I have been trying to migrate the dhcp server on the host from dnsmasq to kea but failed in so far as the lxc-guest would not receive an address from kea. From the kea logs it is apparent that no dhcp requests is received.
With kea listening globally the logs however produced:
[kea-dhcp4.dhcpsrv/28994] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface vethDU6QB4 is down or has no usable IPv4 addresses configured
Whilst dnsmasq is working and this perhaps being an issue of kea (and not lxc) I was wondering though whether someone has got kea-dhcp working with lxc containers, and if so how?
I had a need to test Kea before I could let it loose on my home network, so I looked to test it with LXC containers. I stumbled on this old post and thought I would resurrect it in case anyone else thought of doing something like this.
This is not a full walk through, but the salient points.
With Kea (1.8.2) installed on my Ubuntu 20.04.2 LTS and an “apt-get install lxc”
Create a new bridge with all dhcp options turned off…
The lxc-net dnsmasq service is already started and listening on port 67, so Kea will not be able to answer to dhcp discover packets. There may be better ways to do this, but what I did was to stop the lxc-net.service, but also had to kill manually the dnsmasq services…
systemctl stop lxc-net
pkill dnsmasq
I then added a veth pair, attached one end to the new bridge and gave the other end an IP address in the subnet range of the default dhcp scope in /usr/local/etc/kea/kea-dhcp4.conf
ip link add dev kea1 type veth peer name kea2
ip link set kea1 master mynet
ip link set dev kea1 up
ip link set dev kea2 up
ip a add 192.0.2.253 dev kea2
With that in place, I could test what I was really trying to do - configure Kea to serve only on the bridge mynet. In /usr/local/etc/kea/kea-dhcp4.conf …
"Dhcp4": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
"interfaces": [ "kea2" ]
Containers on the bridge mynet will now receive a dhcp lease from Kea. That was the sole purpose of my test, so I was not looking at gateways or nat or anything else.