Richard Laager via devel writes:
> Upon further investigation, there is a concern about the GPS antenna
> placement.
What concern(s)?
> Does anyone have recommendations for GPS antenna RF-to-fiber converters
> or other ways to have the GPS antenna a long way (in a building) from
> the GPS
> Does anyone have recommendations for GPS antenna RF-to-fiber converters or
> other ways to have the GPS antenna a long way (in a building) from the GPS
> receiver?
How far is "a long way"?
One approach is amplifiers and coax. The most cost effective coax is the good
cable TV stuff. RG-6,
Upon further investigation, there is a concern about the GPS antenna
placement.
Does anyone have recommendations for GPS antenna RF-to-fiber converters
or other ways to have the GPS antenna a long way (in a building) from
the GPS receiver?
--
Richard
signature.asc
Description: OpenPGP
> I'm not familiar with how FreeBSD accounts CPU, but NTPsec uses a second
> thread for DNS lookups. If the traffic triggers lots of DNS lookups, the CPU
> gets accounted for in ticks per core and the ticks are fairly long, you could
> probably expect to see about twice the load.
The extra
Udo van den Heuvel via devel writes:
> On 13-12-2019 11:31, Udo van den Heuvel via devel wrote:
>> No change in ntpd behaviour...
>
> Certificates ended up in /etc/pki/tls/certs/ca-bundle.trust.crt and
> /etc/pki/tls/certs/ca-bundle.crt
>
> But after an ntpd restart no change...
You didn't
Mike Yurlov via devel writes:
> I recently started the public server for ntppool (Yo, Ask) on
> FreeBSD. Yesterday I was migrate from Classic NTPd to NTPSec (oh, it
> was painful!). I'm copy ntp.conf to ntpsec.conf and only convert
> "magic" 127.127.20 x to refclock. When I looking to "top" I see
My best guess is that we are now using crypto
quality random numbers where we don't need them. That and nobody has reported
CPU problems yet. You are probably the first one to have enough traffic to
notice. Thanks for the data point.
Hmmm... When I increase mru size, cpu extremely
> When I looking to "top" I see NTPsec eat 10-17% CPU. But Classic NTPd eat
> only 4-6% on same average 3-4kpps/queries per second. Why?
I don't have a clean answer. My best guess is that we are now using crypto
quality random numbers where we don't need them. That and nobody has reported
udo...@xs4all.nl said:
> The chroot is the root cause I guess. Thanks for tipping me abotu taht one.
> I copied over /etc/pki to /chroot/ntpd/etc and stuff starts to see certs and
> such:
Thanks for bringing this to our attention and helping to track it down.
--
These are my opinions. I
On 13-12-2019 12:37, Hal Murray wrote:
> Are you using a chroot jail? If so, does it let ntpd see the root certs?
The chroot is the root cause I guess.
Thanks for tipping me abotu taht one.
I copied over /etc/pki to /chroot/ntpd/etc and stuff starts to see certs
and such:
Dec 13 12:42:57 sp2
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate invalid: 20=>unable to
> get local issuer certificate
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: NTS-KE req to
On 13-12-2019 11:31, Udo van den Heuvel via devel wrote:
> No change in ntpd behaviour...
Certificates ended up in /etc/pki/tls/certs/ca-bundle.trust.crt and
/etc/pki/tls/certs/ca-bundle.crt
But after an ntpd restart no change...
Udo
___
devel
On 13-12-2019 11:21, Udo van den Heuvel via devel wrote:
> On 13-12-2019 11:09, Udo van den Heuvel via devel wrote:
>> So is this an isseu in the ca-certificates rpm?
>
> https://letsencrypt.org/certificates/ shows the relationships between
> certificates.
> Could it be that the Fedora rpm has no
On 13-12-2019 11:09, Udo van den Heuvel via devel wrote:
> So is this an isseu in the ca-certificates rpm?
https://letsencrypt.org/certificates/ shows the relationships between
certificates.
Could it be that the Fedora rpm has no info on the X3 cert?
Udo
Hal,
On 13-12-2019 10:56, Hal Murray wrote:
> On Fedora, it's ca-certificates.noarch
Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: DNS lookup of ntp2.glypnod.com
took 0.031 sec
Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: nts_probe connecting to
ntp2.glypnod.com:123 => [2a03:b0c0:1:d0::1f9:f001]:123
Dec
> Can anybody confirm that installing the certificates for ntpd as a server can
> fix the client-side certificate issues as well?
No.
For a client, you need a root certificate for each server's certificate. Most
distros have a package with many root certificates and their libssl
On 10-12-2019 06:47, Hal Murray wrote:
> Do you have the normal collection of root certificates installed? Are they
> up
> to date?
Can anybody confirm that installing the certificates for ntpd as a
server can fix the client-side certificate issues as well?
Kind regards,
Udo
Hal,
On 10-12-2019 06:47, Hal Murray wrote:
>> I also might have a local issue as I get:
>> NTSc: certificate invalid: 20=>unable to get local issuer certificate
>> (for the other servers mentioned at the howto page)
>
> What OS/distro/version are you using?
Fedora 31 Linux with kernel.org,
Hi All!
I recently started the public server for ntppool (Yo, Ask) on FreeBSD.
Yesterday I was migrate from Classic NTPd to NTPSec (oh, it was
painful!). I'm copy ntp.conf to ntpsec.conf and only convert "magic"
127.127.20 x to refclock. When I looking to "top" I see NTPsec eat
10-17% CPU.
19 matches
Mail list logo
