ntpMerlin ntpMerlin v3.x

[Jack Yaz]

Looks like Entware just published chrony-nts.

vnstat2 as well. I suppose i just lost my weekend

 

[dave14305]

vnstat2 as well. I suppose i just lost my weekend

But you gained a...yeah, you’re toast.

 

[MvW]

But you gained a...yeah, you’re toast.

Jack be like:

 

[Jack Yaz]

Jack be like:

View attachment 32972

jack be like

ntpmerlin develop

for anyone desperate to try out NTS support. assuming the upgrade completes, use option 3 to uncomment (delete the !) on the nts line.

you can check chrony is using NTS by running

chronyc -N authdata

The KeyID, Type, and KLen columns should have non-zero values. If they are zero, check the system log for error messages from chronyd.
(source https://fedoramagazine.org/secure-ntp-with-nts/)

 

[Jack Yaz]

But you gained a...yeah, you’re toast.

i saw a challenge, ntpmerlin hopefully ready already! vnstat2 has a lot more to consider (did someone say it uses SQLite as the database in v2, what could that lead to? )

 

[MvW]

Jack's enjoying an early weekend. Great work! Will this update on chronyd still answer requests to downstream servers on port 123 and sync itself on 4460 on upstream servers?

marco@RT-AC86U:/tmp/home/root# chronyc -N authdata
Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
=========================================================================
nts.time.nl                  NTS     1   15  256   47    0    0    8  104
time.cloudflare.com          NTS     1   15  256   48    0    0    8  100
time.cloudflare.com          NTS     1   15  256   47    0    0    7  100

Now only to look for some more NTS ready servers. The default nl.pool.ntp servers error out, saying there's no route to host to port 4460.

 

[Jack Yaz]

Jack's enjoying an early weekend. Great work! Will this update on chronyd still answer requests to downstream servers on port 123 and sync itself on 4460 on upstream servers?

marco@RT-AC86U:/tmp/home/root# chronyc -N authdata
Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
=========================================================================
nts.time.nl                  NTS     1   15  256   47    0    0    8  104
time.cloudflare.com          NTS     1   15  256   48    0    0    8  100
time.cloudflare.com          NTS     1   15  256   47    0    0    7  100

Now only to look for some more NTS ready servers. The default nl.pool.ntp servers error out, saying there's no route to host to port 4460.

client side (i.e. stuff connected to your router) should be unaffected. NTS is used for chrony to upstream, local clients will be unaware of NTS

 

[MvW]

Updated list:

pool time.cloudflare.com iburst nts # Anycast - Stratum 3
server netmon2.dcs1.biz iburst nts # Singapore - Stratum 2
server ntp1.glypnod.com iburst nts # San Fransisco - Stratum 2
server ntp2.glypnod.com iburst nts # London - Stratum 2
server ntpmon.dcs1.biz iburst nts # Singapore - Stratum 1
server nts.netnod.se iburst nts # Stockholm, Sweden
server nts.ntp.se iburst nts # Stockholm, Sweden
server nts.sth1.ntp.se iburst nts # Stockholm, Sweden
server nts.sth2.ntp.se iburst nts # Stockholm, Sweden
server nts.time.nl iburst nts # Amsterdam, The Netherlands - Stratum 2
server ptbtime1.ptb.de iburst nts  # Braunschweig, Germany - Stratum 1
server ptbtime2.ptb.de iburst nts # Braunschweig, Germany - Stratum 1
server ptbtime3.ptb.de iburst nts  # Braunschweig, Germany - Stratum 1
server timemaster.evangineer.net iburst nts # Diemen, The Netherlands

Comment: If you still have ptbnts[123].ptb.de in your config please remove them, as they are no longer operational. They have been replaced permanently by ptbtime[123].ptb.de, so please change this accordingly in your chrony.conf.
I've added a comment with the location of the server. Not sure whether a comment behind a line could cause trouble in chronyd.conf, so if you seen any errors, please remove the comment including the hashtag.

 

[JohnD5000]

vnstat2 as well. I suppose i just lost my weekend

Should we have this now? I just checked and it looks like my version is 1.18

 

[MvW]

Should we have this now? I just checked and it looks like my version is 1.18

Hold your horses, the weekend ain’t over yet. The man just finished chronyd-nts on his Friday afternoon

 

[MvW]

From Mr. NTS himself I got a swift reply:

hey Marco,
good question..

I don’t think there is a public list. Maybe this helps:

ptbnts1.ptb.de (https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/chain.txt)
ptbnts2.ptb.de
ptbnts3.ptb.de
nts.ntp.se:3443
nts.sth1.ntp.se:4460
nts.sth2.ntp.se:4460
time.cloudflare.com:1234
timemaster.evangineer.net:4460
nts1.time.nl:123
ntp1.glypnod.com:4460
ntp2.glypnod.com:4460
ntpmon.dcs1.biz:4460
ntpmon.dcs1.biz:123
netmon2.dcs1.biz:123

—————————————–
the standardized NTS port is now 4460/tcp. So maybe the ports above are now 4460.

ptbnts1.ptb.de is now the official NTS-secured time server of germany and central europe.

have a nice day (⊙ヮ⊙)
-martin-

 

[MvW]

And another addition:

oh… for germany the new server is: ptbtime1.ptb.de and it uses Lets Encrypt vertificates
ptbtime2.ptb.de and ptbtime3.ptb.de should be online in 1-2 weeks.
time.cloudflare.com is also fine

-martin-

Martin Langer commented on Setting up NTS-Secured NTP with NTPsec. in response to Marco: Thanks for the quick reply and the effort you’ve put in NTS. I hope we can extend NTS for PTP soon (https://datatracker.ietf.org/doc/draft-langer-ntp-nts-for-ptp/) let me know if you have any questions -martin-

 

[JohnD5000]

Hold your horses, the weekend ain’t over yet. The man just finished chronyd-nts on his Friday afternoon

isn't vnstat entware? So, if vnstat has been upgraded to v2 shouldn't my vnstat show v2? I checked with amtm and it shows up to date

 

[Jack Yaz]

Should we have this now? I just checked and it looks like my version is 1.18

it's a totally separate package. @dev_null and i will need to discuss how we handle migrating

 

[XIII]

you can check chrony is using NTS by running

chronyc -N authdata

The KeyID, Type, and KLen columns should have non-zero values. If they are zero, check the system log for error messages from chronyd.
(source https://fedoramagazine.org/secure-ntp-with-nts/)

Unfortunately I get zero's and this:

Apr  9 18:12:46 chronyd[16150]: Missing NTS support

What am I doing wrong?

EDIT: probably this...

http://www.snbforums.com/threads/ntpmerlin-v3-x.68508/post-654666

 

[MvW]

Unfortunately I get zero's and this:

Apr  9 18:12:46 chronyd[16150]: Missing NTS support

What am I doing wrong?

EDIT: probably this...

http://www.snbforums.com/threads/ntpmerlin-v3-x.68508/post-654666

Have you switched to the develop branch and modified chronyd.conf to use NTS?

ntpMerlin - ntpMerlin v3.x

Looks like Entware just published chrony-nts. vnstat2 as well. I suppose i just lost my weekend

www.snbforums.com

 

[MvW]

@Jack Yaz : do you append the port number 4460? Because in the list Martin Langer (the developer) provided, some require different port numbers. Is it possible to have chronyd recognize that no portnumber means :4460 and that it otherwise should respect the port number in chronyd.conf and not overwrite it?

 

[heysoundude]

may I make a request?
I really like the logarithmic scale in spdMerlin - can we get that for ntpMerlin at some point as well please? I'll really smooth out the wee variations over time that don't matter in the big picture

 

[XIII]

Have you switched to the develop branch and modified chronyd.conf to use NTS?

No...

I did not recognize we had to run that... (because of the “Jack be like”)

 

[DanNuke86]

chronyc -N authdata
Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
=========================================================================
time.cloudflare.com          NTS     1   15  256  111    0    0    8  100
time.cloudflare.com          NTS     1   15  256  110    0    0    8  100
nts.time.nl                  NTS     1   15  256  111    0    0    8  104
nts.ntp.se                   NTS     1   15  256  110    0    0    8  100
nts.sth1.ntp.se              NTS     1   15  256  109    0    0    8  100
nts.sth2.ntp.se              NTS     1   15  256  110    0    0    8  100
ntp2.glypnod.com             NTS     1   15  256  111    0    0    6  104
ntp1.glypnod.com             NTS     1   15  256  112    0    0    1  104
ptbnts2.ptb.de               NTS     1   15  256  112    0    0    6  100
ptbnts3.ptb.de               NTS     1   15  256  110    0    0    5  100
ptbtime1.ptb.de              NTS     1   15  256  110    0    0    8  100
ntpmon.dcs1.biz              NTS     1   15  256  111    0    0    2  104
netmon2.dcs1.biz             NTS     1   15  256  111    0    0    0    0

chronyc -N sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ time.cloudflare.com           3   5   177    11   +651us[ +512us] +/-   15ms
^* time.cloudflare.com           3   5   377     6  +1085us[ +947us] +/-   15ms
^- nts.time.nl                   2   5   377    37  -2368us[-2508us] +/-   57ms
^+ nts.ntp.se                    2   3   377     2  -1514us[-1514us] +/-   26ms
^+ nts.sth1.ntp.se               2   3   377     1  -9816us[-9816us] +/-   34ms
^- nts.sth2.ntp.se               2   3   377     2  -1593us[-1593us] +/-   26ms
^+ ntp2.glypnod.com              2   5    42    86   +497us[  +72us] +/-   20ms
^- ntp1.glypnod.com              2   5   100   109  -2561us[-2969us] +/-   88ms
^+ ptbnts2.ptb.de                1   5    76    77   -764us[-1188us] +/-   20ms
^+ ptbnts3.ptb.de                1   5   324   103  -1116us[-1544us] +/-   21ms
^+ ptbtime1.ptb.de               1   5    17    36   -666us[ -805us] +/-   21ms
^- ntpmon.dcs1.biz               1   5   100   108    +58ms[  +57ms] +/-  165ms
^- netmon2.dcs1.biz              2   5   200   109  +9447us[+9040us] +/-  163ms

chronyc tracking
Reference ID    : A29FC801 (time.cloudflare.com)
Stratum         : 4
Ref time (UTC)  : Fri Apr 09 16:58:57 2021
System time     : 0.000108182 seconds slow of NTP time
Last offset     : +0.000034297 seconds
RMS offset      : 0.000086560 seconds
Frequency       : 7.057 ppm slow
Residual freq   : -0.001 ppm
Skew            : 0.150 ppm
Root delay      : 0.026707981 seconds
Root dispersion : 0.000552623 seconds
Update interval : 65.1 seconds
Leap status     : Normal

@Jack Yaz All working well for me here. Just debating whether or not to ditch Cloudflare in favour of the ptbtime1.ptb.de server as its Stratum 1 instead.. Thoughts?