[Kea-users] Relayed DHCP packets fail

Darren Ankney darren.ankney at gmail.com
Sat Nov 11 14:37:09 UTC 2023 

Hi Ben,

According to the 2.0.3 ARM, RFC 8357 is supported:
https://kea.readthedocs.io/en/kea-2.0.3/arm/dhcp4-srv.html?highlight=8357#supported-dhcp-standards

"Generalized UDP Source Port for DHCP Relay, RFC 8357: The Kea server
handles the Relay Agent Information Source Port sub-option in a
received message, remembers the UDP port, and sends back reply to the
same relay agent using this UDP port."

I did not find any bugs (closed or otherwise) reported in
https://gitlab.isc.org/isc-projects/kea regarding this.  Might you
perform a packet capture to check if the responses are sent to the
correct port on the relay the next time you try the upgrade?

Thank you,

Darren Ankney

On Fri, Nov 10, 2023 at 7:13 PM Brian Mulder <brian.mulder42 at gmail.com> wrote:
>
> Today I tried updating my firewall (pfSense) to the newest version (from 23.05.1 to 23.09). While the update was successful, all client DHCP requests began to fail. I use DHCP relay on the firewall to handle DHCP on multiple VLANs, which had been working flawlessly for multiple years.
>
> After some trouble shooting and packet comparisons, the only difference that I noticed was that the source port in the egress DHCP relay packet was static 67 in the previous version and random in the new update. Reverting the update fixed the issue.
>
> A search indicated that RFC 8357 allows the source port to be generalized for DHCP relay. I am using version 2.0.3 of Kea, which is a little old now. I will try to upgrade during an upcoming downtime window.
>
> In the meantime, what version of Kea implements RFC 8357?
> Until I can upgrade, are there any configuration options in 2.0.3 to handle relayed DHCP requests from ports other than 67?
>
> Best regards,
> Ben Monroe
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list