OPNsense KEA DHCP Settings
This role configures general KEA DHCPv4 settings in OPNsense via the REST API.
Overview
This role configures general KEA DHCPv4 settings in OPNsense via the REST API. It configures listening interfaces, DHCP lease time, and other settings.
What This Role Does
-
Fetches current KEA DHCPv4 configuration via
/api/kea/dhcpv4/get -
Compares current settings with the desired state (enabled flag, listening interfaces, lease lifetime, firewall rules flag, socket type)
-
If settings differ: updates via
/api/kea/dhcpv4/set -
If updated: reconfigures KEA service via
/api/kea/service/reconfigure -
Displays status: whether settings were updated or already up to date
Role Variables
| Variable | Description |
|---|---|
vault_opnsense_bjoffrey_user_api_key | OPNsense API key (from vault) |
vault_opnsense_bjoffrey_user_api_secret | OPNsense API secret (from vault) |
opnsense_kea_dhcp_settings_general | General KEA DHCP configuration |
Settings structure:
opnsense_kea_dhcp_settings_general:
enabled: "1" # Enable KEA DHCP
interfaces: # Interfaces to serve DHCP (use opt codes)
- opt1 # VLAN10Management
- opt2 # VLAN12Servers
valid_lifetime: "21600" # Lease time in seconds (6 hours default)
fwrules: "1" # Auto-create firewall rules for DHCP
dhcp_socket_type: "raw" # raw or udp
Interface codes:
| Code | Interface |
|---|---|
opt1 | VLAN10Management |
opt2 | VLAN12Servers |
opt3 | VLAN14Desktops |
opt4 | VLAN16WifiTrusted |
opt5 | VLAN18WifiGuest |
opt6 | VLAN20WifiCCTV |
opt7 | VLAN22EthernetGuest |
Notes
- Run this role before
opnsense_kea_dhcp_subnetsandopnsense_kea_dhcp_reservations fwrules: "1"automatically creates OPNsense firewall rules to allow DHCP traffic