Project

General

Profile

Actions

Feature #8149

open

NTPsec

Added by Richard Yao over 6 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
NTPD
Target version:
-
Start date:
11/30/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Would pfSense integrate NTPsec client/sever support to help protect OpenVPN against MITM attacks? Denial of service can happen if the clocks fall of out synchronization.

Actions #1

Updated by Jim Pingle over 4 years ago

  • Category set to NTPD
Actions #3

Updated by Wilhelm Johansen over 3 years ago

chrony-4.0 also supports Network Time Security (NTS), as of 7 Oct 2020: https://chrony.tuxfamily.org/news.html

OPNsense 20.7.3 now has chrony available as a package: https://opnsense.org/opnsense-20-7-3-released/ - do not know which version.

My understanding is that adding chrony as a package was last discussed in 2016? https://forum.netgate.com/topic/106105/chrony

Instead of doing a host override pointing time/time-ios/euro/asia .apple.com etc. to my NTS enabled NTP server(s), it would be beneficial just pointing to pfSense, which would get time with NTS.

Interesting read from 2017: https://lwn.net/Articles/735211/

https://www.freshports.org/net/chrony/

Actions #4

Updated by Jim Pingle over 3 years ago

We stated in the linked Reddit thread that if we were to change, the option we would consider is ntimed, not ntpsec.

https://www.reddit.com/r/PFSENSE/comments/86hlvo/any_plans_to_migrate_ntp_ntpsec/dw79m69/

We have looked into Chrony as well and decided to stay with ntpd for the time being.

Actions #5

Updated by Wilhelm Johansen over 3 years ago

Last commit was 6 years ago .. https://github.com/bsdphk/Ntimed

Allright, thank you for your feedback anyways!

Actions

Also available in: Atom PDF