"Roughtime NTP" setting time help

Please help to set up NTP.
I would like to use NTP as explained here https://roughtime.googlesource.com/roughtime
and here https://developers.cloudflare.com/time-services/roughtime/
using port 2002 and seems like tokens or certificates are used
Suppose some portforwarding is needed but that’s why I m asking for help. don’t know :see_no_evil:

To begin, the software should be ported as an add-on for IPFire. The team responsible for IPFire is currently occupied with maintaining the 2.0 version and working on the development of the 3.0 branch. Consequently, if you wish to have this feature, you will need to handle the software porting on your own. The wiki provides all the necessary information for developers to create an add-on.


That won’t be possible as ntp is integrated as a core part of IPFire already, so changing it requires an update of IPFire as a whole.

At the minimum the following files from the IPFire 2.x git repo would need to be adjusted in some way. NTP might be referenced elsewhere in IPFire 2.x. These are the obvious files that need to be looked at.

ntp lfs file
ntp rootfile file
WUI time.cgi file
timectrl.c file to control startup
ntp initscript file

The link from @cfusco is the place to go to learn how to do this. I suspect you would have to make your own build because I think the IPFire devs would be more focussed on making such a large change on IPFire 3.x and not keen to accept such a large significant change that could end up breaking IPFire. The time performance is critically used in many stages, especially with regard to package downloads with pakfire.


Completely beyond my skills :see_no_evil:
thks for pointing a way.

I just checked and I cannot find roughtime package in Ubuntu or Debian repositories; it means this is really new protocol, probably experimental… No roughtime in OpenBSD (security is important for them, they developed secure OpenNTPD server). No article at Wikipedia…

I assume it is possible to build a local roughtime server in local network, add NTP server (for compatibility with NTP clients) and connect NTP server of IPfire to it, as NTP source…


Cloudflare has good article about NTP security and their time.cloudflare.com service. They support NTP, roughtime and NTS, details here.

NTS is “secure” version of NTP. NTS is supported in Chrony and NTPsec, these are in Ubuntu repository. These services are replacement for ntpd

Article about NTS & Chrony in Fedoramagazine

How to use NTS - NTPsec & Chrony

NTS with NTPsec

ArchLinux page about NTPsec has link to public servers with NTS support

Public NTP servers from pool.ntp.org do not support NTS protocol…

Important note. When time at computer is seriously wrong, NTS fails to synchronize time (because certificates are not valid). In such case, initial time synchronization has to be done with NTP or validation of certificates in NTS has to be temporary disabled… For example, RPI without RTC module has to get correct time during boot process from network and because time could be in the past, initial time synchronization cannot be done with NTS.

I have been thinking of running my own time server, PTP, NTPS …

What made you choose roughtime ? I think it is defined within 10 seconds of precision,

I am personally looking for a precision of <0.1 sec

The current NTP system will get you less than 0.1 seconds.

This is my NTP at +0.002656 sec:

[root@ipfire ~] # ntpdate -q -t 10 0.us.pool.ntp.org
server, stratum 3, offset +0.004928, delay 0.03615
server, stratum 4, offset +0.005525, delay 0.05272
server, stratum 2, offset +0.002656, delay 0.07011
server, stratum 2, offset +0.004983, delay 0.08533
 9 Aug 13:07:32 ntpdate[1477]: adjust time server offset +0.002656 sec
[root@ipfire ~] # 

Please pick an ntp server in your area.

with the ipfire.pool.ntp.org the offset +0.004341 sec:

[root@ipfire ~] # ntpdate -q -t 10 0.ipfire.pool.ntp.org
server, stratum 3, offset +0.006011, delay 0.05656
server, stratum 2, offset +0.001221, delay 0.06346
server, stratum 2, offset +0.004341, delay 0.03577
server, stratum 3, offset +0.007762, delay 0.05869
 9 Aug 13:16:43 ntpdate[1915]: adjust time server offset +0.004341 sec
[root@ipfire ~] # 

my internal time servers do ns timing,

However, due to delays in my network (yes, there are switches), it really amounts to micro-sec timing. Looking at the output of ntpq -p, the IPFire firewall reports time to 0.3 milliseconds. (by the way, I hate a program that does not report units, think mars explorer is it pounds or kg if you are wrong it burns up in the martian atmosphere. which it did).

I chose to build my own servers for a couple of reasons, the first was to reduce any potential attack surface. If my devices are not getting time from some unknown time source, then they are better protected. Accuracy, I like accuracy, it is an engineering thing.


1 Like

Yes, I was curious why roughtime of <10 sec would be a target for G70P.

You got great numbers but are you confident :face_in_clouds: that your offset at +0.002656 sec is relevant? It looks like your IPFire is getting time from 3-4 hops away :innocent:

Obviously this is just vain and valueless to IPfire and firewalls but there are some industries where PTP is needed for compliance.

@jaegers49 could you share what kind of Time servers did you build?

Roughtime looks interesting.
But it is not super new and after reading their webpage
There is a secure version of NTPv4 AutoKey. Never heard of either.
And that has not caught on!
This would really be cool if it was a decentralized time server.
Sort of Torrent like for time. that would be cool.

Peppe Tech
It was late and a misread the output from ntpq -p, the delay runs about .1 to .3 milliseconds, but the actual offset is about 10 to 30 microseconds. If the device is running chrony, and the xleave option is specified, this offset drops to about 1 to 10 microseconds.

I posted the type of time servers on CU169 NTP Polling Question - #9 by jaegers49, so hopefully that answers your question.


1 Like