Re: [pfSense] Running newer then released?
On Sat, 2017-03-04 at 09:43 +0100, Valerio Bellizzomi wrote: > On Fri, 2017-03-03 at 07:38 -0500, Doug Lytle wrote: > > My home pfSense is reporting: > > > > 2.3.3-RELEASE (amd64) > > built on Thu Feb 16 06:59:53 CST 2017 > > FreeBSD 10.3-RELEASE-p16 > > > > The system is on a later version than > > the official release. > > > same here, I attach a screenshot. Current Base System 2.3.3 Latest Base System 0.20 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Running newer then released?
On Fri, 2017-03-03 at 07:38 -0500, Doug Lytle wrote: > My home pfSense is reporting: > > 2.3.3-RELEASE (amd64) > built on Thu Feb 16 06:59:53 CST 2017 > FreeBSD 10.3-RELEASE-p16 > > The system is on a later version than > the official release. same here, I attach a screenshot. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] [Fwd: Re: enabling authenticated ntp ?]
Is there any news on the authenticated ntp side ? Regards Forwarded Message > From: Valerio Bellizzomi <vale...@selnet.org> > Reply-to: pfSense Support and Discussion Mailing List > <list@lists.pfsense.org> > To: pfSense Support and Discussion Mailing List > <list@lists.pfsense.org> > Subject: Re: [pfSense] enabling authenticated ntp ? > Date: Mon, 30 May 2016 18:37:31 +0200 > > The procedure to add authenticated ntp is like the following: > > > NTP PUBLIC KEY AUTHENTICATION > > To use public-key authentication you have to use the NTP software - > version 1.4.74 or higher; the server identification with the IFF scheme > is however only available for version 4.2.6. > > They will have to remove and install the encryption libraries in the > OpenSSL software. These libraries can be taken freely from > www.openssl.org site. > > Then you can proceed with the compilation and installation of NTP > Software. > > Among the various programs that make up the NTP software is also > ntp-keygen that is needed to generate keys and certificates needed to > activate this mode of ntpd daemon. > The keys and the certificate must be stored in a folder that is visible > only to 'root; usually this directory is / etc / ntp. > To generate the keys you have to give the following command from the > folder that contains the keys (/ etc / ntp): > cd / etc / ntp > ntp-keygen > > In this way, a file containing the private key is generated > (ntpkey_RSAkey_hostname.timestamp) and a certificate with the RSA-MD5 > scheme (ntpkey_RSA-MD5cert_hostname.timestamp). > > You will have to store the parameters of IFF files > (ntpkey_IFFkey_servername) which was taken from dell'I.N.RI.M site. in > the folder that contains the keys (/ etc / ntp). The file starts with > the line containing # ntpkey_iffpar_ntp ... and ends with - END DSA > PRIVATE KEY - > > Finally, you must add the following directives in /etc/ntp.conf > configuration file: > > crypto # Enable Autokey Protocol > > keysdir / etc / ntp / # Define the location of the keys and > cryptographic file > > statistics sysstats cryptostats # Enable event logging > > filegen sysstats file SysStats type day enable # Defines how event > logging > > filegen cryptostats file cryptostats type day enable # Defines how > event logging > > server server1.com autokey # Associate the Autokey Protocol to > server1.com server > > server server2.com autokey # Associate the Autokey Protocol to > server2.com server > > > > > > > > > On Mon, 2016-05-30 at 09:17 -0700, Walter Parker wrote: > > Not that I have seen. > > > > I had an idea for authenticated NTP awhile back, but was waiting until I > > had upgraded to 2.3 before I looked at what it would take to add. This > > weekend I had the time to build a test environment, so I might try doing it > > over the next few months. > > > > > > Walter > > > > On Mon, May 30, 2016 at 3:46 AM, Valerio Bellizzomi <vale...@selnet.org> > > wrote: > > > > > Hello, there is a ntp authenticated with public key feature in ntp, does > > > pfsense support that? > > > > > > thanks > > > > > > > > > On Thu, 2016-05-26 at 20:18 +0200, Valerio Bellizzomi wrote: > > > > Is it possible to do from the web interface? > > > > > > > > thanks > > > > > > > > > > > > ___ > > > > pfSense mailing list > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] enabling authenticated ntp ?
The procedure to add authenticated ntp is like the following: NTP PUBLIC KEY AUTHENTICATION To use public-key authentication you have to use the NTP software - version 1.4.74 or higher; the server identification with the IFF scheme is however only available for version 4.2.6. They will have to remove and install the encryption libraries in the OpenSSL software. These libraries can be taken freely from www.openssl.org site. Then you can proceed with the compilation and installation of NTP Software. Among the various programs that make up the NTP software is also ntp-keygen that is needed to generate keys and certificates needed to activate this mode of ntpd daemon. The keys and the certificate must be stored in a folder that is visible only to 'root; usually this directory is / etc / ntp. To generate the keys you have to give the following command from the folder that contains the keys (/ etc / ntp): cd / etc / ntp ntp-keygen In this way, a file containing the private key is generated (ntpkey_RSAkey_hostname.timestamp) and a certificate with the RSA-MD5 scheme (ntpkey_RSA-MD5cert_hostname.timestamp). You will have to store the parameters of IFF files (ntpkey_IFFkey_servername) which was taken from dell'I.N.RI.M site. in the folder that contains the keys (/ etc / ntp). The file starts with the line containing # ntpkey_iffpar_ntp ... and ends with - END DSA PRIVATE KEY - Finally, you must add the following directives in /etc/ntp.conf configuration file: crypto # Enable Autokey Protocol keysdir / etc / ntp / # Define the location of the keys and cryptographic file statistics sysstats cryptostats # Enable event logging filegen sysstats file SysStats type day enable # Defines how event logging filegen cryptostats file cryptostats type day enable # Defines how event logging server server1.com autokey # Associate the Autokey Protocol to server1.com server server server2.com autokey # Associate the Autokey Protocol to server2.com server On Mon, 2016-05-30 at 09:17 -0700, Walter Parker wrote: > Not that I have seen. > > I had an idea for authenticated NTP awhile back, but was waiting until I > had upgraded to 2.3 before I looked at what it would take to add. This > weekend I had the time to build a test environment, so I might try doing it > over the next few months. > > > Walter > > On Mon, May 30, 2016 at 3:46 AM, Valerio Bellizzomi <vale...@selnet.org> > wrote: > > > Hello, there is a ntp authenticated with public key feature in ntp, does > > pfsense support that? > > > > thanks > > > > > > On Thu, 2016-05-26 at 20:18 +0200, Valerio Bellizzomi wrote: > > > Is it possible to do from the web interface? > > > > > > thanks > > > > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] enabling authenticated ntp ?
Is it possible to do from the web interface? thanks ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
