Gary, Adding this to /etc/services seems to fix the issue: ntp 123/tcp # Network Time Protocol
I now see: -pi3.rellim.com .PPS. 1 8 4 64 37 197.8958 0.5317 0.4966 -kong.rellim.com 204.17.205.17 2 8 5 64 37 211.0267 -1.1571 0.7353 -104.131.155.175 204.123.2.72 2 8 3 64 37 178.6108 4.1158 0.2288 -178.62.68.79 17.253.34.253 2 8 - 64 37 185.7613 -2.6144 0.0452 And a snip from the log file says: 2019-03-22T07:43:48 ntpd[12580]: NTSc: nts_probe connecting to pi3.rellim.com:ntp => 204.17.205.23:123 2019-03-22T07:43:49 ntpd[12580]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256) 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate subject name: /CN= pi3.rellim.com 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate is valid. 2019-03-22T07:43:49 ntpd[12580]: NTSc: read 880 bytes 2019-03-22T07:43:49 ntpd[12580]: NTSc: Got 8 cookies, length 104, aead=15. 2019-03-22T07:43:49 ntpd[12580]: NTSc: NTS-KE req to pi3.rellim.com took 0.863 sec, OK 2019-03-22T07:43:49 ntpd[12580]: DNS: dns_check: processing pi3.rellim.com, 1, 21801 2019-03-22T07:43:49 ntpd[12580]: DNS: Server taking: 204.17.205.23 2019-03-22T07:43:49 ntpd[12580]: DNS: Server poking hole in restrictions for: 204.17.205.23 2019-03-22T07:43:49 ntpd[12580]: DNS: dns_take_status: pi3.rellim.com=>good, 0 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Fri, Mar 22, 2019 at 7:32 AM Sanjeev Gupta <gha...@gmail.com> wrote: > On Fri, Mar 22, 2019 at 7:24 AM Gary E. Miller via devel <devel@ntpsec.org> > wrote: > >> > I have been lurking and trying to set up NTS to talk to the rellim.com >> > servers. This is a recent git head. >> >> Cool. >> > > I just did a git pull and rebuilt. > > >> > My ntp.conf snippet: >> > >> > nts enable >> > nts cert /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem >> > nts key /etc/letsencrypt/live/ntpmon.dcs1.biz/privkey.pem >> > server pi3.rellim.com nts >> > server kong.rellim.com nts >> >> Looks good. What is your server so I can try to connect back? >> > > My server is ntpmon.dcs1.biz . It is in the pool, BTW. > > > Been runnig for a few hours now. ntpq -pn output: >> > pi3.rellim.com .NTS. 16 u - 1024 0 0.0000 0.0000 0.0005 >> > kong.rellim.com .NTS. 16 u -1024 0 0.0000 0.0000 0.0005 >> >> Odd, you are not even getting the cookies. >> >> > And the log is here: https://pastebin.com/fM9uDwVi >> >> Weird: >> >> 2019-03-22T03:56:32 ntpd[21039]: NTSc: nts_probe: DNS error trying to >> contact pi3.rellim.com: -8, Servname not supported for ai_socktype >> >> >> What version of OpenSSL do you have? I'm finding that matters. >> > > root@ntpmon:~/ntpsec# openssl version -a > OpenSSL 1.1.1a 20 Nov 2018 > built on: Thu Nov 22 18:40:54 2018 UTC > platform: debian-i386 > options: bn(64,32) rc4(1x,char) des(long) blowfish(ptr) > compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g > -O2 -fdebug-prefix-map=/build/openssl-5z4Qxa/openssl-1.1.1a=. > -fstack-protector-strong -Wformat -Werror=format-security > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM > -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time > -D_FORTIFY_SOURCE=2 > OPENSSLDIR: "/usr/lib/ssl" > ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1" > Seeding source: os-specific > > This is debian/testing, up to date. > > Thanks, > -- > Sanjeev >
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
