Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kea logging "failed to send DHCPv6 packet ... Permission denied"

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 59 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marcg
      last edited by marcg

      Running 24.11 with system patches 2.2.20_5 on third-party hardware.

      I switched from ISC to Kea today via the System/Advanced/Networking/ServerBackend button. Didn't modify any of the other DHCP config.

      I'm seeing Permission Denied log errors like the following.

      [24.11-RELEASE][admin@pfSense.home.arpa]/var/log: grep 'kea-dhcp6.*ERROR' dhcpd.log
      Jul  3 16:45:45 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:90:09:d0:17:9e:81], [no hwaddr info], tid=0x40707e: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 16:46:43 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:56:d7:c7:4d:80:da], [no hwaddr info], tid=0xe7caa9: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 16:47:20 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:04:d6:40:1f:04:84:ca:29:d8:92:fa:67:99:45:01:03:df], [no hwaddr info], tid=0xb97c18: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 16:48:11 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[no info], [no hwaddr info], tid=0x8d8f21: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 16:52:34 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 16:56:02 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216d00] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2e:1f:bc:71:8c:f8:c5:ad:6f:d8], [no hwaddr info], tid=0xbb514a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 17:08:07 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 17:17:23 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15216600] DHCP6_PACKET_SEND_FAIL duid=[00:01:00:01:2a:54:20:7d:e4:e7:49:b9:7b:48], [no hwaddr info], tid=0xa93d9a: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      Jul  3 17:38:33 pfSense kea-dhcp6[94552]: ERROR [kea-dhcp6.packets.0x1ab15217400] DHCP6_PACKET_SEND_FAIL duid=[00:03:00:01:1c:53:f9:09:fc:ea], [no hwaddr info], tid=0xe340e5: failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Permission denied
      

      Kea is running as root, so it's not that sort of Permission Denied.

      [24.11-RELEASE][admin@pfSense.home.arpa]/var/log: ps axwwu | grep kea
      root    81406   0.0  0.3   55072  24252  -  S    16:45        0:00.45 /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
      root    94552   0.0  0.3   55028  23676  -  S    16:45        0:00.28 /usr/local/sbin/kea-dhcp6 -c /usr/local/etc/kea/kea-dhcp6.conf
      

      Pcap attached for a client exchange generating these types of messages (1c:53:f9:09:fc:ea). Correlating with the logs (taken at a later time than those above), the errors occur when responding to DHCPv6 Information-Requests. keaDHCP.pcap

      /usr/local/etc/kea/kea-dhcp6.conf below with the v6 prefixes obscured.

      No issues with Kea v4.

      Thanks in advance for suggestions.

      {
          "Dhcp6": {
              "interfaces-config": {
                  "interfaces": [
                      "igc1.15",
                      "igc1.20",
                      "igc1.40"
                  ]
              },
              "lease-database": {
                  "type": "memfile",
                  "persist": true,
                  "name": "/var/lib/kea/dhcp6.leases"
              },
              "loggers": [
                  {
                      "name": "kea-dhcp6",
                      "output_options": [
                          {
                              "output": "syslog"
                          }
                      ],
                      "severity": "WARN"
                  }
              ],
              "valid-lifetime": 7200,
              "max-valid-lifetime": 86400,
              "host-reservation-identifiers": [
                  "hw-address",
                  "duid"
              ],
              "hooks-libraries": [
                  {
                      "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
                  },
                  {
                      "library": "/usr/local/lib/kea/hooks/libdhcp_lease_options.so"
                  },
                  {
                      "library": "/usr/local/lib/kea/hooks/libdhcp_run_script.so",
                      "parameters": {
                          "name": "/usr/local/bin/kea_run6",
                          "sync": false
                      }
                  }
              ],
              "control-socket": {
                  "socket-type": "unix",
                  "socket-name": "/var/run/kea6-ctrl-socket"
              },
              "sanity-checks": {
                  "lease-checks": "fix-del"
              },
              "subnet6": [
                  {
                      "id": 1,
                      "interface": "igc1.15",
                      "subnet": "26...1f::/64",
                      "option-data": [
                          {
                              "name": "domain-search",
                              "data": "home.arpa"
                          },
                          {
                              "name": "dns-servers",
                              "data": "26...1f:e63a:6eff:fe61:c5ee"
                          }
                      ],
                      "reservations-in-subnet": true
                  },
                  {
                      "id": 2,
                      "interface": "igc1.20",
                      "subnet": "26...1e::/64",
                      "option-data": [
                          {
                              "name": "domain-search",
                              "data": "home.arpa"
                          },
                          {
                              "name": "dns-servers",
                              "data": "26...1e:e63a:6eff:fe61:c5ee"
                          }
                      ],
                      "reservations-in-subnet": true
                  },
                  {
                      "id": 3,
                      "interface": "igc1.40",
                      "subnet": "26...1c::/64",
                      "option-data": [
                          {
                              "name": "domain-search",
                              "data": "home.arpa"
                          },
                          {
                              "name": "dns-servers",
                              "data": "26...1c:e63a:6eff:fe61:c5ee"
                          }
                      ],
                      "reservations-in-subnet": true
                  }
              ]
          }
      }
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.