kea-dhcp4 Failure

2026-04-11 (Last Modified: 2026-04-12)

A Dell PowerEdge 530 serves as my house network’s router, firewall, DNS and NTP server. Today, pacman -Syu updated the Kea DHCP daemon from Arch version 3.0.3-1 to 3.0.3-6. The updated daemon wasn’t serving DHCP.

I noticed that kea was getting an update when pacman downloaded the package file. Since I’ve had trouble with kea-dhcp4 in the past, I casually checked in on it after pacman finished.

$ sudo systemctl status kea-dhcp4

Some error like this appeared:

“Unable to use interprocess sync lockfile (Permission denied): /run/lock/kea/logger_lockfile”

I restarted it: sudo systemctl restart kea-dhcp4. This time, kea-dhcp4 exited with a different error message.

I didn’t have the gumption to fix it, so I watched YouTube videos until my laptop’s DHCP lease expired. The laptop stayed connected to WiFi, and had an IPv6 address. So I used IPv6 link-local addresses to get to my Dell. See further below.

Diagnosis

Once I got logged in to my server, I used something like journalctl -u kea-dhcp4 --since '1 hour ago' to see what messages kea-dhcp4 logged before it quit.

Apr 11 16:48:44 monarch kea-dhcp4[1120]: INFO  DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases4.csv
Apr 11 16:48:44 monarch kea-dhcp4[1120]: ERROR DHCPSRV_MEMFILE_FAILED_TO_OPEN Could not open lease file: unable to open '/var/lib/kea/kea-leases4.csv'
Apr 11 16:48:44 monarch kea-dhcp4[1120]: ERROR DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv'
Apr 11 16:48:44 monarch kea-dhcp4[1120]: 2026-04-11 16:48:44.668 ERROR [kea-dhcp4.dhcp4/1120.118864029136768] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv'

I don’t know why the error was different on the restart, but it looked like /var/lib/kea/kea-leases4.csv had an owner or permissions that prevented kea-dhcp4 from reading the file.

$ sudo ls -l /var/lib/kea
total 8
-rw-r----- 1 root root 3043 Apr 11 16:35 kea-leases4.csv
-rw-r----- 1 root root 2072 Apr 11 15:54 kea-leases4.csv.2

I’m not sure why there’s a .csv and a .csv.2 file, both dated today.

Remedy

Since directory /var/lib/kea/ had kea:kea ownership, I made the two files in it owned by kea:kea.

$ sudo chown kea:kea /var/lib/kea/kea-leases4.csv
$ sudo chown kea:kea /var/lib/kea/kea-leases4.csv.2
$ sudo systemctl restart kea-dhcp4.service

Doing journalctl -f -u kea-dhcp4, I could see various IPv4 addresses getting assigned to my WiFi access points, and ultimately, my laptop.

I do not know why /var/lib/kea/kea-leases4.csv was owned by root. The new kea package was an Arch Linux package upgrade, not a “bugfix” dot version upgrade.

IPv6: sometimes useful

Here’s roughly what my home network looks like:

representation of my home network

When my laptop’s DHCP lease ran out, it no longer had an IPv4 address. My laptop was still connected to my network via one of the WiFi access points velop1, velop2, velop3, which are each connected to a different ethernet port on the Dell 530.

Both my laptop and my server have link-local IPv6 addresses. I am running “dual stack” on my home network, despite CenturyLink’s inability to give out IPv6 prefixes. Everything that can, has a SLAAC-assigned IPv6 address. There is a “DHCP6” protocol, but I don’t have a server for it running.

I have used link-local IPv6 addresses to get to my Dell 530 when DHCP and/or DNS failed me in the past. I had 3 IPv6 addresses in my laptop’s /etc/hosts file, one each for eno1, eno2, eno4 interface. I did not remember what IPv4 address my laptop had before the lease expired, so I didn’t know which Dell 530 ethernet interface’s IPv6 address to try. I realized I could ping each link-local address was on the WiFi access point’s broadcast segment.

$ ping fe80::46a8:42ff:fe2d:c258%wlp0s20f3

Even though I had hostnames assigned to the various interface’s IPv6 addresses in /etc/hosts, I could not get the hostnames to ping. I had to use raw IPv6 addresses with a %$INTERFACE suffix.

$ ssh fe80::46a8:42ff:fe2d:c258%wlp0s20f3

Got me shell access to the Dell 530 without DNS or DHCP working.