NTS update

Gary E. Miller gem at rellim.com
Thu Mar 21 00:15:04 UTC 2019


Yo Hal!

On Wed, 20 Mar 2019 17:01:31 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:

> > server 204.17.205.8 nts maxpoll 5 # spidey
> > Now the server starts as before, then, silently dies...   
> 
> Usually it logs a useful message before it exits.

First thing I tried.

>  If you can't find
> one, please try gdb.

That will take a while...

> It doesn't make sense to use "nts" with an IP Address if you expect
> to do certificate checking.  For that, you need a FQDN.

Uh, no.  You can get easily get the FQDN from the IP.

Also, since there is no way to specify IPv4 or IPv6, the only way
I can make this work is by IP.

You need to add a option to force IPv4 or IPv6.

> Have you setup the nts server on spidey?

Yes.  NTS-KE is now running on:
	kong.rellim.com
        spidey.rellim.com

At least according to netstat.   You should be able to access both.

So how about you try to connect to one of them?

?  Normally, you would add the
> "nts" on a server line on the client.

I can't get them to work as clients, it crashes, silently.  They are
both servers now.

>  (Your "server starts as
> before" makes me think you added the "nts" line to one of the server
> lines on the system that now has the server side enabled)

Yes.  kong has:

# nts
nts enable
nts cert /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
nts key /etc/letsencrypt/live/kong.rellim.com/privkey.pem

Spidey has:

# nts
nts enable
nts cert /etc/letsencrypt/live/spidey.rellim.com/fullchain.pem
nts key /etc/letsencrypt/live/spidey.rellim.com/privkey.pem

Those seem to work.  When I try to add a client to kong, it crashes:

server 204.17.205.8 maxpoll 5 # spidey

Or:

server spidey.rellim.com nts maxpoll 5 # spidey

But I really need the ipv4/ipv6 option if you insist on using name
instead of looking up the FQDN from the IP.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190320/b4c94d47/attachment.bin>


More information about the devel mailing list