[Kea-users] Configuration: Initial setup & verification
Ben Monroe
bendono at gmail.com
Sun Feb 4 07:31:11 UTC 2018
Hi all.
I think I have sorted it out now.
The reason that I could not verify that kea was listening on UDF port 67 is
because...
// Kea DHCPv4 server by default listens using raw sockets. This
ensures
// all packets, including those sent by directly connected clients
// that don't have IPv4 address yet, are received. However, if your
// traffic is always relayed, it is often better to use regular
// UDP sockets. If you want to do that, uncomment this line:
// "dhcp-socket-type": "udp"
I have not enabled this to check, but it seems reasonable.
Also, I assume that the DHCP test client that I tried was not compatible
with this raw socket implementation.
Finally, I noticed that while I had listed the DNS servers in the Dhcp4 /
option-data section, I only listed one of the DNS servers in the subnet4
section.
Fixing this resolved the missing DNS server issue.
Also, I found several useful ways to view the logs:
-cat /var/log/kea-dhcp4.log
-systemctl status kea-dhcp4 (only if setup to run as a service)
-journalctl -xfl -u kea-dhcp4
I apologize for the unnecessary noise.
Though if anyone has any corrections or useful advise, that is always
appreciated.
One thing that somewhat confused me was that "keactrl start" uses
/etc/kea/kea-dhcp4.conf, while the kea-dhcp4.service (in
/usr/lib/systemd/system/) points to kea.conf.
Since I had configured kea-dhcp4.conf, I needed to modify the .service file
to point to kea-dhcp4.conf instead of kea.conf.
Of course the actual name does not matter, but is there an intended
separate usage for kea.conf and kea-dhcp4.conf?
Best regards,
Ben Monroe
On Sat, Feb 3, 2018 at 7:35 PM, Ben Monroe <bendono at gmail.com> wrote:
> Hi.
> I installed Kea and configured the settings.
> It seems that it is working, but I am having trouble verifying it.
> What makes me suspicious is that client PCs are only receiving one of the
> two DNS server defined.
>
> Also, I have tried to verify the the following DHCP test client, but it
> fails to detect a response to the DHCP discover broadcast:
> https://blog.thecybershadow.net/2013/01/10/dhcp-test-client/
>
> dhcptest v0.7 - Created by Vladimir Panteleev
> https://github.com/CyberShadow/dhcptest
> Run with --help for a list of command-line options.
>
> Listening for DHCP replies on port 68.
> Type "d" to broadcast a DHCP discover packet, or "help" for details.
> d
> Sending packet:
> op=BOOTREQUEST chaddr=53:0D:B0:61:DF:4F hops=0 xid=2946C459 secs=0
> flags=8000
> ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
> 1 options:
> 53 (DHCP Message Type): discover
>
> [Me: After a bit of time, q to quit.]
> q
> Error on listening thread:
>
> Previously I was doing DHCP on the router, so I disabled that.
> There should not be any other DHCP servers on the network.
>
> I start the server:
> # keactrl start
> INFO/keactrl: Starting /usr/bin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
> INFO/keactrl: Starting /usr/bin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
> INFO/keactrl: Starting /usr/bin/kea-ctrl-agent -c
> /etc/kea/kea-ctrl-agent.conf
>
> Here is the status:
> # keactrl status
> DHCPv4 server: active
> DHCPv6 server: active
> DHCP DDNS: inactive
> Control Agent: active
> Kea DHCPv4 configuration file: /etc/kea/kea-dhcp4.conf
> Kea DHCPv6 configuration file: /etc/kea/kea-dhcp6.conf
> Kea DHCP DDNS configuration file: /etc/kea/kea-dhcp-ddns.conf
> Kea Control Agent configuration file: /etc/kea/kea-ctrl-agent.conf
> keactrl configuration file: /etc/kea/keactrl.conf
>
> I would expect that it would be listening on UDP port 67.
> But when I check, I cannot verify that.
> # netstat -tlpn
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> tcp 0 0 0.0.0.0:5355 0.0.0.0:*
> LISTEN 315/systemd-resolve
> tcp 0 0 127.0.0.1:8080 0.0.0.0:*
> LISTEN 436/kea-ctrl-agent
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN 318/sshd
> tcp6 0 0 :::5355 :::*
> LISTEN 315/systemd-resolve
> tcp6 0 0 :::22 :::*
> LISTEN 318/sshd
>
> Also, when I try to telnet to the DHCP server over port 67 (also tried 68)
> it is unsuccessful.
>
> The firewall is disabled on the server:
> # systemctl status iptables
> * iptables.service - Packet Filtering Framework
> Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled;
> vendor preset: disabled)
> Active: inactive (dead)
>
> This is my configuration file.
> I modified the default configuration file.
> I'm sure it can be improved, but I first want to confirm that it is
> generally working.
> Comments removed so as to keep the e-mail short.
>
> At this stage, it is hard to stay if it is working or now.
> Are there any best practices for testing?
> As mentioned above, the client PCs are receiving only one of the two DNS
> servers.
> Though the above DHCP test client is completely failing, so it may not
> even be functional.
> It would be great if someone more experience could help review this.
> The environment is Arch Linux.
>
> {
>
> "Dhcp4": {
> "interfaces-config": {
> "interfaces": [ "eth0" ]
> },
>
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/tmp/kea-dhcp4-ctrl.sock"
> },
>
> "lease-database": {
> "type": "memfile",
> "lfc-interval": 3600
> },
>
> "expired-leases-processing": {
> "reclaim-timer-wait-time": 10,
> "flush-reclaimed-timer-wait-time": 25,
> "hold-reclaimed-time": 3600,
> "max-reclaim-leases": 100,
> "max-reclaim-time": 250,
> "unwarned-reclaim-cycles": 5
> },
>
> "renew-timer": 900,
> "rebind-timer": 1800,
> "valid-lifetime": 3600,
>
> "option-data": [
> {
> "name": "domain-name-servers",
> "data": "10.10.10.250, 10.10.10.251"
> },
> {
> "code": 15,
> "data": "dono.local"
> },
>
>
> {
> "name": "domain-search",
> "data": "dono.local"
> },
>
> {
> "name": "boot-file-name",
> "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
> },
>
>
> {
> "name": "default-ip-ttl",
> "data": "0xf0"
> }
> ],
>
> "client-classes": [
> {
> "name": "voip",
> "test": "substring(option[60].hex,0,6) == 'Aastra'",
> "next-server": "192.0.2.254",
> "server-hostname": "hal9000",
> "boot-file-name": "/dev/null"
> }
> ],
>
> "subnet4": [
> {
> "subnet": "10.10.10.0/24",
> "pools": [ { "pool": "10.10.10.50 - 10.10.10.150" } ],
> "option-data": [
> {
> "name": "routers",
> "data": "10.10.10.254"
> },
> {
> "name": "domain-name-servers",
> "data": "10.10.10.250"
> }
> ],
>
> "reservations": [
> {
> "hw-address": "1a:1b:1c:1d:1e:1f",
> "ip-address": "192.0.2.201"
> },
>
> {
> "client-id": "01:11:22:33:44:55:66",
> "ip-address": "192.0.2.202",
> "hostname": "special-snowflake"
> },
>
>
> {
> "duid": "01:02:03:04:05",
> "ip-address": "192.0.2.203",
> "option-data": [ {
> "name": "domain-name-servers",
> "data": "10.1.1.202, 10.1.1.203"
> } ]
> },
>
> {
> "client-id": "01:12:23:34:45:56:67",
> "ip-address": "192.0.2.204",
> "option-data": [
> {
> "name": "vivso-suboptions",
> "data": "4491"
> },
> {
> "name": "tftp-servers",
> "space": "vendor-4491",
> "data": "10.1.1.202, 10.1.1.203"
> }
> ]
> },
>
> {
> "client-id": "01:0a:0b:0c:0d:0e:0f",
> "ip-address": "192.0.2.205",
> "next-server": "192.0.2.1",
> "server-hostname": "hal9000",
> "boot-file-name": "/dev/null"
> },
>
> {
> "flex-id": "'s0mEVaLue'",
> "ip-address": "192.0.2.206"
> }
> ]
> }
> ]
>
> },
>
> "Logging":
> {
> "loggers": [
> {
> "name": "kea-dhcp4",
> "output_options": [
> {
> "output": "/var/log/kea-dhcp4.log"
> }
> ],
> "severity": "INFO",
> "debuglevel": 0
> }
> ]
> }
> }
>
> Thank you,
> Ben Monroe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20180204/cfba41d9/attachment.htm>
More information about the Kea-users
mailing list