[lug] NTP question (crypto)
Bear Giles
bgiles at coyotesong.com
Sun Mar 23 15:58:18 MST 2003
Nate Duehr wrote:
> If you really want to get fancy, have your network admin turn on multicast
> support across the "right" routers in your network and use ntp's ability to
> multicast time sync info... and ntp's key exchanges for security... and...
> (oh there's a ton of "stuff" in ntp... it's cool).
Has anyone managed to get the "autokey pubkey" stuff to work? I
seem to have success, but the times never sync.
The config lines in question are:
eris:
peer 192.168.1.2 autokey publickey ntpkey_chaos
chaos:
peer 192.168.1.3 autokey publickey ntpkey_eris
peer 216.38.55.238 autokey publickey ntpkey_kestrel
kestrel:
peer xx.xx.xx.xx autokey publickey ntpkey_chaos
(where kestrel is in the colocation facility and refers back to my
cable modem firewall. UDP port 123 is forwarded to chaos.)
I've seen chaos claim to be syncing to eris, but not kestrel.
Neither kestrel nor eris sync to chaos. Perhaps significantly,
chaos can use tummy at an AT&T router as a time server, but eris
can't.
All systems using current ntp version.
The current peerstats are:
eris: f0f4
chaos: not showing recent stats for either system
kestrel: not showing recent stats for chaos
(As an aside, where are the peerstats flags documented? I can't
find anything, not even in the source.)
Bear
More information about the LUG
mailing list