Re: [ntp:questions] help needed for ntpd ipv6 setup
W dniu 2010-11-29 21:37, Marc-Andre Alpers pisze: Hello! Have nobody a solution or idea wat is wrong with my server? Hello, I think this is the same bug : http://bugs.gentoo.org/326209 . I have got very similar problem. Regars ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
horhe, I can't speak to the versions used by other repackagers, but the current ntp-dev version interprets a nonzero broadest delay option as defeating the calibration volley for all broadcast and multicast clients. This is why it replaced the novolley option of the broadcast client command. If this turns out not to be the case, a bug report is suggested. Dave horhe wrote: W dniu 2010-11-29 21:37, Marc-Andre Alpers pisze: Hello! Have nobody a solution or idea wat is wrong with my server? Hello, I think this is the same bug : http://bugs.gentoo.org/326209 . I have got very similar problem. Regars ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
Es schrieb horhe: Hello, I think this is the same bug : http://bugs.gentoo.org/326209 . I have got very similar problem. Thanks. This was the point. My Linux Kernel is grsec enabled by default. When i load a non grsec Kernel, then ntp works fine on ipv6. MfG Marc-Andre Alpers ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
Marc-Andre Alpers wrote: Es schrieb horhe: I think this is the same bug : http://bugs.gentoo.org/326209 I have got very similar problem. Thanks. This was the point. My Linux Kernel is grsec enabled by default. When i load a non grsec Kernel, then ntp works fine on ipv6. A quick google shows plenty of potentially related results http://www.google.com/search?q=%2Bgrsec+NTP+IPv6 e.g. http://bugs.gentoo.org/show_bug.cgi?format=multipleid=326209 with grsec NTPd as root IPv6 worked, NTPd as user IPv6 didn't ... BlockQuote This problem occurs because ntpd does not have the needed privileges to access /proc/net/if_inet6 when not run as root (USE=caps). You can reconfigure to getthe same level of security by deselecting CONFIG_GRKERNSEC_PROC_USER and selecting CONFIG_GRKERNSEC_PROC_USERGROUP instead. You can then add the ntp user to the GID for the special group to get it to read the needed info from /proc. /BlockQuote The above aside; Have you tried a current NTPd 4.2.7 ? In the last three years since the NTP 4.2.4p4 that you mentioned you were using, a lot of things have been worked on, IPv6 among them, e.g. http://ntp.bkbits.net:8080/ntp-dev/?PAGE=searchEXPR=IPv6SEARCH=ChangeSet+comments ChangeSet 1.2082.4.156 IPv6 addresses in selecting default multicast source addresses. 1.2259 [Bug 1715] sntp utilitiesTest.IPv6Address failed. 1.2082.22.21 [Bug 1080] ntpd on ipv6 routers very chatty. 1.2082.4.97 [Bug 715] libisc Linux IPv6 interface iteration drops multicast flags. 1.2110.1.1 support for IPv6. 1.2082.4.41 Remove ipv6.c as unnecessary 1.2060.10.1 [Bug 1358] AIX 4.3 sntp/networking.c IPV6_JOIN_GROUP undeclared. 1.2060.3.1 [Bug 1343] lib/isc build breaks on systems without IPv6 headers. 1.2058 [Bug 1342] ignore|drop one IPv6 address on an interface blocks all 1.2037 fix ipv4/ipv6 which are not equivalent in the libopts sense 1.2026.1.1 [Bug 1324] support bracketed IPv6 numeric addresses for restrict. 1.2005 Ensure IPv6 localhost address ::1 is included in libisc's Windows IPv6 1.1935 [Bug 1272] gsoc_sntp IPv6 build problems under HP-UX 10. 1.1926 [Bug 1270] CID 70: gsoc_sntp recv_bcst_data mdevadr.ipv6mr_interface 1.1881.2.2 it safe to initialize ipv4_works and ipv6_works before init_io() 1.1881.2.1 3 weeks of changes including IPv6 on Windows which was 1.1873.1.1 some previously separate IPv4/IPv6 paths into a single codepath. 1.1875 [Bug 1200] Enable IPv6 in Windows port 1.1867 [Bug 320] restrict default should apply to both IPv4 and IPv6 1.1735.1.63 IPv6 interfaces were being looked for twice; fix bug 474 1.1735.4.4 [Bug 828] Fix IPv4/IPv6 address parsing 1.1739.1.6 hack ISC_PLATFORM_HAVEIPV6 1.1436.9.5 [Bug 977] Fix mismatching #ifdefs for builds without IPv6 1.1690 [Bug 977] Fix mismatching #ifdefs for builds without IPv6 1.1642 [Bug 828] correct IPv6 address parsing 1.1600 [Bug 771] compare scopeid if available for IPv6 addresses 1.1600 Bug 771: compare scopeid if available for IPv6 addresses 1.1379.1.49 when attempting to send to an IPv6 address of a local interface. -- E-Mail Sent to this address blackl...@anitech-systems.com will be added to the BlackLists. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
Hello! Have nobody a solution or idea wat is wrong with my server? This works: r34210:/home/marc-andre# ntpq -p -4 127.0.0.1 remote refid st t when poll reach delay offset jitter == *ntp0.ovh.net.GPS.1 u 60 6470.5080.929 0.134 chime1.surfnet. .GPS.1 u 58 647 10.5393.037 0.026 chime2.surfnet. .GPS.1 u 58 647 17.3824.859 0.107 ntp0.nl.uu.net .PPS.1 u 54 647 13.025 -0.139 0.181 ntp1.nl.uu.net .PPS.1 u 55 647 12.048 -0.045 0.120 adsl.remco.org .GPS.1 u 54 647 22.7364.901 0.224 2001:41d0:2:1a8 .INIT. 16 -- 6400.0000.000 0.000 r34210:/home/marc-andre# This not: r34210:/home/marc-andre# ntpq -p -6 ::1 ::1: timed out, nothing received ***Request timed out But on my home linux box it works: marc-an...@lanserver:~$ ntpq -p -6 ::1 remote refid st t when poll reach delay offset jitter == *GENERIC(0) .DCFa. 0 l 60 64 3770.000 -0.334 1.130 -fritz.box 52.76.120.1472 u 49 64 3770.8294.623 1.234 -r34210.ovh.net 213.251.128.249 2 u 41 64 377 24.4380.256 0.838 -elara.fnutt.net 192.36.143.151 2 u 37 64 377 22.845 -0.562 2.080 -dexter.wzw.tum. 134.34.3.18 2 u 13 64 377 28.4480.397 0.844 +ptbtime1.ptb.de .PTB.1 u 29 64 377 13.8881.475 0.599 -2003:0:4:ff::ff .GPS.1 u 57 64 377 54.314 -6.705 1.261 -2003:0:8:ff::ff .GPS.1 u 39 64 377 51.726 -6.537 0.663 marc-an...@lanserver:~$ Netstat on my dedicated server shows: r34210:/home/marc-andre# netstat -6lu Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State udp6 0 0 ip6-localhost:domain[::]:* udp6 0 0 [::]:ntp[::]:* r34210:/home/marc-andre# But my home linux shows this. On all ipv6 adresses is listening. marc-an...@lanserver:~$ netstat -6lu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp6 0 0 fe80::209:5bff:fe60:ntp [::]:* udp6 0 0 2a01:198:31d:1:209::ntp [::]:* udp6 0 0 localhost:ntp [::]:* udp6 0 0 [::]:ntp[::]:* udp6 0 0 [::]:domain [::]:* udp6 0 0 [::]:64738 [::]:* marc-an...@lanserver:~$ In tcpdump i can see that packet arrived my dedicated server. But he does not answer. r34210:/home/marc-andre# tcpdump ip6 and udp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 21:15:47.803245 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48 21:15:49.802749 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48 21:15:51.803041 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48 21:15:53.803585 IP6 2a01:198:31d:1:7488:d3c2:6218:abb9.ntp 2001:41d0:2:1a88::1.ntp: NTPv4, Client, length 48 NTP Version on dedicatet server comes from Debian: version=ntpd 4.2@1.1520-o Sun Nov 22 16:14:34 UTC 2009 (1) processor=x86_64, system=Linux/2.6.32.2--grs-ipv6-64 My home Linux run ubuntu 10.10: version=ntpd 4.2@1.1612-o Fri Apr 9 00:28:40 UTC 2010 (1), processor=i686, system=Linux/2.6.32-26-generic-pae Thanks in advance. Best regards Marc-Andre Alpers ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
Steve Kostecke wrote: Is the ipv6 module loaded? IPv6 is build into the kernel. Do any of your network interfaces hae IPv6 addresses? Yes, i can tracert IPv6 hosts. traceroute to www.heise.de (2a02:2e0:3fe:100::7), 30 hops max, 40 byte packets 1 2001:41d0:2:1aff:ff:ff:ff:ff 7.345 ms * * 2 2001:41d0::792 16.711 ms * * 3 2001:7f8::3012:0:1 9.224 ms 9.153 ms 9.146 ms 4 2a02:2e0:1::1e 9.691 ms 9.586 ms 9.580 ms 5 2a02:2e0:3fe:100::7 9.964 ms 9.932 ms 9.852 ms # And i can reach my server via IPv6 on SSH and HTTP. Do you have IPv6 connectivity to your remote time servers? I have ipv6.remco.org in my config. But NTP will connect with this server. # ntpq -pn remote refid st t when poll reach delay offset jitter == *213.251.128.249 .GPS.1 u 10 64 3770.538 -0.029 0.091 +192.87.106.2.GPS.1 u9 64 377 11.1622.495 0.158 +192.87.36.4 .GPS.1 u7 64 377 14.5612.473 0.171 -193.67.79.202 .PPS.1 u5 64 377 13.194 -0.902 0.096 -193.79.237.14 .PPS.1 u2 64 377 12.219 -0.883 0.122 -80.127.4.179.GPS.1 u5 64 377 22.2664.001 0.179 2001:888:1031:: .INIT. 16 -- 6400.0000.000 0.000 # But ntpdate works fine. #ntpdate -q ipv6.remco.org server 2001:888:1031::1, stratum 1, offset 0.002860, delay 0.05827 15 Nov 12:34:07 ntpdate[6869]: adjust time server 2001:888:1031::1 offset 0.002860 sec # Best regards Marc-Andre Alpers ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
On 2010-11-14, Marc-Andre Alpers m-a.alp...@web.de wrote: Hal Murray wrote: First, I'd check the simpler solution of does the version of ntpd he is running support IPv6. What does netstat -ul say? I have the same problem on my dedicated server. NTPd with IPv4 works fine but IPv6 not. Netstat shows: udp 0 0 *:ntp *:* udp6 0 0 [::]:ntp [::]:* I use Debian Linux and ntpd - NTP daemon program - Ver. 4.2.4p4. Is the ipv6 module loaded? Do any of your network interfaces hae IPv6 addresses? Do you have IPv6 connectivity to your remote time servers? -- Steve Kostecke koste...@ntp.org NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
Hal Murray wrote: First, I'd check the simpler solution of does the version of ntpd he is running support IPv6. What does netstat -ul say? I have the same problem on my dedicated server. NTPd with IPv4 works fine but IPv6 not. Netstat shows: udp0 0 *:ntp *:* udp6 0 0 [::]:ntp[::]:* I use Debian Linux and ntpd - NTP daemon program - Ver. 4.2.4p4. Best regards Marc-Andre Alpers ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
In article ibdgsl$40...@news.eternal-september.org, David Woolley da...@ex.djwhome.demon.invalid writes: joan lee wrote: Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102 + are received properly, but instead of replying with NTP server messages, + PC1 is sending ICMPV6 unreachable (administratively prohibited) messages. Could anybody gives me some hint on why NTPD ignores the IPv6 NTP + client messages? Administratively prohibited doesn't sound like a condition than an application program can generate. I would look at your firewall. First, I'd check the simpler solution of does the version of ntpd he is running support IPv6. What does netstat -ul say? -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] help needed for ntpd ipv6 setup
I have two linux PCs, both running fedora 11 with NTP ver. 4.2.4p7. PC1 has 192.168.1.1 and 2002::c0a9:0101 addresses PC2 has 192.168.1.2 and 2002::c0a9:0102 addresses ntpd is running on PC1. on PC2 ntpdate 192.168.1.1 returned good timing from PC1 But ntpdate 2002::c0a9:0101 did not work Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102 are received properly, but instead of replying with NTP server messages, PC1 is sending ICMPV6 unreachable (administratively prohibited) messages. Yet from PC1 ping6 2002:c0a9:0102 works fine. On PC1 ntpdate -u 2002::c0a9:0101 also works via loopback interface. Could anybody gives me some hint on why NTPD ignores the IPv6 NTP client messages? Thanks, Joan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help needed for ntpd ipv6 setup
joan lee wrote: Wireshark runs on PC1 shows NTP client messages from 2002::c0a9:0102 + are received properly, but instead of replying with NTP server messages, + PC1 is sending ICMPV6 unreachable (administratively prohibited) messages. Could anybody gives me some hint on why NTPD ignores the IPv6 NTP + client messages? Administratively prohibited doesn't sound like a condition than an application program can generate. I would look at your firewall. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions