Kea logging "failed to send DHCPv6 packet ... Permission denied"
-
Running 24.11 with system patches 2.2.20_5 on third-party hardware.
I switched from ISC to Kea today via the System/Advanced/Networking/ServerBackend button. Didn't modify any of the other DHCP config.
I'm seeing Permission Denied log errors like the following.
[24.11-RELEASE][admin@pfSense.home.arpa]/var/log: grep 'kea-dhcp6.*ERROR' dhcpd.log Jul 3 16:45:45 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:90:09:d0:17:9e:81], [no hwaddr info], tid=0x40707e: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 16:46:43 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:56:d7:c7:4d:80:da], [no hwaddr info], tid=0xe7caa9: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 16:47:20 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:04:d6:40:1f:04:84:ca:29:d8:92:fa:67:99:45:01:03:df], [no hwaddr info], tid=0xb97c18: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 16:48:11 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[no info], [no hwaddr info], tid=0x8d8f21: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 16:52:34 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 16:56:02 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2e:1f:bc:71:8c:f8:c5:ad:6f:d8], [no hwaddr info], tid=0xbb514a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 17:08:07 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 17:17:23 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2a:54:20:7d:e4:e7:49:b9:7b:48], [no hwaddr info], tid=0xa93d9a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied Jul 3 17:38:33 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Kea is running as root, so it's not that sort of Permission Denied.
[24.11-RELEASE][admin@pfSense.home.arpa]/var/log: ps axwwu | grep kea root 81406 0.0 0.3 55072 24252 - S 16:45 0:00.45 /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf root 94552 0.0 0.3 55028 23676 - S 16:45 0:00.28 /usr/local/sbin/kea-dhcp6 -c /usr/local/etc/kea/kea-dhcp6.conf
Pcap attached for a client exchange generating these types of messages (1c:53:f9:09:fc:ea). Correlating with the logs (taken at a later time than those above), the errors occur when responding to DHCPv6 Information-Requests. keaDHCP.pcap
/usr/local/etc/kea/kea-dhcp6.conf
below with the v6 prefixes obscured.No issues with Kea v4.
Thanks in advance for suggestions.
{ "Dhcp6": { "interfaces-config": { "interfaces": [ "igc1.15", "igc1.20", "igc1.40" ] }, "lease-database": { "type": "memfile", "persist": true, "name": "/var/lib/kea/dhcp6.leases" }, "loggers": [ { "name": "kea-dhcp6", "output_options": [ { "output": "syslog" } ], "severity": "WARN" } ], "valid-lifetime": 7200, "max-valid-lifetime": 86400, "host-reservation-identifiers": [ "hw-address", "duid" ], "hooks-libraries": [ { "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so" }, { "library": "/usr/local/lib/kea/hooks/libdhcp_lease_options.so" }, { "library": "/usr/local/lib/kea/hooks/libdhcp_run_script.so", "parameters": { "name": "/usr/local/bin/kea_run6", "sync": false } } ], "control-socket": { "socket-type": "unix", "socket-name": "/var/run/kea6-ctrl-socket" }, "sanity-checks": { "lease-checks": "fix-del" }, "subnet6": [ { "id": 1, "interface": "igc1.15", "subnet": "26...1f::/64", "option-data": [ { "name": "domain-search", "data": "home.arpa" }, { "name": "dns-servers", "data": "26...1f:e63a:6eff:fe61:c5ee" } ], "reservations-in-subnet": true }, { "id": 2, "interface": "igc1.20", "subnet": "26...1e::/64", "option-data": [ { "name": "domain-search", "data": "home.arpa" }, { "name": "dns-servers", "data": "26...1e:e63a:6eff:fe61:c5ee" } ], "reservations-in-subnet": true }, { "id": 3, "interface": "igc1.40", "subnet": "26...1c::/64", "option-data": [ { "name": "domain-search", "data": "home.arpa" }, { "name": "dns-servers", "data": "26...1c:e63a:6eff:fe61:c5ee" } ], "reservations-in-subnet": true } ] } }
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.