<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Gary,</div><div><br></div><div>Adding this to /etc/services seems to fix the issue:</div><div>ntp 123/tcp # Network Time Protocol<br></div><div><br></div><div>I now see:</div><div><span style="font-family:monospace,monospace">-<a href="http://pi3.rellim.com">pi3.rellim.com</a> .PPS. 1 8 4 64 37 197.8958 0.5317 0.4966<br>-<a href="http://kong.rellim.com">kong.rellim.com</a> 204.17.205.17 2 8 5 64 37 211.0267 -1.1571 0.7353<br>-104.131.155.175 204.123.2.72 2 8 3 64 37 178.6108 4.1158 0.2288<br>-178.62.68.79 17.253.34.253 2 8 - 64 37 185.7613 -2.6144 0.0452</span></div><div><br></div><div>And a snip from the log file says:</div><div>2019-03-22T07:43:48 ntpd[12580]: NTSc: nts_probe connecting to pi3.rellim.com:ntp => <a href="http://204.17.205.23:123">204.17.205.23:123</a><br>2019-03-22T07:43:49 ntpd[12580]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256)<br>2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate subject name: /CN=<a href="http://pi3.rellim.com">pi3.rellim.com</a><br>2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3<br>2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate is valid.<br>2019-03-22T07:43:49 ntpd[12580]: NTSc: read 880 bytes<br>2019-03-22T07:43:49 ntpd[12580]: NTSc: Got 8 cookies, length 104, aead=15.<br>2019-03-22T07:43:49 ntpd[12580]: NTSc: NTS-KE req to <a href="http://pi3.rellim.com">pi3.rellim.com</a> took 0.863 sec, OK<br>2019-03-22T07:43:49 ntpd[12580]: DNS: dns_check: processing <a href="http://pi3.rellim.com">pi3.rellim.com</a>, 1, 21801<br>2019-03-22T07:43:49 ntpd[12580]: DNS: Server taking: 204.17.205.23<br>2019-03-22T07:43:49 ntpd[12580]: DNS: Server poking hole in restrictions for: 204.17.205.23<br>2019-03-22T07:43:49 ntpd[12580]: DNS: dns_take_status: <a href="http://pi3.rellim.com">pi3.rellim.com</a>=>good, 0<br><br></div><div><div><div dir="ltr" class="gmail_signature">-- <br>Sanjeev Gupta<br>+65 98551208 <a href="http://www.linkedin.com/in/ghane" target="_blank">http://www.linkedin.com/in/ghane</a></div></div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 22, 2019 at 7:32 AM Sanjeev Gupta <<a href="mailto:ghane0@gmail.com">ghane0@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 22, 2019 at 7:24 AM Gary E. Miller via devel <<a href="mailto:devel@ntpsec.org" target="_blank">devel@ntpsec.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> I have been lurking and trying to set up NTS to talk to the <a href="http://rellim.com" rel="noreferrer" target="_blank">rellim.com</a><br>
> servers. This is a recent git head.<br>
<br>
Cool.<br></blockquote><div><br></div><div>I just did a git pull and rebuilt.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> My ntp.conf snippet:<br>
> <br>
> nts enable<br>
> nts cert /etc/letsencrypt/live/<a href="http://ntpmon.dcs1.biz/fullchain.pem" rel="noreferrer" target="_blank">ntpmon.dcs1.biz/fullchain.pem</a><br>
> nts key /etc/letsencrypt/live/<a href="http://ntpmon.dcs1.biz/privkey.pem" rel="noreferrer" target="_blank">ntpmon.dcs1.biz/privkey.pem</a><br>
> server <a href="http://pi3.rellim.com" rel="noreferrer" target="_blank">pi3.rellim.com</a> nts<br>
> server <a href="http://kong.rellim.com" rel="noreferrer" target="_blank">kong.rellim.com</a> nts<br>
<br>
Looks good. What is your server so I can try to connect back?<br></blockquote><div><br></div><div>My server is <a href="http://ntpmon.dcs1.biz" target="_blank">ntpmon.dcs1.biz</a> . It is in the pool, BTW.<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> Been runnig for a few hours now. ntpq -pn output:<br>
> <a href="http://pi3.rellim.com" rel="noreferrer" target="_blank">pi3.rellim.com</a> .NTS. 16 u - 1024 0 0.0000 0.0000 0.0005<br>
> <a href="http://kong.rellim.com" rel="noreferrer" target="_blank">kong.rellim.com</a> .NTS. 16 u -1024 0 0.0000 0.0000 0.0005<br>
<br>
Odd, you are not even getting the cookies.<br>
<br>
> And the log is here: <a href="https://pastebin.com/fM9uDwVi" rel="noreferrer" target="_blank">https://pastebin.com/fM9uDwVi</a><br>
<br>
Weird:<br>
<br>
2019-03-22T03:56:32 ntpd[21039]: NTSc: nts_probe: DNS error trying to contact <a href="http://pi3.rellim.com" rel="noreferrer" target="_blank">pi3.rellim.com</a>: -8, Servname not supported for ai_socktype<br>
<br>
<br>
What version of OpenSSL do you have? I'm finding that matters.<br></blockquote><div><br></div><div><span style="font-family:monospace,monospace">root@ntpmon:~/ntpsec# openssl version -a<br>OpenSSL 1.1.1a 20 Nov 2018<br>built on: Thu Nov 22 18:40:54 2018 UTC<br>platform: debian-i386<br>options: bn(64,32) rc4(1x,char) des(long) blowfish(ptr)<br>compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-5z4Qxa/openssl-1.1.1a=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2<br>OPENSSLDIR: "/usr/lib/ssl"<br>ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1"<br>Seeding source: os-specific<br></span><br></div><div>This is debian/testing, up to date.</div></div><div class="gmail_quote"><br></div><div class="gmail_quote">Thanks,<br></div><div class="gmail_quote">--</div><div class="gmail_quote">Sanjeev<br></div></div></div>
</blockquote></div>