Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    switch over from ISC DHCP to Kea DHCP

    Scheduled Pinned Locked Moved DHCP and DNS
    71 Posts 19 Posters 25.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @netboy
      last edited by

      @netboy no it wasn't.. For all we know kea didn't even start..

      here you go - working

      boom.jpg

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • A
        ambrosios @johnpoz
        last edited by ambrosios

        @johnpoz said in switch over from ISC DHCP to Kea DHCP:

        @netboy But when they first released the "preview" I tested it and worked just fine if all you wanted to do was hand out an IP..

        If my network is more complicated then just needing IPs handed out, I may be grossly underestimating how complicated my network setup actually is. 🤣

        I'm no expert, but I think I know a good bit. ISC: defaults, single subnet, a few static IPs.... DHCP works fine. Switch to KEA and everything drops, never to be seen again.

        Granted I could spend more time on root cause, but I'm surprised to hear it worked for you. I may have to give it another go.

        Edit:
        I read the blog post. I'm dumb. Thanks for playing. I'll go get the cone of shame now.

        JKnottJ 1 Reply Last reply Reply Quote 0
        • P
          Patch @JKnott
          last edited by Patch

          @JKnott said in switch over from ISC DHCP to Kea DHCP:

          After going back to ISC, DHCP works again.

          Cool. So Kea DHCP is working as advertised

          From https://www.netgate.com/blog/netgate-adds-kea-dhcp-to-pfsense-plus-software-version-23.09-1

          the Kea implementation lacks the following DHCP server features:

          • Local DNS Resolver/Forwarder Registration for static and dynamic DHCP clients
          • Remote DNS server registration
          • DHCPv6 Prefix Delegation
          • High Availability Failover
          • Lease statistics/graphs
          • Custom DHCP options

          Note: If you have assigned hostnames to devices on your network using static leases, or rely on dynamic lease registration in DNS, switching to Kea DHCP results in those hostnames being ignored. The static lease configuration is kept, so switching back to ISC DHCP will restore the functionality.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @ambrosios
            last edited by

            @ambrosios said in switch over from ISC DHCP to Kea DHCP:

            I'm no expert, but I think I know a good bit. ISC: defaults, single subnet, a few static IPs.... DHCP works fine. Switch to KEA and everything drops, never to be seen again.

            I have multiple subnets and any device that lives here has a static mapped IPv4 address, other than my desktop computer and pfSense, both of which have a static configuration. After I noticed it failed, I even tried rebooting pfSense, but that made no difference.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @JKnott
              last edited by johnpoz

              @JKnott said in switch over from ISC DHCP to Kea DHCP:

              any device that lives here has a static mapped IPv4 address

              Well since preview of kea doesn't support those - no wonder it not working for you..

              So clearly you did not read the blog or the release notes..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @johnpoz
                last edited by

                @johnpoz said in switch over from ISC DHCP to Kea DHCP:

                So clearly you did not read the blog or the release notes..

                We're supposed to read??? 😉

                I'll just ignore the warnings. Hopefully this gets fixed before ISC is dropped.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @JKnott
                  last edited by

                  @JKnott said in switch over from ISC DHCP to Kea DHCP:

                  I'll just ignore the warnings.

                  You can turn the warning off.. It right there in the same place you switch to kea..

                  Hopefully this gets fixed before ISC is dropped.

                  This is nonsense - yeah netgate is going to drop isc before kea is even at parity with feature set of isc.. That makes no freaking sense at all..

                  If you would of read the info from ISC.. Its not going anywhere any time soon.. They are stopping development on it, so yeah its eol.. Their own wording - time to start thinking of moving.

                  https://www.isc.org/blogs/isc-dhcp-eol/

                  Does this mean ISC DHCP won’t work anymore?
                  No. The existing open source software will continue to function as it has, and current operators do not need to stop using ISC DHCP.

                  However, it is time to start thinking about a migration plan to a more modern system that is actively maintained.

                  If you have basic hey hand out an IP need for your dhcpd - then sure you can switch.. Maybe this is 90% of pfsense userbase for all I know.. Sure we get a few non reading users here complaining.. But for all we know a million users have clicked switch and have no issues at all in their environment

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  N JKnottJ 2 Replies Last reply Reply Quote 0
                  • N
                    netboy @johnpoz
                    last edited by

                    @johnpoz Based on the discussion it appears like Kea does not support static IP address (no I have not read the release notes) - am i right?

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @johnpoz
                      last edited by

                      @johnpoz said in switch over from ISC DHCP to Kea DHCP:

                      You can turn the warning off.. It right there in the same place you switch to kea.

                      That's what I did.

                      However, it is time to start thinking about a migration plan to a more modern system that is actively maintained.

                      If you have basic hey hand out an IP need for your dhcpd - then sure you can switch.. Maybe this is 90% of pfsense userbase for all I know.. Sure we get a few non reading users here complaining.. But for all we know a million users have clicked switch and have no issues at all in their environment

                      I use static mapped addresses so that I have consistent addresses.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @JKnott
                        last edited by

                        @JKnott said in switch over from ISC DHCP to Kea DHCP:

                        I use static mapped addresses so that I have consistent addresses.

                        What does that have to do with cost of tea in china? Great I use a lot of reservations as well - what part are you not understanding that kea does not support this in pfsense as of yet..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        N 1 Reply Last reply Reply Quote 0
                        • N
                          netboy @johnpoz
                          last edited by

                          @johnpoz said in switch over from ISC DHCP to Kea DHCP:

                          what part are you not understanding that kea does not support this in pfsense as of yet..

                          How do I interpret this statement?
                          Kea has no support for static address
                          OR
                          pfsense's kea implementation does not support static address NOW but will support later?

                          johnpozJ 1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator @netboy
                            last edited by johnpoz

                            @netboy the integration of kea into pfsense is not complete.. Kea has support for this feature and others.. it has just not been integrated into pfsense as of yet.

                            Why do you people have such a hard time reading documentation - if you have questions on what kea can do, just head over to isc and look at the docs for kea..

                            https://www.isc.org/kea/

                            https://kea.readthedocs.io/en/latest/index.html

                            One of the key benefits of pfsense is they have taken what services and applications that are normally configured via just .conf files, and wrapped a gui around it where you just select or fill info, which is then stored in an xml file, which then in turn this info is creates the .conf file needed..

                            If you want to run full blown kea on your network - just fire up something else and run it there - you just won't have an easy to use "gui" to configure it..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            N 2 Replies Last reply Reply Quote 1
                            • N
                              netboy @johnpoz
                              last edited by

                              @johnpoz said in switch over from ISC DHCP to Kea DHCP:

                              Why do you people have such a hard time reading documentation

                              Because we are lazy :-)

                              johnpozJ 1 Reply Last reply Reply Quote 1
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator @netboy
                                last edited by

                                @netboy with a sense of entitlement as well.. You come here and ask questions, when the info is .3 seconds away with a simple google..

                                https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#host-reservations-in-dhcpv4

                                So for example - here is some sample config

                                {
                                "subnet4": [
                                    {
                                        "id": 1,
                                        "pools": [ { "pool":  "192.0.2.1 - 192.0.2.200" } ],
                                        "subnet": "192.0.2.0/24",
                                        "interface": "eth0",
                                        "reservations": [
                                            {
                                                "hw-address": "1a:1b:1c:1d:1e:1f",
                                                "ip-address": "192.0.2.202"
                                            },
                                            {
                                                "duid": "0a:0b:0c:0d:0e:0f",
                                                "ip-address": "192.0.2.100",
                                                "hostname": "alice-laptop"
                                            },
                                            {
                                                "circuit-id": "'charter950'",
                                                "ip-address": "192.0.2.203"
                                            },
                                            {
                                                "client-id": "01:11:22:33:44:55:66",
                                                "ip-address": "192.0.2.204"
                                            }
                                        ]
                                    }
                                ],
                                }
                                

                                Why the kea integration into pfsense is "preview" is all the work that takes for your pretty gui and writes it for you into the kea configuration has not been done yet..

                                Not sure why I am surprised to be honest - I am an enabler it seems, where the correct answer to many of these questions should just be go RTFM you lazy F ;)

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • N
                                  netboy @johnpoz
                                  last edited by netboy

                                  @johnpoz said in switch over from ISC DHCP to Kea DHCP:

                                  Kea has support for this feature and others.. it has just not been integrated into pfsense as of yet.

                                  The "current:" message

                                  ISC DHCP has reached end-of-life and will be removed in a future version of Netgate pfSense Plus. Visit System > Advanced > Networking to switch DHCP backend.

                                  does not make it "explicit:" that pfsense kia has lmited functionality.

                                  Pfsenes must change the above message to something meaningful to say something to the effect "pfsense kea is in experimental stage and fully not implemented " - You need to look at the GUI and messages with a GENERAL USER hat not a NETWORK USER imho

                                  johnpozJ 1 Reply Last reply Reply Quote 2
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator @netboy
                                    last edited by

                                    @netboy dude pretty sure everyone agrees the wording could of been done a bit better.. Move on already.. This horse was dead long time ago - its time to stop kicking it.

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 1
                                    • W
                                      Wylbur @Gertjan
                                      last edited by

                                      @Gertjan -- Just commenting on your post relative to my questions on what changes -- Not asking for help just commenting relative to what you said.

                                      Lease statistics/graphs  I refer to these from time to time.
                                      

                                      "Note: If you have assigned hostnames to devices on your network using static leases, or rely on dynamic lease registration in DNS, switching to Kea DHCP results in those hostnames being ignored. The static lease configuration is kept, so switching back to ISC DHCP will restore the functionality."

                                      Since I do have assigned hostnames with static leases, such as our file server, our HP printer/scanner, etc. [These devices are expected to be at the IP address manually assigned (from prior LAN software I used prior to PFSense going back to NT 4.0 days)].

                                      As a result, I am interested in what is happening with Kea DHCP and when it will support prior functions I use or provides an equivalent that we can migrate to "automatically" if possible. I've tried to avoid becoming a network person. Unfortunately, the Peter Principle is prevailing despite all attemps to avoid it.

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        pulsartiger
                                        last edited by

                                        I came across this topic when seeing the notice on my pfsense instance. Rather than create a new topic, I figure I continue the discussion to see if things have changed.

                                        I've been using pfsense for several years now and I typically do not change any settings unless necessary.

                                        If I change from ISC DHCP to Kea DHCP, is there any that needs to be done beforehand besides making a backup?
                                        Are there any other settings to change besides clicking the KEA DHCP radio button and clicking Save?
                                        If I choose to keep using ISC DHCP, is there any harm in doing so? (security issues?)

                                        johnpozJ S 2 Replies Last reply Reply Quote 1
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator @pulsartiger
                                          last edited by

                                          @pulsartiger I wouldn't switch to kea yet.. Just turn off the warning if it bugs you. Kea is not at feature parity yet.. And no there are no real security issues with just continuing to use ISC..

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          1 Reply Last reply Reply Quote 1
                                          • S
                                            SteveITS Galactic Empire @pulsartiger
                                            last edited by

                                            @pulsartiger re: updates:
                                            https://www.netgate.com/blog/improvements-to-kea-dhcp

                                            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                            Upvote 👍 helpful posts!

                                            GertjanG 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.