OPNsense KEA DHCP Reservations
This role manages KEA DHCPv4 static reservations in OPNsense via the REST API.
Overview
This role manages KEA DHCPv4 static reservations (MAC → IP mappings) with full CRUD operations. DHCP reservations allow static IP address assignment for equipments that don’t have network settings available. I mainly use it for my IP cameras, so I can then use firewall rules to block outbound traffic.
What This Role Does
-
Fetches existing subnets via
/api/kea/dhcpv4/search_subnetto build a CIDR → UUID lookup -
Fetches existing reservations via
/api/kea/dhcpv4/search_reservationto build a MAC → UUID lookup -
For each reservation in
opnsense_kea_dhcp_reservations_list:- Creates new reservations (MAC not in OPNsense) via
/api/kea/dhcpv4/add_reservation - Updates existing reservations (MAC exists but IP, hostname, or description differ) via
/api/kea/dhcpv4/set_reservation
- Creates new reservations (MAC not in OPNsense) via
-
Deletes reservations not in the list via
/api/kea/dhcpv4/del_reservation(list is source of truth) -
If any changes were made: reconfigures KEA service via
/api/kea/service/reconfigure -
Displays a summary with the count of created, updated, and deleted reservations
Role Variables
| Variable | Description |
|---|---|
vault_opnsense_bjoffrey_user_api_key | OPNsense API key (from vault) |
vault_opnsense_bjoffrey_user_api_secret | OPNsense API secret (from vault) |
opnsense_kea_dhcp_reservations_list | List of static reservations |
Reservation definition fields:
| Field | Description |
|-------|----------|-------------|
| subnet | Subnet CIDR (must match existing subnet) |
| ip_address | Static IP to assign |
| hw_address | MAC address (lowercase, colon-separated) |
| hostname | Optional hostname |
| description | Optional description |
Notes
- Reservations not in
opnsense_kea_dhcp_reservations_listare deleted (list is source of truth) - Run
opnsense_kea_dhcp_subnetsbefore this role