OPNsense DHCP migration to Kea
With the 24.1 release of OPNsense, Kea has become the preferred DHCP server. The previous DHCP solution, ISC, has reached end of life as of 2022. To be honest, I didn’t read the release notes prior to upgrading so this was a surprise. My configuration was not overly complex. I had 3 vlans configured with various DHCP reservations for each vlan. Based on my configuration , I felt it was best to just re-create the scopes in Kea rather than using a migration tool. The Kea migration Assistant (KeaMA) tool can assist with migration from ISC to KEA. It is noted that the tool may not fully translate your ISC configuration and manual fix-ups may be required.
My Kea migration strategy
For my configuration, I created the required scopes manually in the Kea Subnets section. The subnet section can be access by going to Services–> Kea DHCP–> Kea DHCPv4 and selecting the subnets tab. For each scope in my ISC configuration, I created a Kea subnet by defining the subnet network and pool range. I didn’t require additional configuration parameters. In the settings tab for Kea DHCPv4, I configured the interfaces the DHCP service will listen. I left Firewall rules enabled.
Once the Kea service was configured, it was time to enable it. Prior to enabling the Kea service, I disabled each configured ISC scope interface. This is done individually as there is no global enable/disable configuration for ISC. Once ISC was disabled, I enabled Kea DHCPv4 using the settings Enabled checkbox and started the service. I also enabled and started the Kea DHCP control agent using local port 8000. So long as there are no configuration errors, the service should start serving address. If an configuration issues exists, the service may not start as expected. I had a mistype in a scope which resulted in the service not starting as expected. I suggesting reviewing thr log file subsection to ensure there are no configuration errors.
Once Kea has been started, I suggest validating address are being served as required. Additionally, I suggest reviewing the Log File for Kea to ensure there are no warnings. As of the time of writing, there is an issue that presents itself in the log file but has been found to be a bug. A message indicating a misconfiguration from an extraneous comma displays in the log file. This is cover by OPNsense issue 7183. A solution appears to have been merged and will be available in the future.
Sequence of events.
- Review/Document current configuration.
- Configure Kea to match ISC configuration.
- Disable ISC interfaces.
- Enable Kea and Kea control service
- Review log for errors.
- Validate addresses are being delivered.