[Kea-users] kea and stongswan dhcp not working Posteingang
Darren Ankney
darren.ankney at gmail.com
Mon Sep 11 10:26:18 UTC 2023
Hi,
Nothing jumps out at me here. I no nothing about strongswan, however.
I am curious about this setting change that you made:
force_server_address = yes
In what way did that cause Kea to "work"? What is the server address
that it is forcing? How does this break ISC DHCP?
Thank you,
Darren Ankney
On Sat, Sep 9, 2023 at 4:51 PM Sascha Marcel Hacker via Kea-users
<kea-users at lists.isc.org> wrote:
>
> I have a solution.
>
> This strongswan charon dhcp.conf is working:
> dhcp {
>
> # Always use the configured server address.
> # force_server_address = no
> force_server_address = yes
>
> # Derive user-defined MAC address from hash of IKE identity and send client
> # identity DHCP option.
> # identity_lease = no
>
> # Interface name the plugin uses for address allocation.
> # interface =
> interface = macvlan_vpn
>
> # Whether to load the plugin. Can also be an integer to increase the
> # priority of this plugin.
> load = yes
>
> # DHCP server unicast or broadcast IP address.
> # server = 255.255.255.255
>
> # Use the DHCP server port (67) as source port when a unicast server address
> # is configured.
> # use_server_port = no
> }
>
> !!!But the config is not compatible with isc-dhcp!!!
>
> Am Sa., 9. Sept. 2023 um 22:44 Uhr schrieb Sascha Marcel Hacker <smhrambo at googlemail.com>:
>>
>> With this charon dhcp.conf:
>> dhcp {
>>
>> # Always use the configured server address.
>> # force_server_address = no
>>
>> # Derive user-defined MAC address from hash of IKE identity and send client
>> # identity DHCP option.
>> # identity_lease = no
>>
>> # Interface name the plugin uses for address allocation.
>> interface = macvlan_vpn
>>
>> # Whether to load the plugin. Can also be an integer to increase the
>> # priority of this plugin.
>> load = yes
>>
>> # DHCP server unicast or broadcast IP address.
>> # server = 255.255.255.255
>>
>> # Use the DHCP server port (67) as source port when a unicast server address
>> # is configured.
>> # use_server_port = no
>> }
>>
>> I get this swanctl --log:
>> 09[IKE] peer requested virtual IP %any
>> 09[CFG] sending DHCP DISCOVER for 7a:a7:81:22:c3:6e to 255.255.255.255
>> 09[IKE] authentication of '10.13.17.1' with EAP successful
>> 09[CFG] received DHCP OFFER 10.13.11.201 from 10.13.11.1
>> 09[CFG] sending DHCP REQUEST for 10.13.11.201 to 10.13.11.1
>> 09[CFG] sending DHCP REQUEST for 10.13.11.201 to 10.13.11.1
>> 13[MGR] ignoring request with ID 6, already processing
>> 12[MGR] ignoring request with ID 6, already processing
>> 09[CFG] sending DHCP REQUEST for 10.13.11.201 to 10.13.11.1
>> 07[MGR] ignoring request with ID 6, already processing
>> 09[CFG] sending DHCP REQUEST for 10.13.11.201 to 10.13.11.1
>> 09[CFG] sending DHCP REQUEST for 10.13.11.201 to 10.13.11.1
>> 14[MGR] ignoring request with ID 6, already processing
>> 09[CFG] DHCP REQUEST timed out
>> 09[IKE] no virtual IP found for %any requested by 'saschahacker'
>>
>> It seems to be that kea only answers 255.255.255.255 requests.
>> But after the offer it stops.
>>
>> Am Sa., 9. Sept. 2023 um 18:37 Uhr schrieb Khebchi Abdallah <a.khebchi at esi-sba.dz>:
>>>
>>> I mean something like 10.11.13.1 , i had similar issues after debuging i found out that kea do not respond to my brd addr
>>>
>>> On Sat, Sep 9, 2023, 5:35 PM Khebchi Abdallah <a.khebchi at esi-sba.dz> wrote:
>>>>
>>>> Use nc to send discover request on your server addr (broadcast) and confirm that it reply to it , if not change it to something like 10.11.1.1 in dhcp charon conf
>>>>
>>>> On Sat, Sep 9, 2023, 1:11 PM Sascha Marcel Hacker <smhrambo at googlemail.com> wrote:
>>>>>
>>>>> Here is my kea-dhcp4.conf
>>>>> {
>>>>> "Dhcp4": {
>>>>> # Global values
>>>>> "valid-lifetime": 4000,
>>>>> "renew-timer": 1000,
>>>>> "rebind-timer": 2000,
>>>>> "ip-reservations-unique": false,
>>>>>
>>>>> # Interfaces
>>>>> "interfaces-config": {
>>>>> "interfaces": [
>>>>> "macvlan_lan",
>>>>> "macvlan_device",
>>>>> "macvlan_nvr",
>>>>> "macvlan_dmz",
>>>>> "macvlan_guest",
>>>>> "macvlan_echo",
>>>>> "macvlan_printer",
>>>>> "macvlan_voip",
>>>>> "macvlan_media",
>>>>> "macvlan_vpn",
>>>>> "macvlan_iot",
>>>>> "macvlan_private"
>>>>> ]
>>>>> },
>>>>>
>>>>> # Logger
>>>>> "loggers": [
>>>>> {
>>>>> "name": "kea-dhcp4",
>>>>> "severity": "DEBUG",
>>>>> "debuglevel": 99,
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp4.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp4.bad-packets",
>>>>> "severity": "DEBUG",
>>>>> "debuglevel": 99,
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp4-bad.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp4.packets",
>>>>> "severity": "DEBUG",
>>>>> "debuglevel": 99,
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp4-package.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp4.dhcpsrv",
>>>>> "severity": "DEBUG",
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp4-dhcpsrv.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp4.leases",
>>>>> "severity": "DEBUG",
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp4-leases.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> }
>>>>> ],
>>>>>
>>>>> "authoritative": true,
>>>>> "dhcp-ddns": {
>>>>> "enable-updates": false
>>>>> },
>>>>>
>>>>> "option-def": [
>>>>> {
>>>>> "space": "dhcp4",
>>>>> "name": "local-hostname",
>>>>> "code": 224,
>>>>> "type": "string"
>>>>> }
>>>>> ],
>>>>>
>>>>> "subnet4": [
>>>>> # LAN Network
>>>>> {
>>>>> "id": 1,
>>>>> "subnet": "10.13.1.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.1.4, 10.13.1.1"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.1.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.1.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.1.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_lan",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.1.200 - 10.13.1.254"
>>>>> }
>>>>> ]
>>>>> },
>>>>>
>>>>> # DEVICE Network
>>>>> {
>>>>> "id": 2,
>>>>> "subnet": "10.13.3.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.3.1, 10.13.3.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "device.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.3.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.3.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.3.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_device",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.3.200 - 10.13.3.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # NVR Network
>>>>> {
>>>>> "id": 3,
>>>>> "subnet": "10.13.4.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.4.1, 10.13.4.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "nvr.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.4.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.4.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.4.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_nvr",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.4.200 - 10.13.4.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # DMZ Network
>>>>> {
>>>>> "id": 4,
>>>>> "subnet": "10.13.5.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.5.1, 10.13.5.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "dmz.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.5.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.5.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.5.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_dmz",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.5.200 - 10.13.5.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # Guest Network
>>>>> {
>>>>> "id": 5,
>>>>> "subnet": "10.13.6.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.6.1, 10.13.6.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "guest.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.6.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.6.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.6.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_guest",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.6.200 - 10.13.6.254"
>>>>> }
>>>>> ]
>>>>> },
>>>>>
>>>>> # Echo Network
>>>>> {
>>>>> "id": 6,
>>>>> "subnet": "10.13.7.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.7.1, 10.13.7.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "echo.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.7.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.7.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.7.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_echo",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.7.200 - 10.13.7.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # Printer Network
>>>>> {
>>>>> "id": 7,
>>>>> "subnet": "10.13.8.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.8.1, 10.13.8.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "printer.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.8.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.8.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.8.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_printer",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.8.200 - 10.13.8.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # VoIP Network
>>>>> {
>>>>> "id": 8,
>>>>> "subnet": "10.13.9.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.9.1, 10.13.9.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "voip.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.9.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.9.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.9.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_voip",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.9.200 - 10.13.9.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # Multimedia Network
>>>>> {
>>>>> "id": 9,
>>>>> "subnet": "10.13.10.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.10.1, 10.13.10.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "media.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.10.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.10.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.10.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_media",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.10.200 - 10.13.10.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # VPN Network
>>>>> {
>>>>> "id": 10,
>>>>> "subnet": "10.13.11.0/24",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.11.1, 10.13.11.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "vpn.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.11.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.11.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.11.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_vpn",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.11.200 - 10.13.11.254"
>>>>> }
>>>>> ]
>>>>> },
>>>>>
>>>>> # IoT Network
>>>>> {
>>>>> "id": 11,
>>>>> "subnet": "10.13.12.0/22",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.12.1, 10.13.12.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "iot.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.15.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.12.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.12.15, 10.13.12.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_iot",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.12.200 - 10.13.12.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> },
>>>>>
>>>>> # Private Network
>>>>> {
>>>>> "id": 12,
>>>>> "subnet": "10.13.16.0/20",
>>>>> "option-data": [
>>>>> {
>>>>> "name": "domain-name-servers",
>>>>> "data": "10.13.16.1, 10.13.16.4"
>>>>> },
>>>>> {
>>>>> "name": "domain-name",
>>>>> "data": "private.foo.bar"
>>>>> },
>>>>> {
>>>>> "name": "broadcast-address",
>>>>> "data": "10.13.31.255"
>>>>> },
>>>>> {
>>>>> "name": "routers",
>>>>> "data": "10.13.16.1"
>>>>> },
>>>>> {
>>>>> "name": "ntp-servers",
>>>>> "data": "10.13.16.1"
>>>>> }
>>>>> ],
>>>>> "interface": "macvlan_private",
>>>>> "pools": [
>>>>> {
>>>>> "pool": "10.13.16.200 - 10.13.16.254"
>>>>> }
>>>>> ],
>>>>> "reservations": [
>>>>> ...
>>>>> ]
>>>>> }
>>>>> ],
>>>>>
>>>>> "host-reservation-identifiers": [
>>>>> "hw-address"
>>>>> ]
>>>>> }
>>>>> }
>>>>>
>>>>> kea log:
>>>>> 2023-09-07 01:40:40.010 DEBUG [kea-dhcp4.options/23400.281473524985888] DHCP4_BUFFER_UNPACK parsing buffer received from 10.13.12.80 to 10.13.12.1 over interface macvlan_iot
>>>>> 2023-09-07 01:40:40.011 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 11, identified by hwaddr=XXXXXXXXXXXX
>>>>> 2023-09-07 01:40:40.011 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=XXXXXXXXXXXX
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_IDENTIFIER_HOST using identifier: hwaddr=XXXXXXXXXXXX, found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=XXXXXXXXXXXX, found 1 host(s)
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_HOST using subnet id 11 and identifier hwaddr=XXXXXXXXXXXX, found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.dhcp4/23400.281473524985888] DHCP4_CLASS_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: client packet has been assigned to the following class(es): KNOWN
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.dhcp4/23400.281473524985888] DHCP4_CLASS_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: client packet has been assigned to the following class(es): ALL, KNOWN
>>>>> 2023-09-07 01:40:40.012 DEBUG [kea-dhcp4.ddns/23400.281473524985888] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: processing client's Hostname option
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.ddns/23400.281473524985888] DHCP4_CLIENT_HOSTNAME_DATA [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: client sent Hostname option: HF-LPB100
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.ddns/23400.281473524985888] DHCP4_RESERVED_HOSTNAME_ASSIGNED [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: server assigned reserved hostname lead-ledpanel
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4 get all hosts with reservations for subnet id 11 and IPv4 address 10.13.12.80
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 10.13.12.80
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_ADDRESS4_HOST using address 10.13.12.80 found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.13.12.80, found 1 host(s)
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4_HOST using IPv4 subnet 11 and IPv4 address 10.13.12.80, found host: hwaddr=XXXXXXXXXXXX ipv4_subnet_id=11 hostname=LEAD-LEDPanel ipv4_reservation=10.13.12.80 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none)
>>>>> 2023-09-07 01:40:40.013 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS4_COUNT using IPv4 subnet 11 and IPv4 address 10.13.12.80, found 1 host(s)
>>>>> 2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.hosts/23400.281473524985888] HOSTS_MGR_ALTERNATE_GET_ALL_SUBNET_ID_ADDRESS4 trying alternate sources for hosts using subnet id 11 and address 10.13.12.80
>>>>> 2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.alloc-engine/23400.281473524985888] ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: extending lifetime of the lease for address 10.13.12.80
>>>>> 2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.ddns/23400.281473524985888] DHCP4_NCR_CREATE [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: DDNS updates enabled, therefore sending name change requests
>>>>> 2023-09-07 01:40:40.014 DEBUG [kea-dhcp4.options/23400.281473524985888] DHCP4_PACKET_PACK [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[no info], tid=0xabcd0ed3: preparing on-wire format of the packet to be sent
>>>>>
>>>>> charon dhcp:
>>>>> dhcp {
>>>>>
>>>>> # Always use the configured server address.
>>>>> # force_server_address = no
>>>>> force_server_address = yes
>>>>>
>>>>> # Derive user-defined MAC address from hash of IKE identity and send client
>>>>> # identity DHCP option.
>>>>> # identity_lease = no
>>>>>
>>>>> # Interface name the plugin uses for address allocation.
>>>>> # interface =
>>>>>
>>>>> # Whether to load the plugin. Can also be an integer to increase the
>>>>> # priority of this plugin.
>>>>> load = yes
>>>>>
>>>>> # DHCP server unicast or broadcast IP address.
>>>>> # server = 255.255.255.255
>>>>> server = 10.13.11.255
>>>>>
>>>>> # Use the DHCP server port (67) as source port when a unicast server address
>>>>> # is configured.
>>>>> # use_server_port = no
>>>>> }
>>>>>
>>>>> swanctrl --log (working isc-dhcp):
>>>>> 14[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 14[IKE] peer requested virtual IP %any
>>>>> 13[MGR] ignoring request with ID 6, already processing
>>>>> 14[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 14[CFG] received DHCP OFFER 10.13.11.245 from 10.13.11.1
>>>>> 14[CFG] sending DHCP REQUEST for 10.13.11.245 to 10.13.11.1
>>>>> 14[CFG] received DHCP ACK for 10.13.11.245
>>>>> 14[IKE] assigning virtual IP 10.13.11.245 to peer 'saschahacker'
>>>>>
>>>>> swanctrl --log (not working kea):
>>>>> 16[IKE] peer requested virtual IP %any
>>>>> 16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 15[MGR] ignoring request with ID 6, already processing
>>>>> 10[MGR] ignoring request with ID 6, already processing
>>>>> 16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 04[MGR] ignoring request with ID 6, already processing
>>>>> 16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 12[NET] received packet: from 10.13.17.1[4500] to 10.13.16.1[4500] (72 bytes)
>>>>> 12[IKE] received message ID 6, expected 7, ignored
>>>>> 16[CFG] sending DHCP DISCOVER for yy:yy:yy:yy:yy:yy to 10.13.11.255
>>>>> 06[MGR] ignoring request with ID 6, already processing
>>>>> 16[CFG] DHCP DISCOVER timed out
>>>>> 16[IKE] no virtual IP found for %any requested by 'saschahacker'
>>>>>
>>>>> Am Fr., 8. Sept. 2023 um 14:21 Uhr schrieb Darren Ankney <darren.ankney at gmail.com>:
>>>>>>
>>>>>> Hi Sascha,
>>>>>>
>>>>>> I assume you see discovers from other clients? Can you share your Kea
>>>>>> configuration? Be sure and redact any sensitive information. Can you
>>>>>> share some logs of a working client (understand you have no logs of
>>>>>> the Strongswan client)?
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Darren Ankney
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 8, 2023 at 7:36 AM Sascha Marcel Hacker via Kea-users
>>>>>> <kea-users at lists.isc.org> wrote:
>>>>>> >
>>>>>> > Hi, I migrated my home lab from isc-dhcp to kea.
>>>>>> > But now the strongswan DHCP module is not working.
>>>>>> > When I switch back to isc-dhcp it works as it should.
>>>>>> > I also added a kea debug logger for kea-dhcp4.bad-packets and kea-dhcp4.packet.
>>>>>> > But no DHCP DISCOVER from the strongswan server is logged.
>>>>>> >
>>>>>> > Both are on the same host.
>>>>>> >
>>>>>> > Any suggestions?
>>>>>> >
>>>>>> > thanks in advance
>>>>>> > Sascha
>>>>>> >
>>>>>> > Stronswan Version: 5.9.11 (self-compiled) and 5.9.5-2ubuntu2.1 (OS package)
>>>>>> > Kea Version: 2.2.0-5ubuntu4 (OS package)
>>>>>> > ISC DHCP Version: 4.4.1-2.3ubuntu2.4 (OS package)
>>>>>> > OS: Ubuntu 23.04
>>>>>> > Platform: arm64
>>>>>> > --
>>>>>> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>>> >
>>>>>> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>>> >
>>>>>> > Kea-users mailing list
>>>>>> > Kea-users at lists.isc.org
>>>>>> > https://lists.isc.org/mailman/listinfo/kea-users
>>>>>> --
>>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>>>
>>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>>>
>>>>>> Kea-users mailing list
>>>>>> Kea-users at lists.isc.org
>>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list