Kea DHCP stops working

swmspam

Kea started crashing a few days ago, requiring a reboot almost every day to resolve this week. Sometimes Kea would restart, sometimes required reboot. Upgraded to 25.03 BETA (amd64) and Kea continues to fail. I reverted back to ISC to keep the network stable.

stephenw10

Anything logged?

MacUsers

I didn't get around to upgrade to Beta but without any known development to fix Kea issue, I think it'll continue to fail.

@swmspam said in Kea DHCP stops working:

Kea started crashing a few days ago, requiring a reboot almost every day to resolve this week

Just out of interest, is happening on any Netgate device, especially 6200 or 8200?

-S

stephenw10

There are a load of fixes in 25.03. AFAIK this issue is fixed there for arm64 and aarch64. You should try the beta if you can. If there is still an issue there we need to know about it.

Gertjan

@MacUsers said in Kea DHCP stops working:

is happening on any Netgate device, especially 6200 or 8200?

Can't speak for those device, I use a 4100. So a very comparable CPU.
The sofwtare (binaries) are all the some, bit for bit.
The OS also.
Only our 'settings' differ.

My kea runs flawlessly.
24.03 was already good for me, now, just for the fun, I use 23.03 beta and no issues what so ever.

[25.03-BETA][root@pfSense.bhf.tld]/root: ps aux | grep kea
root    15715   0.0  0.6  50404  24708  -  S    26Feb25     2:00.36 /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
root    16458   0.0  0.6  47800  24420  -  S    26Feb25     0:53.59 /usr/local/sbin/kea-dhcp6 -c /usr/local/etc/kea/kea-dhcp6.conf
root    62819   0.0  0.5  34780  18464 u0  I    26Feb25     0:00.11 /usr/local/sbin/kea-dhcp-ddns -c /usr/local/etc/kea/kea-dhcp-ddns.conf

I even manually kick started "kea-dhcp-ddns", not yet supported by pfSense (GUI), but I saw it was there and I needed it.
For more then 6 moths I use the patch that adds DHCP Options to kea : works perfectly.

I'm writing my goodbye word for ISC right now.

swmspam

Apologies to the community, I didn't capture the logs. It's a bit of a pain at this point. I can only run Kea during the afternoons when I can oversee it, but have to switch back to ISC during the night. There's no way to guarantee Kea will crash opportunistically.

Running on mini-ITX motherboard with:

Vendor: American Megatrends Inc.
Version: P1.00
Intel(R) Celeron(R) J4105 CPU @ 1.50GHz
Current: 1500 MHz, Max: 1501 MHz
4 CPUs : 1 package(s) x 4 core(s)
Memory: 4GB
Storage: 60GB SATA SSD

Cabledude

Might this issue be related? It’s about a static mapping for a Synology NAS that only turns on 3am to 4am for backups and also incidentally at day time for video playback. Yesterday it received a fresh dynamic IP from the KEA DHCP server, which should be considered a DHCP malfunction.

I am not 100% certain that it’s a 24.11 issue, but 15 days ago I went from 24.03 (never had KEA DHCP issues) to 24.11 and this error is the first time since.

stephenw10

You have all the patches applied in 24.11?

How loaded is subnet? Like number of clients vs available dhcp leases?

chitchat

Netgate 3100, 24.11-RELEASE (arm)

Hi,

Networking newbie here. Wow, that was scary! The network access for all the members in our coworking space went down when KEA DHCP spontaneously died. This required a panicked emergency rush to figure out what caused this sudden network access meltdown smack in the middle of a business day. No error messages at all in the DHCP system log to provide any guidance.

We transitioned from the old ISC to KEA because of a message encouraging us to do so due to ISC deprecation. "Kea DHCP is the newer, modern DHCP distribution from ISC that includes the most-requested features."

Just goes to show that newer can be way worse, even when the vendor you trust is pushing you to do so. Rock-solid reliability, "No alarms and no surprises" should be the expectation in a business router. I have to say that my faith in Netgate/PfSense has been shaken.

It occured to me that something like this could affect other subsystems. Eg, OpenVPN has to dynamically assign IPs to clients. It appears that OVPN handles this independently from DHCP via the "IPv4 Tunnel Network" setting, is that correct? If not, then if DHCP goes down that could jeapordize OVPN and any other services that might to require DHCP for assigning IP #s dynamically, no?

If OVPN were to be dependent upon DHCP, then a downed DHCP would jeapordize remote access via OVPN, and consequentially remote troubleshooting. Which would argue for also keeping an SSH connection on to the outside world in addition to OVPN, so as to ensure remote access availability to the router, no?

Are there other remote access services that one should be concerned could be affected by the abscence of DHCP?

Gong back to ISC to avoid nightmares...

stephenw10

That's a known issue on the 3100 unfortunately. It's unlikely to be fixed as it impact only arm32 and the 3100 is the only appliance using that and is now EoL.

https://redmine.pfsense.org/issues/15973

Use ISC on the 3100.

chitchat

@stephenw10

Yep thanks, that's the plan - no more latest and greatest for us!

stephenw10

Just for reference this only affects the 3100. Kea is safe to use on other platforms.

MacUsers

@stephenw10 said in Kea DHCP stops working:

That's a known issue on the 3100 unfortunately.

I don't think the issue is only on 3100; I have experienced that very same issue on 6100m 8200 and most recently with 4200. A new installation with KEA (without migrating any old data/config from ISC) is probably okay but as far as I can see, the migration from ISC to KEA fails consistently.

stephenw10

That particular bug report I linked is for arm32 only. And it's the only outstanding issue I'm aware of. What version did you test?

MacUsers

@stephenw10,
all of pfSense are v24.11-RELEASE (amd64); as far as I can see now, KEA actually never worked for me since I migrated from ISC, regardless of the pfSense version.

stephenw10

If there is some other general issue affecting Kea I'm not aware of it. I see no problems with Kea in current versions on amd64 or aarch64.

You have a link to a different bug report? Any logs? Core dumps?

Gertjan

@MacUsers said in Kea DHCP stops working:

all of pfSense are v24.11-RELEASE (amd64); as far as I can see now, KEA actually never worked for me since I migrated from ISC, regardless of the pfSense version.

There is a 99,99 % solution avaible now.
Right now, this one :

is available.
An RC version is identical to the final Release.
It stays RC so very minor issues let GUI text can get corrected.
Major changes, like 'kea not working' won't be corrected anymore.

I'm pretty sure (tens of thousands) use "25.07"(RC) right now, and they 'all' use kea.
No issues afaik.
So .... even if 25.07 won't solve your issue, you'll be sure for 99,99 % that the issue is ... on your side.
Or, you are using pfSense (hea DHCP) in a very special way, and no one else is using it that way so we can't know what your issue is ?
Do you have any details about why your 'pfSense' (DHCP kea settings) are so different that it 'break's ?
Do use an edge case scenario where things were possible with ISC DHCP, but not anymore with kea ?

Btw : we all have iMac, IPads iPhone and other iStuff in our networks, they all behave fine with kea, using classic DHCP leases, or static MAC leases.