switch over from ISC DHCP to Kea DHCP
-
@HuskerDu and if your looking to dhcp or static IP your going down the wrong rabbit hole is what I am saying.. Are you pinging wireless or over wire? Look to either the device itself or the network to why your seeing packet loss.. It has zero to do with how some got its ip.
I would sniff on the destination device your pinging - do you see all the requests and it sending replies.. Sniff on your sender of the pings do you see it not getting replies that were sent via sniff you did on what you were pinging.
Is this traffic even routed through pfsense? Devices on the same network don't go through pfsense talking to other device on the same network, etc.
On the pings you do get answers for - what are the response times.. Something pinging something local should be 1ms over wire, and via wireless should be at worse a few ms..
-
@johnpoz Let me dig more into it tomorrow.
PFsense
- LAN1
--native
--vlan1 - LAN 2
--native
--vlan2
From LAN1 native to LAN2 vlan2 : no issue, no packet loss
From LAN1 native to LAN2 native : 90ish% packet loss, traffic trigger rules on LAN2 vlan2.... which was not the case before. - LAN1
-
@HuskerDu said in switch over from ISC DHCP to Kea DHCP:
From LAN1 native to LAN2 native : 90ish% packet loss, traffic trigger rules on LAN2 vlan2.... which was not the case before
? Packets starting on LAN1 should not be arriving on LAN2 VLAN2, sounds like something is cross connected. Rules apply as packets arrive on an interface.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
Yeah how exactly do you have that connected together.. as @SteveITS points out, if you are pinging from some client on lan 1 native to a device on lan 2 native - you sure shouldn't be seeing any hits on some rule on lan 2 vlan..
-
@SteveITS said in switch over from ISC DHCP to Kea DHCP:
sounds like something is cross connected. Rules apply as packets arrive on an interface.
Cannot be the case, LAN1 is Switch 1, LAN2 is Switch 2, no cable between them.
-
Thanks again for your help and patience.
End of the story, linked to DHCP but not only, the LAN 2 VLAN interface was assigned with the IP address of my ngnix proxy (which was not the case previously), that created a lot of mess !!!
Once found, no more issues !
-
I am trying to tftp boot and my static mapped clients do not get the option 66 reply.
When I set the server IP in the pfSense UI the option 66 is set in the pool section of the config"subnet4": [ { "id": 1, "subnet": "10.27.1.0/24", "option-data": [ { "name": "domain-name-servers", "data": "10.27.1.254" }, { "name": "routers", "data": "10.27.1.254" } ], "pools": [ { "pool": "10.27.1.100 - 10.27.1.150", "client-class": "pool_lan_0", "option-data": [ { "name": "tftp-server-name", "code": 66, "data": "10.27.1.33"With this config the statically mapped clients do not boot and I only receive Option 67 in the DHCP packet.
With a dynamic ip client the option 66 is included.Adding the option-data Option 66 to the custom configuration or to the config file directly in the subnet section make the DHCP server include the option 66 in the packets.
Am I missing something, is it by design or is it a bug? -
@Unaired6288 said in switch over from ISC DHCP to Kea DHCP:
tftp-server-name
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html - look for tftp-server-name
and
https://github.com/isc-projects/kea/blob/master/doc/examples/kea4/all-options.json - look for tftp-server-namemakes me think that "data" needs to be a host name like 'one.host.tld', not an IP(v4).
@Unaired6288 said in switch over from ISC DHCP to Kea DHCP:
With this config the statically mapped clients do not boot and I only receive Option 67 in the DHCP packet.
With a dynamic ip client the option 66 is included.Because you've defined the "tftp-server-name" in the scope of the pool.
Static defined lease don't get their IP( lease) out of the pool.What about placing your '"option-data": ... for the "tftp-server-name" one level up ? (merge with the other already present "option-data" below "subnet4" ?
@Unaired6288 said in switch over from ISC DHCP to Kea DHCP:
Adding the option-data Option 66 to the custom configuration or to the config file directly in the subnet section make the DHCP server include the option 66 in the packets.
Isn't that what you want ?
Edit : Found this ....
-
@Gertjan said in switch over from ISC DHCP to Kea DHCP:
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html - look for tftp-server-name
and
https://github.com/isc-projects/kea/blob/master/doc/examples/kea4/all-options.json - look for tftp-server-namemakes me think that "data" needs to be a host name like 'one.host.tld', not an IP(v4).
Good to know, I hadn't noticed. It used to work with ISC DHCP, I set this up a long time ago and hadn't realized this at the time
In the UI the subtext is the following:Leave blank to disable. Enter a valid IP address, hostname or URL for the TFTP server.@Gertjan said in switch over from ISC DHCP to Kea DHCP:
Because you've defined the "tftp-server-name" in the scope of the pool.
Static defined lease don't get their IP( lease) out of the pool.What about placing your '"option-data": ... for the "tftp-server-name" one level up ? (merge with the other already present "option-data" below "subnet4" ?
Thanks for the help, I do understand the issue with the config section and the difference, in fact I have a working setup it's just that it seemed a bit convoluted.
I was mostly looking for clarification regarding the TFTP Server setting in pfSense UI that sets it in the address pool range instead of the subnet, I was just wondering if I had missed something or if I was supposed to define the TFTP Server in the Custom Configuration to have them apply to Static Mappings while other settings do seem to apply to the static mappings when set in the UI.
-
Sorry to invade the post in this way, but I would like to know if in version 2.8 it is already feasible to switch ISC for KEA, observing who uses 2 pfsense appliances in HA CARP?
