Please help to set up NTP.
I would like to use NTP as explained here https://roughtime.googlesource.com/roughtime
and here https://developers.cloudflare.com/time-services/roughtime/
using port 2002 and seems like tokens or certificates are used
Suppose some portforwarding is needed but that’s why I m asking for help. don’t know
Please help to set up NTP.
To begin, the software should be ported as an add-on for IPFire. The team responsible for IPFire is currently occupied with maintaining the 2.0 version and working on the development of the 3.0 branch. Consequently, if you wish to have this feature, you will need to handle the software porting on your own. The wiki provides all the necessary information for developers to create an add-on.
That won’t be possible as ntp is integrated as a core part of IPFire already, so changing it requires an update of IPFire as a whole.
At the minimum the following files from the IPFire 2.x git repo would need to be adjusted in some way. NTP might be referenced elsewhere in IPFire 2.x. These are the obvious files that need to be looked at.
The link from @cfusco is the place to go to learn how to do this. I suspect you would have to make your own build because I think the IPFire devs would be more focussed on making such a large change on IPFire 3.x and not keen to accept such a large significant change that could end up breaking IPFire. The time performance is critically used in many stages, especially with regard to package downloads with pakfire.
Completely beyond my skills
thks for pointing a way.
I just checked and I cannot find
roughtime package in Ubuntu or Debian repositories; it means this is really new protocol, probably experimental… No roughtime in OpenBSD (security is important for them, they developed secure
OpenNTPD server). No article at Wikipedia…
I assume it is possible to build a local
roughtime server in local network, add NTP server (for compatibility with NTP clients) and connect NTP server of IPfire to it, as NTP source…
NTS is “secure” version of NTP. NTS is supported in
NTPsec, these are in Ubuntu repository. These services are replacement for
Public NTP servers from pool.ntp.org do not support NTS protocol…
Important note. When time at computer is seriously wrong, NTS fails to synchronize time (because certificates are not valid). In such case, initial time synchronization has to be done with NTP or validation of certificates in NTS has to be temporary disabled… For example, RPI without RTC module has to get correct time during boot process from network and because time could be in the past, initial time synchronization cannot be done with NTS.
I have been thinking of running my own time server, PTP, NTPS …
What made you choose roughtime ? I think it is defined within 10 seconds of precision,
I am personally looking for a precision of <0.1 sec
The current NTP system will get you less than 0.1 seconds.
This is my NTP at +0.002656 sec:
[root@ipfire ~] # ntpdate -q -t 10 0.us.pool.ntp.org server 126.96.36.199, stratum 3, offset +0.004928, delay 0.03615 server 188.8.131.52, stratum 4, offset +0.005525, delay 0.05272 server 184.108.40.206, stratum 2, offset +0.002656, delay 0.07011 server 220.127.116.11, stratum 2, offset +0.004983, delay 0.08533 9 Aug 13:07:32 ntpdate: adjust time server 18.104.22.168 offset +0.002656 sec [root@ipfire ~] #
Please pick an ntp server in your area.
ipfire.pool.ntp.org the offset +0.004341 sec:
[root@ipfire ~] # ntpdate -q -t 10 0.ipfire.pool.ntp.org server 22.214.171.124, stratum 3, offset +0.006011, delay 0.05656 server 126.96.36.199, stratum 2, offset +0.001221, delay 0.06346 server 188.8.131.52, stratum 2, offset +0.004341, delay 0.03577 server 184.108.40.206, stratum 3, offset +0.007762, delay 0.05869 9 Aug 13:16:43 ntpdate: adjust time server 220.127.116.11 offset +0.004341 sec [root@ipfire ~] #
my internal time servers do ns timing,
However, due to delays in my network (yes, there are switches), it really amounts to micro-sec timing. Looking at the output of ntpq -p, the IPFire firewall reports time to 0.3 milliseconds. (by the way, I hate a program that does not report units, think mars explorer is it pounds or kg if you are wrong it burns up in the martian atmosphere. which it did).
I chose to build my own servers for a couple of reasons, the first was to reduce any potential attack surface. If my devices are not getting time from some unknown time source, then they are better protected. Accuracy, I like accuracy, it is an engineering thing.
Yes, I was curious why roughtime of <10 sec would be a target for G70P.
You got great numbers but are you confident that your offset at +0.002656 sec is relevant? It looks like your IPFire is getting time from 3-4 hops away
Obviously this is just vain and valueless to IPfire and firewalls but there are some industries where PTP is needed for compliance.
@jaegers49 could you share what kind of Time servers did you build?
Roughtime looks interesting.
But it is not super new and after reading their webpage
There is a secure version of NTPv4 AutoKey. Never heard of either.
And that has not caught on!
This would really be cool if it was a decentralized time server.
Sort of Torrent like for time. that would be cool.
It was late and a misread the output from ntpq -p, the delay runs about .1 to .3 milliseconds, but the actual offset is about 10 to 30 microseconds. If the device is running chrony, and the xleave option is specified, this offset drops to about 1 to 10 microseconds.
I posted the type of time servers on CU169 NTP Polling Question - #9 by jaegers49, so hopefully that answers your question.