ISC DHCP has reached end-of-life and will be removed in a future version of pfSense

Networking & Firewalls
1

BACKGROUND

I upgraded to pfSense 2.7.1 CE and happed to notice the following two new warning banners that ISC DHCP is EOL and we need to migrate Kea DHCP. Apparently the migration is not automatic or straight forward.

Screenshot 2023-11-18 at 9.30.31 PM
Screenshot 2023-11-18 at 9.30.31 PM1998×286 28.6 KB

Screenshot 2023-11-18 at 9.30.45 PM
Screenshot 2023-11-18 at 9.30.45 PM1998×286 26.5 KB

MIGRATION TOOLS

Unfortunately, the migration tools assume you have a traditional /etc/dhcp/dhcpd.conf file to convert and upload.

QUESTIONS

I am using:

  • DNS Resolver with DNSSEC and SSL/TLS with a few host overrides.
  • DHCP Server with a ton of static reservations.
  1. Does this affect both DHS and DHCP, or just DHCP?
  2. What does the new Kea DHCP settings look like?
  3. Has anyone else gone through the migration process that can share any tips?
  4. Will this involve exporting the config.xml and hand editing the file?
  5. Is someone woking on a migration tool specifically for pfSense?
  6. If I perform a clean install of 2.7.1 CE and restore a 2.7.0 CE config.xml file, will pfSense automatically migrate to Kea DHCP?
  7. Or does one simply select the radio button and save, and it all works automagically?

Screenshot 2023-11-18 at 10.17.20 PM
Screenshot 2023-11-18 at 10.17.20 PM2298×522 54.4 KB

  1. Has anyone does any extensive testing with Kea DHCP?
  2. Or should we all wait for some other poor soul(s) to be the guinea pigs?

Seems like this might be a good subject for @LTS_Tom to cover in a video.

2

I’m not sure what you mean. I enabled kea dhcp and it just worked for me.

3

According to the ISC link there are Kea migration tools, but still requires manual edits.

Screenshot 2023-11-18 at 10.27.01 PM
Screenshot 2023-11-18 at 10.27.01 PM2298×422 51 KB

I guess I am being overly concerned. I just don’t want to be the person who takes the whole family off the internet without knowing the implications or having a backup plan, like the FB BGP incident.

4

I’m not sure what to tell ya friend. I literally just select kea DHCP and saved my changes and everything just worked.

image

5

Exactly the same for me, I’ve just switched over and had to do nothing extra. Reservations there, scopes there and so forth.

An item that isn’t there is advanced options like option 43 config etc. I haven’t looked very hard though atm

6

Thanks E1. I took the plunge.

Screenshot 2023-11-19 at 4.06.08 AM
Screenshot 2023-11-19 at 4.06.08 AM1130×532 47.5 KB

7

Fairly sure that Netgate has mentioned that Kea hasn’t been fully implemented as yet, hence there is a choice. Can’t recall the reason why I didn’t enable it but there was something that made choose to wait.

8

Apparently Kea is not feature complete yet

Screenshot 2023-11-19 at 8.50.21 AM
Screenshot 2023-11-19 at 8.50.21 AM1966×664 167 KB

9

I just noticed this today ( 2.7.2). Is it recommend to change over to KEA DHCP or wait until the next release?

10

pfSense has it only part of it implemented. If you don’t use any of the features listed in this post from above then you can enable it, otherwise you’ll need to wait.

11

Unfortunately Custom DHCP Options in KEA still missing.

…even in 24.03 beta.

:pensive:

12

Been no updates to the software, so will be the same until Netgate adds features to Kea DHCP