Testing NTPSec with NTS

Sanjeev Gupta ghane0 at gmail.com
Thu Mar 21 23:32:12 UTC 2019 

On Fri, Mar 22, 2019 at 7:24 AM Gary E. Miller via devel <devel at ntpsec.org>
wrote:

> > I have been lurking and trying to set up NTS to talk to the rellim.com
> > servers.  This is a recent git head.
>
> Cool.
>

I just did a git pull and rebuilt.


> > My ntp.conf snippet:
> >
> > nts enable
> > nts cert /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem
> > nts key /etc/letsencrypt/live/ntpmon.dcs1.biz/privkey.pem
> > server pi3.rellim.com nts
> > server kong.rellim.com nts
>
> Looks good.  What is your server so I can try to connect back?
>

My server is ntpmon.dcs1.biz .  It is in the pool, BTW.

> Been runnig for a few hours now.  ntpq -pn output:
> >  pi3.rellim.com  .NTS.   16 u   - 1024 0   0.0000   0.0000   0.0005
> >  kong.rellim.com .NTS.   16 u    -1024 0   0.0000   0.0000   0.0005
>
> Odd, you are not even getting the cookies.
>
> > And the log is here:  https://pastebin.com/fM9uDwVi
>
> Weird:
>
>  2019-03-22T03:56:32 ntpd[21039]: NTSc: nts_probe: DNS error trying to
> contact pi3.rellim.com: -8, Servname not supported for ai_socktype
>
>
> What version of OpenSSL do you have?  I'm finding that matters.
>

root at ntpmon:~/ntpsec# openssl version -a
OpenSSL 1.1.1a  20 Nov 2018
built on: Thu Nov 22 18:40:54 2018 UTC
platform: debian-i386
options:  bn(64,32) rc4(1x,char) des(long) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g
-O2 -fdebug-prefix-map=/build/openssl-5z4Qxa/openssl-1.1.1a=.
-fstack-protector-strong -Wformat -Werror=format-security
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM
-DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time
-D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1"
Seeding source: os-specific

This is debian/testing, up to date.

Thanks,
--
Sanjeev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190322/5b4a7621/attachment.html>

More information about the devel mailing list