[Kea-users] Client connectivity problem

[Toby Walsh]

I've found what I think is the problem. I decoupled systemd and went
back to running keactrl myself and turned on verbose mode. In the
logs, when the client device is trying to obtain an IP from the table,
it uses the wrong hw-addr. Someone else is having the same problem it
seems, because google turned up this:

https://gist.github.com/jefferyharrell/0dc515a2d6a9bf639a5e6f8be03e01eb

Unlike that guy, I get no message about closing the hosts table. Mine
looks more like this:

2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.packets/4695]
DHCP4_SUBNET_DATA [hwtype=1 00:11:22:33:44:55], cid=[no info],
tid=0xfdc54451: the selected subnet details: 10.10.10.10/24
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4
reservation for subnet id 1, identified by hwaddr=001122334455
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
identifier: hwaddr=001122334455
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
hwaddr=001122334455, found 0 host(s)
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using
subnet id 199 and identifier hwaddr=001122334455
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.bad-packets/4695]
DHCP4_PACKET_DROP_0007 [hwtype=1 00:11:22:33:44:55],
cid=[01:00:11:22:33:44:55], tid=0x5f091348: failed to process packet:
DHCPv4 Option4AddrLst 5 has invalid length=19, must be divisible by 4.
2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.packets/3131]
DHCP4_BUFFER_WAIT waiting for next DHCPv4 packet with timeout 1000 ms

So, it's getting the correct subnet using a colon-separated MAC but
the next steps (presumably looking up the hosts table?) it's using a
stripped MAC, without colons, and failing to find any host reservation
and dropping the packet.

My hosts table was populated as per the "Tips about Host Reservations
in Kea 1.1" page, i.e. the dhcp_identifier field had
UNHEX(REPLACE('00:11:22:33:44:55', ':', '')) inserted in it. The type
of that field was varbinary(128). I can't unhex leaving the colons in,
and I'm not sure what format the Kea queries expect other than to go
off the examples on that page. But that might be the problem?

On top of my failure and this other guy's on github, there are several
examples using the HOSTS_CFG_GET keywords of people who did
successfully perform the lookups with colon-separated MACs. So I'm
wondering what the github and my config have done differently?




On 12 November 2016 at 11:13, Toby Walsh <walshtj at gmail.com> wrote:
> I have isolated this to something wrong with my database connection. I
> have strictly followed the instructions from "Tips about Host
> Reservations in Kea 1.1". I have a hosts table and a dhcp4_options
> table configured correctly. When I restart the kea-dhcp4 server the
> logs tell me the server is started correctly. I now have Kea set up to
> run under systemctl and those logs tell me that on restarting the
> server the lease database and the hosts database are opened. The lease
> database is correctly populated by Kea upon obtaining a lease. But the
> hosts database is not read and therefore neither is the dhcp4_options
> database, and dhcpdump shows requests by the test devices for an IP
> address but nothing happening and certainly Kea is quiet.
>
> On the other hand, if I specify the reservations manually in the
> kea.conf file using basic "hw-address" and "ip-address" fields both
> test devices I'm using successfully obtain an IP address.
>
> So what is different about the hosts table that I'm getting wrong? I
> have the same database name/user name/password that I use to manually
> populate/edit the tables. In the hosts table I'm populating:
>
> host_id
> dhcp_identifier (using UNHEX(REPLACE ... )
> dhcp_identifier_type (using 'hw-address' mapping)
> dhcp4_subnet_id
> ipv4_address (using INET_ATON(@my_desired_ip))
> hostname
>
> and that's it. No next_server, no dhcp4_server_hostname, no
> dhcp4_boot_file_name but I don't have those in the working kea.conf
> reservation either.
>
> In the dhcp4_options table I just have routers and DNS settings. I
> tried using option 5 and 6 for DNS but it seems irrelevant since the
> hosts table doesn't appear to be read anyway.
>
> Nothing else seems to stick out to me so any tips on getting
> mysql-backed Kea working would be great.
>
> Thanks.
>
> On 11 November 2016 at 21:14, Toby Walsh <walshtj at gmail.com> wrote:
>> This might not be a Kea problem, but switching my DHCP server to Kea
>> triggers it every single time. I have a small home network I'm
>> configuring. Topology looks like this:
>>
>> ESXi Ubuntu VM with various services <- ESXi pfSense VM -> Unifi
>> switch -> Unifi AP -> Android phone
>>
>> I started with pfSense's DHCP and each time I switch to it the network
>> works. I'm using Freeradius authentication on the Ubuntu VM and it
>> authenticates and there are no problems. When I switch off pfSense's
>> DHCP and switch on Kea with a host reservations (either in the conf
>> file or in mysql) the phone's wifi get's "connected, no internet" and
>> there is no connectivity (duh).
>>
>> I've tried specifying the routers option and the dns option in the
>> kea.conf. The dns I'm using google's 8.8.8.8 and 8.8.4.4 for testing
>> purposes. I did have bind running initially but eliminated that to
>> reduce variables. One thing of note is the routers option in kea.conf
>> seems to be overwritten. I'm (currently) setting:
>>
>> "subnet4": [
>> // ...
>> "option-data": [
>> {
>>   "name": "routers",
>>   "code": 3,
>>   "space": "dhcp4",
>>   "csv-format": true,
>>   "data": "pfSense's_ip_address"
>> },
>> // ...
>>
>> But per dhcpdump it's getting Ubuntu's IP, which is also the IP
>> populated in the code 54 server field. Maybe this is confusing the
>> phone, because when I run tcpdump on any of the hardware in the
>> topology chain there is traffic associated with the MAC of the phone
>> and it's even trying to look up google servers and
>> connectivitycheck.gstatic.com at times but it gets stuck and lost
>> within my subnet.
>>
>> My firewall rules are wide open so it's not getting blocked there, and
>> indeed the firewall logs nothing from the IP I'm assigning.
>>
>> So the only difference from my perspective is: pfSense's DHCP works
>> for my subnet, Kea's doesn't. What else am I missing?
>>
>> Thanks,
>> Toby