[Kea-users] kea and stongswan dhcp not working Posteingang
Sascha Marcel Hacker
smhrambo at googlemail.com
Sat Sep 9 12:10:43 UTC 2023
Here is my kea-dhcp4.conf
{
"Dhcp4": {
# Global values
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
"ip-reservations-unique": false,
# Interfaces
"interfaces-config": {
"interfaces": [
"macvlan_lan",
"macvlan_device",
"macvlan_nvr",
"macvlan_dmz",
"macvlan_guest",
"macvlan_echo",
"macvlan_printer",
"macvlan_voip",
"macvlan_media",
"macvlan_vpn",
"macvlan_iot",
"macvlan_private"
]
},
# Logger
"loggers": [
{
"name": "kea-dhcp4",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp4.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.bad-packets",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp4-bad.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.packets",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp4-package.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.dhcpsrv",
"severity": "DEBUG",
"output_options": [
{
"output": "/var/log/kea/dhcp4-dhcpsrv.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.leases",
"severity": "DEBUG",
"output_options": [
{
"output": "/var/log/kea/dhcp4-leases.log",
"maxver": 10
}
]
}
],
"authoritative": true,
"dhcp-ddns": {
"enable-updates": false
},
"option-def": [
{
"space": "dhcp4",
"name": "local-hostname",
"code": 224,
"type": "string"
}
],
"subnet4": [
# LAN Network
{
"id": 1,
"subnet": "10.13.1.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.1.4, 10.13.1.1"
},
{
"name": "broadcast-address",
"data": "10.13.1.255"
},
{
"name": "routers",
"data": "10.13.1.1"
},
{
"name": "ntp-servers",
"data": "10.13.1.1"
}
],
"interface": "macvlan_lan",
"pools": [
{
"pool": "10.13.1.200 - 10.13.1.254"
}
]
},
# DEVICE Network
{
"id": 2,
"subnet": "10.13.3.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.3.1, 10.13.3.4"
},
{
"name": "domain-name",
"data": "device.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.3.255"
},
{
"name": "routers",
"data": "10.13.3.1"
},
{
"name": "ntp-servers",
"data": "10.13.3.1"
}
],
"interface": "macvlan_device",
"pools": [
{
"pool": "10.13.3.200 - 10.13.3.254"
}
],
"reservations": [
...
]
},
# NVR Network
{
"id": 3,
"subnet": "10.13.4.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.4.1, 10.13.4.4"
},
{
"name": "domain-name",
"data": "nvr.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.4.255"
},
{
"name": "routers",
"data": "10.13.4.1"
},
{
"name": "ntp-servers",
"data": "10.13.4.1"
}
],
"interface": "macvlan_nvr",
"pools": [
{
"pool": "10.13.4.200 - 10.13.4.254"
}
],
"reservations": [
...
]
},
# DMZ Network
{
"id": 4,
"subnet": "10.13.5.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.5.1, 10.13.5.4"
},
{
"name": "domain-name",
"data": "dmz.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.5.255"
},
{
"name": "routers",
"data": "10.13.5.1"
},
{
"name": "ntp-servers",
"data": "10.13.5.1"
}
],
"interface": "macvlan_dmz",
"pools": [
{
"pool": "10.13.5.200 - 10.13.5.254"
}
],
"reservations": [
...
]
},
# Guest Network
{
"id": 5,
"subnet": "10.13.6.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.6.1, 10.13.6.4"
},
{
"name": "domain-name",
"data": "guest.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.6.255"
},
{
"name": "routers",
"data": "10.13.6.1"
},
{
"name": "ntp-servers",
"data": "10.13.6.1"
}
],
"interface": "macvlan_guest",
"pools": [
{
"pool": "10.13.6.200 - 10.13.6.254"
}
]
},
# Echo Network
{
"id": 6,
"subnet": "10.13.7.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.7.1, 10.13.7.4"
},
{
"name": "domain-name",
"data": "echo.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.7.255"
},
{
"name": "routers",
"data": "10.13.7.1"
},
{
"name": "ntp-servers",
"data": "10.13.7.1"
}
],
"interface": "macvlan_echo",
"pools": [
{
"pool": "10.13.7.200 - 10.13.7.254"
}
],
"reservations": [
...
]
},
# Printer Network
{
"id": 7,
"subnet": "10.13.8.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.8.1, 10.13.8.4"
},
{
"name": "domain-name",
"data": "printer.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.8.255"
},
{
"name": "routers",
"data": "10.13.8.1"
},
{
"name": "ntp-servers",
"data": "10.13.8.1"
}
],
"interface": "macvlan_printer",
"pools": [
{
"pool": "10.13.8.200 - 10.13.8.254"
}
],
"reservations": [
...
]
},
# VoIP Network
{
"id": 8,
"subnet": "10.13.9.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.9.1, 10.13.9.4"
},
{
"name": "domain-name",
"data": "voip.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.9.255"
},
{
"name": "routers",
"data": "10.13.9.1"
},
{
"name": "ntp-servers",
"data": "10.13.9.1"
}
],
"interface": "macvlan_voip",
"pools": [
{
"pool": "10.13.9.200 - 10.13.9.254"
}
],
"reservations": [
...
]
},
# Multimedia Network
{
"id": 9,
"subnet": "10.13.10.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.10.1, 10.13.10.4"
},
{
"name": "domain-name",
"data": "media.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.10.255"
},
{
"name": "routers",
"data": "10.13.10.1"
},
{
"name": "ntp-servers",
"data": "10.13.10.1"
}
],
"interface": "macvlan_media",
"pools": [
{
"pool": "10.13.10.200 - 10.13.10.254"
}
],
"reservations": [
...
]
},
# VPN Network
{
"id": 10,
"subnet": "10.13.11.0/24",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.11.1, 10.13.11.4"
},
{
"name": "domain-name",
"data": "vpn.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.11.255"
},
{
"name": "routers",
"data": "10.13.11.1"
},
{
"name": "ntp-servers",
"data": "10.13.11.1"
}
],
"interface": "macvlan_vpn",
"pools": [
{
"pool": "10.13.11.200 - 10.13.11.254"
}
]
},
# IoT Network
{
"id": 11,
"subnet": "10.13.12.0/22",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.12.1, 10.13.12.4"
},
{
"name": "domain-name",
"data": "iot.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.15.255"
},
{
"name": "routers",
"data": "10.13.12.1"
},
{
"name": "ntp-servers",
"data": "10.13.12.15, 10.13.12.1"
}
],
"interface": "macvlan_iot",
"pools": [
{
"pool": "10.13.12.200 - 10.13.12.254"
}
],
"reservations": [
...
]
},
# Private Network
{
"id": 12,
"subnet": "10.13.16.0/20",
"option-data": [
{
"name": "domain-name-servers",
"data": "10.13.16.1, 10.13.16.4"
},
{
"name": "domain-name",
"data": "private.foo.bar"
},
{
"name": "broadcast-address",
"data": "10.13.31.255"
},
{
"name": "routers",
"data": "10.13.16.1"
},
{
"name": "ntp-servers",
"data": "10.13.16.1"
}
],
"interface": "macvlan_private",
"pools": [
{
"pool": "10.13.16.200 - 10.13.16.254"
}
],
"reservations": [
...
]
}
],
"host-reservation-identifiers": [
"hw-address"
]
}
}
kea log:
2023-09-07 01:40:40.010 DEBUG [kea-dhcp4.options/23400.281473524985888]
DHCP4_BUFFER_UNPACK parsing buffer received from 10.13.12.80 to 10.13.12.1
over interface macvlan_iot
2023-09-07 01:40:40.011 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation
for subnet id 11, identified by hwaddr=XXXXXXXXXXXX
2023-09-07 01:40:40.011 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
identifier: hwaddr=XXXXXXXXXXXX
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_IDENTIFIER_HOST using identifier: hwaddr=XXXXXXXXXXXX,
found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel
ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty)
key=(empty) ipv6_reservations=(none)
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=XXXXXXXXXXXX,
found 1 host(s)
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_HOST using subnet id 11 and
identifier hwaddr=XXXXXXXXXXXX, found host: hwaddr=XXXXXXXXXXXX
ipv4_subnet_id=11 hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80
siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.dhcp4/23400.281473524985888]
DHCP4_CLASS_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: client packet has been assigned to the following class(es):
KNOWN
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.dhcp4/23400.281473524985888]
DHCP4_CLASS_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: client packet has been assigned to the following class(es):
ALL, KNOWN
2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.ddns/23400.281473524985888]
DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: processing client's Hostname option
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.ddns/23400.281473524985888]
DHCP4_CLIENT_HOSTNAME_DATA [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: client sent Hostname option: HF-LPB100
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.ddns/23400.281473524985888]
DHCP4_RESERVED_HOSTNAME_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no
info], tid=0xabcd0ed3: server assigned reserved hostname lead-ledpanel
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4 get all hosts with reservations for
subnet id 11 and IPv4 address 10.13.12.80
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address
10.13.12.80
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_ADDRESS4_HOST using address 10.13.12.80 found host:
hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel
ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty)
key=(empty) ipv6_reservations=(none)
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.13.12.80, found 1 host(s)
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4_HOST using IPv4 subnet 11 and IPv4
address 10.13.12.80, found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11
hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80 siaddr=(no)
sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4_COUNT using IPv4 subnet 11 and IPv4
address 10.13.12.80, found 1 host(s)
2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.hosts/23400.281473524985888]
HOSTS_MGR_ALTERNATE_GET_ALL_SUBNET_ID_ADDRESS4 trying alternate sources for
hosts using subnet id 11 and address 10.13.12.80
2023-09-07 01:40:40.014 DEBUG
[kea-dhcp4.alloc-engine/23400.281473524985888]
ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no
info], tid=0xabcd0ed3: extending lifetime of the lease for address
10.13.12.80
2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.ddns/23400.281473524985888]
DHCP4_NCR_CREATE [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: DDNS updates enabled, therefore sending name change requests
2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.options/23400.281473524985888]
DHCP4_PACKET_PACK [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info],
tid=0xabcd0ed3: preparing on-wire format of the packet to be sent
charon dhcp:
dhcp {
# Always use the configured server address.
# force_server_address = no
force_server_address = yes
# Derive user-defined MAC address from hash of IKE identity and send
client
# identity DHCP option.
# identity_lease = no
# Interface name the plugin uses for address allocation.
# interface =
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# DHCP server unicast or broadcast IP address.
# server = 255.255.255.255
server = 10.13.11.255
# Use the DHCP server port (67) as source port when a unicast server
address
# is configured.
# use_server_port = no
}
swanctrl --log (working isc-dhcp):
14[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
14[IKE] peer requested virtual IP %any
13[MGR] ignoring request with ID 6, already processing
14[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
14[CFG] received DHCP OFFER 10.13.11.245 from 10.13.11.1
14[CFG] sending DHCP REQUEST for 10.13.11.245 to 10.13.11.1
14[CFG] received DHCP ACK for 10.13.11.245
14[IKE] assigning virtual IP 10.13.11.245 to peer 'saschahacker'
swanctrl --log (not working kea):
16[IKE] peer requested virtual IP %any
16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
15[MGR] ignoring request with ID 6, already processing
10[MGR] ignoring request with ID 6, already processing
16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
04[MGR] ignoring request with ID 6, already processing
16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
12[NET] received packet: from 10.13.17.1[4500] to 10.13.16.1[4500] (72
bytes)
12[IKE] received message ID 6, expected 7, ignored
16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
06[MGR] ignoring request with ID 6, already processing
16[CFG] DHCP DISCOVER timed out
16[IKE] no virtual IP found for %any requested by 'saschahacker'
Am Fr., 8. Sept. 2023 um 14:21 Uhr schrieb Darren Ankney <
darren.ankney at gmail.com>:
> Hi Sascha,
>
> I assume you see discovers from other clients? Can you share your Kea
> configuration? Be sure and redact any sensitive information. Can you
> share some logs of a working client (understand you have no logs of
> the Strongswan client)?
>
> Thank you,
>
> Darren Ankney
>
>
> On Fri, Sep 8, 2023 at 7:36 AM Sascha Marcel Hacker via Kea-users
> <kea-users at lists.isc.org> wrote:
> >
> > Hi, I migrated my home lab from isc-dhcp to kea.
> > But now the strongswan DHCP module is not working.
> > When I switch back to isc-dhcp it works as it should.
> > I also added a kea debug logger for kea-dhcp4.bad-packets and
> kea-dhcp4.packet.
> > But no DHCP DISCOVER from the strongswan server is logged.
> >
> > Both are on the same host.
> >
> > Any suggestions?
> >
> > thanks in advance
> > Sascha
> >
> > Stronswan Version: 5.9.11 (self-compiled) and 5.9.5-2ubuntu2.1 (OS
> package)
> > Kea Version: 2.2.0-5ubuntu4 (OS package)
> > ISC DHCP Version: 4.4.1-2.3ubuntu2.4 (OS package)
> > OS: Ubuntu 23.04
> > Platform: arm64
> > --
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >
> > Kea-users mailing list
> > Kea-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/kea-users
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230909/04874fa3/attachment-0001.htm>
More information about the Kea-users
mailing list