Would pfSense integrate NTPsec client/sever support to help protect OpenVPN against MITM attacks? Denial of service can happen if the clocks fall of out synchronization.
Updated by Wilhelm Johansen over 2 years ago
chrony-4.0 also supports Network Time Security (NTS), as of 7 Oct 2020: https://chrony.tuxfamily.org/news.html
OPNsense 20.7.3 now has chrony available as a package: https://opnsense.org/opnsense-20-7-3-released/ - do not know which version.
My understanding is that adding chrony as a package was last discussed in 2016? https://forum.netgate.com/topic/106105/chrony
Instead of doing a host override pointing time/time-ios/euro/asia .apple.com etc. to my NTS enabled NTP server(s), it would be beneficial just pointing to pfSense, which would get time with NTS.
Interesting read from 2017: https://lwn.net/Articles/735211/
Updated by Jim Pingle over 2 years ago
We stated in the linked Reddit thread that if we were to change, the option we would consider is ntimed, not ntpsec.
We have looked into Chrony as well and decided to stay with ntpd for the time being.