Having implemented this solution already, I consider it some type of hack, as the standard time sync unfortunately happens very late in the start of the services, after rc.local called. And the sync might take quite some time.
Which means, I had to "hack" the time sync immediately after WAN up, and to be done in a single shot, before starting WG. It might be a reasonable workaround, as a standard new option in openwrt, to allow immediate time sync after WAN up, instead of the graceful sync much later. However, as a real RTC is rather cheap, it might be a good idea, in case of commercial apps, to ask the supplier of the device to be used for the inclusion of a RTC. The more requests, the better the chances to find more devices with RTC included. -------------------------------------------- Toke Høiland-Jørgensen <[email protected]> schrieb am So, 13.5.2018: The analogue for a wireguard deployment would be to run NTP on the unsecured links and not configure the wireguard tunnels until NTP has synced. This has different security implications for a VPN than for dnssec, of course, but it could be doable. _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
