c:e150::ffff" } ], > "relay":{ > "ip-addresses":[ "2603:3023:62c:e150::1" ] > }, > "interface": "ens18" > }, > { > "id":6160, > "subnet":"2603:3023:62c:e160::/64", > "pools":[ { "pool":"2603:3023:62c:e160::1000 - > 2603:3023:62c:e160::ffff" } ], > "interface": "ens18" > } > ] > } > ], > > #### > Logfile of a request: > #### > > msg_type=SOLICIT (1), trans_id=0xe52907, > options: > type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7 > type=00006, len=00002: 82(uint16) > type=00008, len=00002: 23347 (uint16) > type=00014, len=00000: > type=00025(IA_PD), len=00041: iaid=0, t1=0, t2=0, > options: > type=00026(IAPREFIX), len=00025: prefix=::/64, preferred-lft=0, > valid-lft=0 > 1 relay(s): > relay[0]: msg-type=12(RELAY_FORWARD), hop-count=0, > link-address=2603:3023:62c:e101::1, peer-address=fe80::14fb:97ff:fe88:25a7, > 1 option(s) > type=00018, len=00004: 04:00:00:00 > > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304] > DHCP6_SUBNET_SELECTED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr > info], tid=0xe52907: the subnet with ID 6100 was selected for client > assignments > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304] > DHCP6_SUBNET_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], > tid=0xe52907: the selected subnet details: 2603:3023:62c:e101::/64 > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304] > HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using > identifier: hwaddr=16FB978825A7 > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304] > HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=16FB978825A7, > found 0 host(s) > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304] > HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using > identifier: duid=0003000116FB978825A7 > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304] > HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier > duid=0003000116FB978825A7, found 0 host(s) > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304] > DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr > info], tid=0xe52907: client packet has been assigned to the following > class: UNKNOWN > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304] > DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION > duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907: > client packet has been assigned to the following classes: ALL, UNKNOWN > 2025-02-14 23:49:15.069 DEBUG [kea-dhcp6.alloc-engine/9752.140223914522304] > ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available - trying > to dynamically allocate leases for client > duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907 > 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304] > ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK > duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907: > failed to allocate a lease in the shared network Site Subnets: 0 subnets > have no available leases, 15 subnets have no matching pools > 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304] > ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:03:00:01:16:fb:97:88:25:a7], > [no hwaddr info], tid=0xe52907: no pools were available for the lease > allocation > 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304] > ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:03:00:01:16:fb:97:88:25:a7], > [no hwaddr info], tid=0xe52907: Failed to allocate an IPv6 address for > client with classes: ALL, UNKNOWN > 2025-02-14 23:49:15.069 DEBUG [kea-dhcp6.options/9752.140223914522304] > DHCP6_ADD_STATUS_CODE_FOR_IA duid=[00:03:00:01:16:fb:97:88:25:a7], [no > hwaddr info], tid=0xe52907: adding Status Code to IA with iaid=0: > NoPrefixAvail(6) "Sorry, no prefixes could be allocated." > 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304] > DHCP6_CLASSES_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr > info], tid=0xe52907: client packet has been assigned on SOLICIT message to > the following classes: ALL, UNKNOWN > 2025-02-14 23:49:15.070 INFO [kea-dhcp6.packets/9752.140223914522304] > DHCP6_PACKET_SEND duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], > tid=0xe52907: trying to send packet ADVERTISE (type 2) from > [2603:3023:62c:e160::11]:547 to [2603:3023:62c:e160::1]:547 on interface > ens18 > 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.packets/9752.140223914522304] > DHCP6_RESPONSE_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], > tid=0xe52907: responding with packet ADVERTISE (type 2), packet details: > local_address=[2603:3023:62c:e160::11]:547, > remote_address=[2603:3023:62c:e160::1]:547, > msg_type=ADVERTISE (2), trans_id=0xe52907, > options: > type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7 > type=00002, len=00014: 00:01:00:01:2f:37:1b:26:bc:24:11:80:c9:7a > type=00025(IA_PD), len=00056: iaid=0, t1=0, t2=0, > options: > type=00013, len=00040: NoPrefixAvail(6) "Sorry, no prefixes could be > allocated." > 1 relay(s): > relay[0]: msg-type=13(RELAY_REPLY), hop-count=0, > link-address=2603:3023:62c:e101::1, peer-address=fe80::14fb:97ff:fe88:25a7, > 1 option(s) > type=00018, len=00004: 04:00:00:00 > > > On Thu, Feb 13, 2025 at 11:29?AM Darren Ankney <[email protected]> > wrote: > >> Hi Geoff, >> >> You might need to specify your IP address on which to listen in your >> interfaces-config. You can check with the command: `ss -ulnp`. In >> the output, look what address is listed with 547. It might be your >> LLA for the interface. If it is that instead of your GLA for the >> interface, then you need to specify the address. Something like this: >> >> "interfaces-config": { >> "interfaces": [ >> "ens18/2001:db8::12" >> ] >> }, >> >> See here: >> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration >> >> Thank you, >> Darren Ankney >> >> On Tue, Feb 11, 2025 at 1:28?AM Geoff Sweet <[email protected]> wrote: >>> >>> Greetings everyone, >>> I have a Kea 2.6 installation that for the most part is going great. >> However, I'm not able to figure out the config to make it work with IPv6 >> relayed DHCPv6 requests. At the end of this email is my complete config. >> So, my firewall is doing all DHCP relaying. I can see via tcpdump that the >> request originates in the local subnet, is received by the firewall relay >> agent, forwards it to the subnet with the Kea server on it, and forwards >> it. On the Kea server itself I can see the request arrive for instance: >>> >>> 22:00:52.949059 IP6 (hlim 64, next-header UDP (17) payload length: 133) >> 2603:3023:62c:e160::1.547 > 2603:3023:62c:e160::11.547: [udp sum ok] dhcp6 >> relay-fwd (linkaddr=2603:3023:62c:e101::1 >> peeraddr=fe80::14fb:97ff:fe88:25a7 (interface-ID 04000000...) >> (relay-message (dhcp6 solicit (xid=4d2037 (elapsed-time 0) (client-ID >> hwaddr type 1 16fb978825a7) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/64 >> pltime:0 vltime:0)) (option-request opt_82) (rapid-commit)))) >>> >>> I'm not sure why the interface-ID is set the way it is. So opted to >> ignore it and instead focus on the linkaddr. But while the documentation >> mentions it, for the life of me I can NOT find a single example of how to >> configure it. So I'm kinda throwing things at the wall now. As you can see >> below. Can anyone offer any insight into what I am doing wrong? Also,could >> someone tell me if my loggers are configured correctly? They literally >> produce exactly the same output no matter what I do with severity and >> debuglevel. Part of the reason this is so frustrating to troubleshoot. >>> >>> Thanks everyone! >>> >>> ####### >>> kea-dhcpv6.conf >>> ####### >>> { >>> "Dhcp6": { >>> "renew-timer": 21600, >>> "rebind-timer": 43200, >>> "valid-lifetime": 86400, >>> "interfaces-config": { >>> "interfaces": [ >>> "ens18" >>> ] >>> }, >>> "lease-database": { >>> "type": "memfile", >>> "persist": true, >>> "name": "/var/lib/kea/dhcp6.leases" >>> }, >>> "option-data": [ >>> { >>> "name": "dns-servers", >>> "data": "2603:3023:62c:e101::10, 2603:3023:62c:e101::12" >>> }, >>> { >>> "name": "domain-search", >>> "data": "iotlab.loc" >>> } >>> ], >>> "dhcp-ddns": { >>> "enable-updates": true, >>> "server-ip": "127.0.0.1", >>> "server-port": 53001 >>> }, >>> "ddns-override-client-update": true, >>> "ddns-override-no-update": true, >>> "ddns-qualifying-suffix": "iotlab.loc", >>> "ddns-update-on-renew": true, >>> "subnet6": [ >>> # Home Subnet >>> { >>> "subnet": "2603:3023:62c:e101::/64", >>> "id": 6100, >>> "pools": [ >>> { >>> "pool": "2603:3023:62c:e101::1000 - 2603:3023:62c:e101::ffff" >>> } >>> ], >>> "relay": { >>> "linkaddr": [ "2603:3023:62c:e101::1" ] >>> } >>> }, >>> # DMZ Subnet >>> { >>> "subnet": "2603:3023:62c:e110::/64", >>> "id": 6110, >>> "pools": [ >>> { >>> "pool": "2603:3023:62c:e110::1000 - 2603:3023:62c:e110::ffff" >>> } >>> ], >>> "relay": { >>> "ip-addresses": [ "2603:3023:62c:e110::1" ] >>> } >>> }, >>> # IoT Subnet >>> { >>> "subnet": "2603:3023:62c:e130::/64", >>> "id": 6130, >>> "pools": [ >>> { >>> "pool": "2603:3023:62c:e130::1000 - 2603:3023:62c:e130::ffff" >>> } >>> ], >>> "relay": { >>> "ip-addresses": [ "2603:3023:62c:e130::1" ] >>> } >>> }, >>> # Guest Subnet >>> { >>> "subnet": "2603:3023:62c:e150::/64", >>> "id": 6150, >>> "pools": [ >>> { >>> "pool": "2603:3023:62c:e150::1000 - 2603:3023:62c:e150::ffff" >>> } >>> ], >>> "relay": { >>> "ip-addresses": [ "2603:3023:62c:e150::1" ] >>> } >>> }, >>> { >>> "subnet": "2603:3023:62c:e160::/64", >>> "id": 6160, >>> "interface": "ens18", >>> "pools": [ >>> { >>> "pool": "2603:3023:62c:e160::1000 - 2603:3023:62c:e160::ffff" >>> } >>> ] >>> } >>> ], >>> "loggers": [ >>> { >>> "name": "kea-dhcp6", >>> "severity": "DEBUG", >>> "debuglevel": "99", >>> "output_options": [ >>> { >>> "output": "/var/log/kea/dhcp6.log", >>> "maxver": 10 >>> } >>> ] >>> }, >>> { >>> "name": "kea-dhcp6.dhcpsrv", >>> "severity": "DEBUG", >>> "debuglevel": "99", >>> "output_options": [ >>> { >>> "output": "/var/log/kea/dhcp6-dhcpsrv.log", >>> "maxver": 10 >>> } >>> ] >>> }, >>> { >>> "name": "kea-dhcp6.leases", >>> "severity": "DEBUG", >>> "debuglevel": "99", >>> "output_options": [ >>> { >>> "output": "/var/log/kea/dhcp6-leases.log", >>> "maxver": 10 >>> } >>> ] >>> }, >>> { >>> "name": "kea-netconf", >>> "severity": "DEBUG", >>> "debuglevel": "99", >>> "output_options": [ >>> { >>> "output": "/var/log/kea/kea-netconf.log", >>> "maxver": 10 >>> } >>> ] >>> } >>> ] >>> } >>> } >>> >>> >>> >>> -- >>> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >>> >>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >>> >>> Kea-users mailing list >>> [email protected] >>> https://lists.isc.org/mailman/listinfo/kea-users >> -- >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >> >> Kea-users mailing list >> [email protected] >> https://lists.isc.org/mailman/listinfo/kea-users >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <https://lists.isc.org/pipermail/kea-users/attachments/20250215/75b9a13c/attachment.htm> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users > > > ------------------------------ > > End of Kea-users Digest, Vol 128, Issue 26 > ****************************************** -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
