Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kea logging "failed to send DHCPv6 packet ... Permission denied"

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 59 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marcg
      last edited by marcg

      Running 24.11 with system patches 2.2.20_5 on third-party hardware.

      I switched from ISC to Kea today via the System/Advanced/Networking/ServerBackend button. Didn't modify any of the other DHCP config.

      I'm seeing Permission Denied log errors like the following.

      [24.11-RELEASE][admin@pfSense.home.arpa]/var/log: grep 'kea-dhcp6.*ERROR' dhcpd.log
Jul  3 16:45:45 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:90:09:d0:17:9e:81], [no hwaddr info], tid=0x40707e: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 16:46:43 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:56:d7:c7:4d:80:da], [no hwaddr info], tid=0xe7caa9: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 16:47:20 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:04:d6:40:1f:04:84:ca:29:d8:92:fa:67:99:45:01:03:df], [no hwaddr info], tid=0xb97c18: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 16:48:11 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[no info], [no hwaddr info], tid=0x8d8f21: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 16:52:34 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 16:56:02 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2e:1f:bc:71:8c:f8:c5:ad:6f:d8], [no hwaddr info], tid=0xbb514a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 17:08:07 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 17:17:23 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2a:54:20:7d:e4:e7:49:b9:7b:48], [no hwaddr info], tid=0xa93d9a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
Jul  3 17:38:33 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied

      Kea is running as root, so it's not that sort of Permission Denied.

      [24.11-RELEASE][admin@pfSense.home.arpa]/var/log: ps axwwu | grep kea
root    81406   0.0  0.3   55072  24252  -  S    16:45        0:00.45 /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
root    94552   0.0  0.3   55028  23676  -  S    16:45        0:00.28 /usr/local/sbin/kea-dhcp6 -c /usr/local/etc/kea/kea-dhcp6.conf

      Pcap attached for a client exchange generating these types of messages (1c:53:f9:09:fc:ea). Correlating with the logs (taken at a later time than those above), the errors occur when responding to DHCPv6 Information-Requests. keaDHCP.pcap

      /usr/local/etc/kea/kea-dhcp6.conf below with the v6 prefixes obscured.

      No issues with Kea v4.

      Thanks in advance for suggestions.

      {
    "Dhcp6": {
        "interfaces-config": {
            "interfaces": [
                "igc1.15",
                "igc1.20",
                "igc1.40"
            ]
        },
        "lease-database": {
            "type": "memfile",
            "persist": true,
            "name": "/var/lib/kea/dhcp6.leases"
        },
        "loggers": [
            {
                "name": "kea-dhcp6",
                "output_options": [
                    {
                        "output": "syslog"
                    }
                ],
                "severity": "WARN"
            }
        ],
        "valid-lifetime": 7200,
        "max-valid-lifetime": 86400,
        "host-reservation-identifiers": [
            "hw-address",
            "duid"
        ],
        "hooks-libraries": [
            {
                "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
            },
            {
                "library": "/usr/local/lib/kea/hooks/libdhcp_lease_options.so"
            },
            {
                "library": "/usr/local/lib/kea/hooks/libdhcp_run_script.so",
                "parameters": {
                    "name": "/usr/local/bin/kea_run6",
                    "sync": false
                }
            }
        ],
        "control-socket": {
            "socket-type": "unix",
            "socket-name": "/var/run/kea6-ctrl-socket"
        },
        "sanity-checks": {
            "lease-checks": "fix-del"
        },
        "subnet6": [
            {
                "id": 1,
                "interface": "igc1.15",
                "subnet": "26...1f::/64",
                "option-data": [
                    {
                        "name": "domain-search",
                        "data": "home.arpa"
                    },
                    {
                        "name": "dns-servers",
                        "data": "26...1f:e63a:6eff:fe61:c5ee"
                    }
                ],
                "reservations-in-subnet": true
            },
            {
                "id": 2,
                "interface": "igc1.20",
                "subnet": "26...1e::/64",
                "option-data": [
                    {
                        "name": "domain-search",
                        "data": "home.arpa"
                    },
                    {
                        "name": "dns-servers",
                        "data": "26...1e:e63a:6eff:fe61:c5ee"
                    }
                ],
                "reservations-in-subnet": true
            },
            {
                "id": 3,
                "interface": "igc1.40",
                "subnet": "26...1c::/64",
                "option-data": [
                    {
                        "name": "domain-search",
                        "data": "home.arpa"
                    },
                    {
                        "name": "dns-servers",
                        "data": "26...1c:e63a:6eff:fe61:c5ee"
                    }
                ],
                "reservations-in-subnet": true
            }
        ]
    }
}
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.