<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 7/25/19 12:17, Gary E. Miller wrote:<br>
<blockquote type="cite"
cite="mid:20190725121753.09bf5269@rellim.com">Odd, does your
kernel not support IPv6? What does your ntp.conf
<pre class="moz-quote-pre" wrap="">look like?
I use NTS with IPv6 just fine. Try pi4.rellim.com
</pre>
</blockquote>
Yup, supports ipv6, I just normally have it disabled in
/boot/cmdline.txt - 'ipv6.disable=1'<br>
<br>
<blockquote type="cite"
cite="mid:20190725121753.09bf5269@rellim.com">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">2019-07-25T12:03:53 ntpd[21436]: NTSc: Using system default root
certificates.
2019-07-25T12:03:53 ntpd[21436]: NTS: troubles during init. Bailing.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Not really clear why it bailed...</pre>
</blockquote>
Well, it was definitely associated with ipv6 being turned off,
that's for sure - I just duplicated the config additions on the next
(identical) device, and identical failure:<br>
<br>
before enabling ipv6, full output:<br>
<br>
2019-07-25T11:31:02 ntpd[15541]: CLOCK: leapsecond file
('/var/lib/ntp/leap-seconds.list'): good hash signature<br>
2019-07-25T11:31:02 ntpd[15541]: CLOCK: leapsecond file
('/var/lib/ntp/leap-seconds.list'): loaded, expire=2019-12-28T00:00Z
last=2017-01-01T00:00Z ofs=37<br>
2019-07-25T11:31:02 ntpd[15541]: INIT: Using SO_TIMESTAMPNS<br>
2019-07-25T11:31:02 ntpd[15541]: IO: Listen and drop on 0 v4wildcard
0.0.0.0:123<br>
2019-07-25T11:31:02 ntpd[15541]: IO: Listen normally on 1 lo
127.0.0.1:123<br>
2019-07-25T11:31:02 ntpd[15541]: IO: Listen normally on 2 wlan0
192.168.1.11:123<br>
2019-07-25T11:31:02 ntpd[15541]: IO: Listening on routing socket on
fd #19 for interface updates<br>
2019-07-25T11:31:02 ntpd[15541]: SYNC: Found 10 servers, suggest
minsane at least 3<br>
2019-07-25T11:31:02 ntpd[15541]: INIT: This system has a 32-bit
time_t.<br>
2019-07-25T11:31:02 ntpd[15541]: INIT: This ntpd will fail on
2038-01-19T03:14:07Z.<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: starting NTS-KE server
listening on port 123<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: loaded certificate (chain)
from /etc/letsencrypt/live/ntpsec.anastrophe.com/fullchain.pem<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: loaded private key from
/etc/letsencrypt/live/ntpsec.anastrophe.com/privkey.pem<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: Private Key OK<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: OpenSSL security level is 2<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: listen4 worked<br>
2019-07-25T11:31:02 ntpd[15541]: NTSs: Can't create socket6:<br>
2019-07-25T11:31:02 ntpd[15541]: NTSc: Using system default root
certificates.<br>
2019-07-25T11:31:02 ntpd[15541]: NTS: troubles during init.
Bailing.<br>
<br>
after enabling, full output:<br>
<br>
2019-07-25T11:32:45 ntpd[687]: CLOCK: leapsecond file
('/var/lib/ntp/leap-seconds.list'): good hash signature<br>
2019-07-25T11:32:45 ntpd[687]: CLOCK: leapsecond file
('/var/lib/ntp/leap-seconds.list'): loaded, expire=2019-12-28T00:00Z
last=2017-01-01T00:00Z ofs=37<br>
2019-07-25T11:32:45 ntpd[687]: INIT: Using SO_TIMESTAMPNS<br>
2019-07-25T11:32:45 ntpd[687]: IO: Listen and drop on 0 v6wildcard
[::]:123<br>
2019-07-25T11:32:45 ntpd[687]: IO: Listen and drop on 1 v4wildcard
0.0.0.0:123<br>
2019-07-25T11:32:45 ntpd[687]: IO: Listen normally on 2 lo
127.0.0.1:123<br>
2019-07-25T11:32:45 ntpd[687]: IO: Listen normally on 3 lo [::1]:123<br>
2019-07-25T11:32:45 ntpd[687]: IO: Listening on routing socket on fd
#20 for interface updates<br>
2019-07-25T11:32:45 ntpd[687]: SYNC: Found 10 servers, suggest
minsane at least 3<br>
2019-07-25T11:32:45 ntpd[687]: INIT: This system has a 32-bit
time_t.<br>
2019-07-25T11:32:45 ntpd[687]: INIT: This ntpd will fail on
2038-01-19T03:14:07Z.<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: starting NTS-KE server
listening on port 123<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: loaded certificate (chain) from
/etc/letsencrypt/live/ntpsec.anastrophe.com/fullchain.pem<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: loaded private key from
/etc/letsencrypt/live/ntpsec.anastrophe.com/privkey.pem<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: Private Key OK<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: OpenSSL security level is 2<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: listen4 worked<br>
2019-07-25T11:32:45 ntpd[687]: NTSs: listen6 worked<br>
2019-07-25T11:32:45 ntpd[687]: NTSc: Using system default root
certificates.<br>
2019-07-25T11:32:54 ntpd[687]: CLOCK: time stepped by 8.221456<br>
2019-07-25T11:32:55 ntpd[687]: IO: Listen normally on 4 wlan0
192.168.1.11:123<br>
2019-07-25T11:32:55 ntpd[687]: IO: bind(22) AF_INET6
fe80::ba27:ebff:fe09:ea7b%3#123 flags 0x1 failed: Cannot assign
requested address<br>
2019-07-25T11:32:55 ntpd[687]: IO: unable to create socket on wlan0
(5) for fe80::ba27:ebff:fe09:ea7b%3#123<br>
2019-07-25T11:32:55 ntpd[687]: IO: failed to init interface for
address fe80::ba27:ebff:fe09:ea7b%3<br>
2019-07-25T11:32:55 ntpd[687]: DNS: dns_probe: ntp2.glypnod.com,
cast_flags:1, flags:21801<br>
2019-07-25T11:32:55 ntpd[687]: NTSc: DNS lookup of ntp2.glypnod.com
took 0.012 sec<br>
2019-07-25T11:32:55 ntpd[687]: NTSc: nts_probe connecting to
ntp2.glypnod.com:123 => 178.62.68.79:123<br>
2019-07-25T11:32:55 ntpd[687]: NTSc: set cert host: ntp2.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: Using TLSv1.3,
TLS_AES_256_GCM_SHA384 (256)<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate subject name:
/CN=ntp2.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate is valid.<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: matched cert host:
ntp2.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: read 880 bytes<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: Got 8 cookies, length 104,
aead=15.<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: NTS-KE req to ntp2.glypnod.com
took 0.709 sec, OK<br>
2019-07-25T11:32:56 ntpd[687]: DNS: dns_check: processing
ntp2.glypnod.com, 1, 21801<br>
2019-07-25T11:32:56 ntpd[687]: DNS: Server taking: 178.62.68.79<br>
2019-07-25T11:32:56 ntpd[687]: DNS: Server poking hole in
restrictions for: 178.62.68.79<br>
2019-07-25T11:32:56 ntpd[687]: DNS: dns_take_status:
ntp2.glypnod.com=>good, 0<br>
2019-07-25T11:32:56 ntpd[687]: DNS: dns_probe: ntp1.glypnod.com,
cast_flags:1, flags:21801<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: DNS lookup of ntp1.glypnod.com
took 0.030 sec<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: nts_probe connecting to
ntp1.glypnod.com:123 => 104.131.155.175:123<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: set cert host: ntp1.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: Using TLSv1.3,
TLS_AES_256_GCM_SHA384 (256)<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate subject name:
/CN=ntp1.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: certificate is valid.<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: matched cert host:
ntp1.glypnod.com<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: read 880 bytes<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: Got 8 cookies, length 104,
aead=15.<br>
2019-07-25T11:32:56 ntpd[687]: NTSc: NTS-KE req to ntp1.glypnod.com
took 0.158 sec, OK<br>
2019-07-25T11:32:56 ntpd[687]: DNS: dns_check: processing
ntp1.glypnod.com, 1, 21801<br>
2019-07-25T11:32:56 ntpd[687]: DNS: Server taking: 104.131.155.175<br>
2019-07-25T11:32:56 ntpd[687]: DNS: Server poking hole in
restrictions for: 104.131.155.175<br>
2019-07-25T11:32:56 ntpd[687]: DNS: dns_take_status:
ntp1.glypnod.com=>good, 0<br>
2019-07-25T11:32:57 ntpd[687]: DNS: dns_probe: pi4.rellim.com,
cast_flags:1, flags:21801<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: DNS lookup of pi4.rellim.com
took 0.005 sec<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: nts_probe connecting to
pi4.rellim.com:123 => 204.17.205.24:123<br>
2019-07-25T11:32:57 ntpd[687]: IO: Listen normally on 6 wlan0
[fe80::ba27:ebff:fe09:ea7b%3]:123<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: set cert host: pi4.rellim.com<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: Using TLSv1.2,
AES256-GCM-SHA384 (256)<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: certificate subject name:
/CN=pi4.rellim.com<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: certificate is valid.<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: matched cert host:
pi4.rellim.com<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: read 880 bytes<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: Got 8 cookies, length 104,
aead=15.<br>
2019-07-25T11:32:57 ntpd[687]: NTSc: NTS-KE req to pi4.rellim.com
took 0.285 sec, OK<br>
2019-07-25T11:32:57 ntpd[687]: DNS: dns_check: processing
pi4.rellim.com, 1, 21801<br>
2019-07-25T11:32:57 ntpd[687]: DNS: Server taking: 204.17.205.24<br>
2019-07-25T11:32:57 ntpd[687]: DNS: Server poking hole in
restrictions for: 204.17.205.24<br>
2019-07-25T11:32:57 ntpd[687]: DNS: dns_take_status:
pi4.rellim.com=>good, 0<br>
2019-07-25T11:32:58 ntpd[687]: DNS: dns_probe: ntpmon.dcs1.biz,
cast_flags:1, flags:21801<br>
2019-07-25T11:32:58 ntpd[687]: NTSc: DNS lookup of ntpmon.dcs1.biz
took 0.006 sec<br>
2019-07-25T11:32:58 ntpd[687]: NTSc: nts_probe connecting to
ntpmon.dcs1.biz:123 => 203.123.48.219:123<br>
2019-07-25T11:32:58 ntpd[687]: NTSc: set cert host: ntpmon.dcs1.biz<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: Using TLSv1.3,
TLS_AES_256_GCM_SHA384 (256)<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: certificate subject name:
/CN=ntpmon.dcs1.biz<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: certificate is valid.<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: matched cert host:
ntpmon.dcs1.biz<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: read 880 bytes<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: Got 8 cookies, length 104,
aead=15.<br>
2019-07-25T11:32:59 ntpd[687]: NTSc: NTS-KE req to ntpmon.dcs1.biz
took 0.844 sec, OK<br>
2019-07-25T11:32:59 ntpd[687]: DNS: dns_check: processing
ntpmon.dcs1.biz, 1, 21801<br>
2019-07-25T11:32:59 ntpd[687]: DNS: Server taking: 203.123.48.219<br>
2019-07-25T11:32:59 ntpd[687]: DNS: Server poking hole in
restrictions for: 203.123.48.219<br>
2019-07-25T11:32:59 ntpd[687]: DNS: dns_take_status:
ntpmon.dcs1.biz=>good, 0<br>
2019-07-25T11:32:59 ntpd[687]: DNS: dns_probe: clock.fmt.he.net,
cast_flags:1, flags:20901<br>
2019-07-25T11:32:59 ntpd[687]: DNS: dns_check: processing
clock.fmt.he.net, 1, 20901<br>
2019-07-25T11:32:59 ntpd[687]: DNS: Server taking: 66.220.9.122<br>
2019-07-25T11:32:59 ntpd[687]: DNS: Server poking hole in
restrictions for: 66.220.9.122<br>
2019-07-25T11:32:59 ntpd[687]: DNS: dns_take_status:
clock.fmt.he.net=>good, 0<br>
2019-07-25T11:33:00 ntpd[687]: DNS: dns_probe: ntp.pts0.net,
cast_flags:1, flags:20901<br>
2019-07-25T11:33:00 ntpd[687]: DNS: dns_check: processing
ntp.pts0.net, 1, 20901<br>
2019-07-25T11:33:00 ntpd[687]: DNS: Server taking: 76.14.161.109<br>
2019-07-25T11:33:00 ntpd[687]: DNS: Server poking hole in
restrictions for: 76.14.161.109<br>
2019-07-25T11:33:00 ntpd[687]: DNS: dns_take_status:
ntp.pts0.net=>good, 0<br>
2019-07-25T11:33:01 ntpd[687]: DNS: dns_probe:
ntp1.net.berkeley.edu, cast_flags:1, flags:20901<br>
2019-07-25T11:33:01 ntpd[687]: DNS: dns_check: processing
ntp1.net.berkeley.edu, 1, 20901<br>
2019-07-25T11:33:01 ntpd[687]: DNS: Server taking: 169.229.128.134<br>
2019-07-25T11:33:01 ntpd[687]: DNS: Server poking hole in
restrictions for: 169.229.128.134<br>
2019-07-25T11:33:01 ntpd[687]: DNS: dns_take_status:
ntp1.net.berkeley.edu=>good, 0<br>
2019-07-25T11:33:02 ntpd[687]: DNS: dns_probe:
stratum-1.sjc02.svwh.net, cast_flags:1, flags:20901<br>
2019-07-25T11:33:02 ntpd[687]: DNS: dns_check: processing
stratum-1.sjc02.svwh.net, 1, 20901<br>
2019-07-25T11:33:02 ntpd[687]: DNS: Server taking: 162.213.2.253<br>
2019-07-25T11:33:02 ntpd[687]: DNS: Server poking hole in
restrictions for: 162.213.2.253<br>
2019-07-25T11:33:02 ntpd[687]: DNS: dns_take_status:
stratum-1.sjc02.svwh.net=>good, 0<br>
2019-07-25T11:33:03 ntpd[687]: DNS: dns_probe: a-ntpsec,
cast_flags:1, flags:20901<br>
2019-07-25T11:33:03 ntpd[687]: DNS: dns_check: processing a-ntpsec,
1, 20901<br>
2019-07-25T11:33:03 ntpd[687]: DNS: Server taking: 192.168.1.10<br>
2019-07-25T11:33:03 ntpd[687]: DNS: dns_take_status:
a-ntpsec=>good, 0<br>
<br>
<br>
As you can see, it continued initialization, even though an ipv6
address wasn't actually assigned. So it's really only the inability
to listen on the socket, not necessarily fully functioning ipv6.<br>
<br>
<blockquote type="cite"
cite="mid:20190725121753.09bf5269@rellim.com">Why would you ever
turn off IPv6????</blockquote>
That's where the discussion would diverge and digress into details
not explicitly relevant to the NTS implementation...<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Paul Theodoropoulos
<a class="moz-txt-link-abbreviated" href="http://www.anastrophe.com">www.anastrophe.com</a></pre>
</body>
</html>