dhcp: offer KEA as DHCPv4 alternative

[AdSchellevis]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

With isc-dhcp being eol'd (https://www.isc.org/blogs/isc-dhcp-eol/), we should start aiming for a successor on our end. The number of realistic options is relatively small unfortunately. DNSmasq looked nice in terms of options, but lacks support for high availability, which in the long run might be problematic.

Describe the solution you like

Offer KEA DHCP (https://www.isc.org/kea/) as optional alternative for the existing DHCPv4 server. Since the dhcp code is rather old, we shouldn't try to aim for a migration at the moment to prevent wasting precious time in trying to solve past inconsistencies.

Describe alternatives you considered

Mostly DNSmasq, small and simple.

Notes and findings

• Removing leases manually is likely not the greatest idea in the world, kea doesn't seem to support manual removal of already offered leases. Cleanups of the local file are being handled via https://kea.readthedocs.io/en/kea-2.0.2/man/kea-lfc.8.html , the current approach is to remove entries and restart the daemon which is very disruptive and also not recommended.

[bueste]

Please add the feautre to add custom dhcp ranges (which aren't interfaces on the opensense) for the dhcp. I dont want to have separate dhcp servers anymore in a setup witch L3 Switches and a transit route to opensense.

[rschell]

Need to add "ip_address" to the reservation table, currently just lists "subnet", "MAC", "Description" and "Commands".

[rschell]

Understand it’s a work in progress. Any plans for opnsense to convert the isc-dhcp settings to this new service?

A hostname field would be a nice addition to the table as well.

[AdSchellevis]

no plans for a migration, maybe a button to import the static assignments, but not decided yet. They will likely coexist for some time, the old code and data structure is quite a mess with a high risk of breakage when forcing people to automatically use the new one.

Did you already try this code by the way? just curious about your findings so-far, the hostname field can certainly be added.

[rschell]

Had used Kea-dhcp before in plus-sense land before my transition to OPNsense. The migration was painless and didn’t have any issues with it.

Only had it briefly enabled in OPNsense. Noticed that I had to populate my 30+ static assignments first. That’s done, not sure the next testing steps now. An active lease table maybe needed to track its operation. I assume that simultaneous operation of both dhcp services would not be desirable.

[AdSchellevis]

It's likely not an issue to have both enabled on different interfaces, insights in leases is certainly on the list before release. This is just the first draft, things like high-availability are also points of interest and ipv6 as well.

[rschell]

Applied Kea-dhcp to four interfaces (3-DMZs and a LAN) and changed the lease time to 86400. From the log entries, seems to be performing its function. Left DHCpv6 active on the LAN for now with no ill effects.

[rschell]

Thanks for the hostname addition.

Had a odd behavior yesterday. Added a new Hyper-V VM and it was assigned a address out of the subnet pool. Went into the reservation table and updated one of the static reservations to the new mac address. Could not get the static reservation to take hold in the VM. Tried restarting the dhclient, removing the lease file, rebooting the VM. etc. Only way I could get the address to take hold was to disable Kea-dhcp and re-enable ISC-dhcp briefly to get the VM to accept the static assignment, then re-enable kea-dhcp. Not sure if there is a Kea configuration setting that needs to be adjusted.

[AdSchellevis]

Thanks for the hostname addition.

You're welcome, it's a work in progress.

Only way I could get the address to take hold was to disable Kea-dhcp and re-enable ISC-dhcp briefly to get the VM to accept the static assignment, then re-enable kea-dhcp. Not sure if there is a Kea configuration setting that needs to be adjusted.

If I'm not mistaken both disable/enable and just apply should restart kea at the moment, but there might be some other reason for kea to pickup the old lease, I haven't tried that yet.

[MaZe3D]

Hi, how will this impact the DHCPv6 service since it is also end of life? Is KEA as dhcpv6 service also planned?

[AdSchellevis]

@MaZe3D not officially (as in roadmap), but it's certainly on my list. Quite some development time currently goes into digesting the kea documentation, I kind of hope the v6 variant is roughly the same in implementation.

[bueste]

Please add the feautre to add custom dhcp ranges (which aren't interfaces on the opensense) for the dhcp. I dont want to have separate dhcp servers anymore in a setup witch L3 Switches and a transit route to opensense.

Did you integrate this feature?

[AdSchellevis]

easy to try isn't it...

[bueste]

easy to try isn't it...

It's really important. So it doesn't need a an additional device (raspy, docker container an more) only for the dhcp serving. A lot of the user uses opnsense in a L3 Setup (OS as Firewall, L3Switch for Routing).

[xeucs]

easy to try isn't it...

It's really important. So it doesn't need a an additional device (raspy, docker container an more) only for the dhcp serving. A lot of the user uses opnsense in a L3 Setup (OS as Firewall, L3Switch for Routing).

This would be a very important and useful feature to implement. I agree with the requests already made.

Thank you

[fichtner]

We know. That's why it was implemented.

[bueste]

I've tested with the RC1:

• Domain Name Suffix is missing
• LeaseTime per DHCP Pool is missing
• Hostname from the DHCP Lease will not registered in unbound (no static lease, no dynamic lease)

DHCP Log: DHCP4_CONFIG_SYNTAX_WARNING configuration syntax warning: /usr/local/etc/kea/kea-dhcp4.conf:70.10: Extraneous comma. A piece of configuration may have been omitted.

KEA for DHCP6 is missing

[drinn]

Testing with RC1:

• Hostname from DHCP lease not being registered in unbound (already mentioned above)
• Ability to specify more granular options (i.e. specific DNS servers) for an individual static IP is unavailable

[AdSchellevis]

It’s in my humble opinion pretty useless to mention missing features nobody promised in the comments. If you’re looking for additions, open a pull-request or ask nicely (per feature) in a ticket.

[drinn]

It’s in my humble opinion pretty useless to mention missing features nobody promised in the comments. If you’re looking for additions, open a pull-request or ask nicely (per feature) in a ticket.

Understood. No disrespect meant on my post. Just wanted to share my own experience after experimenting with KEA if it will replace ISC dhcpd sometime in the (near? far?) future.

[bueste]

Soory @AdSchellevis No disrespect. I was in hurry with testing this feautre. I wan't to push the news as fast as possible to the developer so that, they have the possiblity to add the missing feautre and make Opnsense even better than it already is. So thanks to all developers for the great work!