ISC DHCP has reached eol and will be removed in a future version of Pfsense.
-
I'm using Pfsense firewall version 2.7.2. I'm getting the below notification.
" ISC DHCP has reached eol and will be removed in a future version of Pfsense." Kindly advise what needs to be done.login-to-view -
Use KEA
-
@rajukarthik The wording is not perfect as the KEA implementation in pfSense - the replacment for ISC DHCP - is not yet feature complete. And ISC DHCP will not be removed before KEA is full integrated; and maybe stays on for even longer.
See this blog post from Netgate and/or search the forum, that question comes up quite often.
If you have a basic DHCP needs, without any of the features mentioned in the blog post KEA will work fine. Otherwise stay with ISC DHCP and disable this warning (System > Advanced > Networking > Ignore Deprecation Warning). The place where you disable the warning is also the place to switch between ISC DHCP and KEA.
-
johnpoz LAYER 8 Global Moderatorlast edited by johnpoz Jul 18, 2024, 11:56 AM Jul 18, 2024, 11:53 AM
@JonathanLee not good advice at this time unless they only need the most basic of functionality from dhcpd..
There are big warnings in a blog and in the release notes - kea is "preview" and while it will hand out IP addresses. Many users of pfsense want/need more functionality than say what some soho wifi router does. If they don't why are they using pfsense in the first place ;)
I would suggest to answer @rajukarthik question on what should be done, would be to read the release notes about what features are not available currently with kea, and if they have no need or use for these features that are not available - then sure ok move to kea.
-
Thank you all for the advice
-
I have been using it with my system and it seems stable enough for small office use/home use. Sorry I didn’t think about large scale deployments
-
@JonathanLee not talking about large scale deployments.. Big one for me is just registration of reservations for dns. I sure don't want to have to do that by hand every time I add a device that I set a reservation for. I also use options that I hand out. My deployment is not large.. Its a single family home with me and the wife.. Now I am a bit of a techy/IT nerd so there might be a few more devices on the network ;)
Could I make it work if had too - sure.. But why, there is nothing wrong with isc dhcpd currently.. There is no pending security issues even. And even if there was so what, this is my secure private network.. There are no hostiles on it. Only my devices, that I manage or iot devices that while not dod trust worthy.. Millions of them sold sort of devices, etc.. So doubt they are going to trying to mess with dhcp security exploits ;)
There is just no reason to currently move to kea.. Now once it has reached feature parity or surpassed isc - then sure.. Looking forward to it to be honest..
What the real take away from from isc eol announcement should be is..
"it is time to start thinking about a migration plan to a more modern system that is actively maintained."
Which is exactly what is going on - netgate is working on their migration plan.. And I would guess it will be viable, ie feature parity very soon..
The other big take away from their eol notice is this one.
"The existing open source software will continue to function as it has, and current operators do not need to stop using ISC DHCP"
Hey if all you do is hand out ips - then hey the preview version allows you to be ahead of the game.. But from the number of threads related to kea, there are many users where that is not the case. And also brought to light there seems to be a large user base that doesn't even bother to breeze over release notes before clicking anything shiny, like a warning ;)
-
@johnpoz I have to admit 24 works better with KEA over 23.09 it was slow in that version
-
P patient0 referenced this topic 7 days ago