NTS not 'working', likely operator error
Hal Murray
halmurray at sonic.net
Tue Apr 9 03:05:26 UTC 2024
> root@ 64bit A-NTPsec: ~ # tcpdump port 4460
Thet's just the TCP/TLS connection to get the initial cookies.
I tried nts.anastrophe.com from here. It works without NTS and doesn't work
with NTS.
> Thanks. No packet filters in evidence, based both on my control of the
> router, the fully functional NTP traffic, and the initializing NTS traffic
> on port 4460 that appears during setup after restarting ntpsec. And it's not
> blocked by my ISP - https://www.xfinity.com/support/articles/
> list-of-blocked-ports
My best guess is tha Comcast is not totally blocking port 123, but doing
something like filtering out anything over 48 bytes long.
How is your contact with their support? If you can find the right person they
can probably confirm that.
We/you could do some experiments. Setup a UDP echo server on port 123. Write
a client that tests various lengths. [You will have to turn off ntpd to free
up port 123.]
I'll send you some crufty code if you don't want to write it.
--
These are my opinions. I hate spam.
More information about the users
mailing list