NTS support in Foris?

Now that NTS (NTP) is a standard (https://blog.cloudflare.com/nts-is-now-rfc/) is there any plan to implement support (chrony/ntpsec) and have a menu in Foris?

I’d like to see a copy & paste of the DoT (DNS over TLS) web page but for NTS (cloudflare and other providers)

In OpenWrt, there is no NTPSec and only chrony 3.5.1, which doesn’t support NTS.

Recently chrony 4.0 was merged into OpenWrt master.

But if it is in OpenWrt master, it means that it can be found in daily snaphots of OpenWrt or in our branch HBD. And it will be part of the next stable release of OpenWrt.

Since the beginning of this project, NIC.cz/Turris pushed for secure DNS. I hope they can embrace secure NTP.
I would like to see NTS in their ntp.nic.cz time server too and the NTS client in the TurrisOS.

Currently, we are not thinking about adding NTS support on the CZ.NIC NTP server. If there is going to be anything new, we will let you know.

It’s a shame, I kind of hoped for the opposite answer. But chrony 4 in OpenWrt master are good news.

Hello, I have managed to cross compile chrony for omnia and it works fine.
Instructions:

  1. Follow the instructions here but do not compile chrt
  2. download chrony and the necessary libraries (gmp, nettle, gnutls) at the same version as turris
  3. Set variables from cross compile to the path that cross compiler exists

none@none ~/chrony $ echo $PKG_CONFIG_PATH
/usr/local/arm-linux-musleabihf/lib/pkgconfig
none@none ~/chrony $ echo $PKG_CONFIG_LIBDIR
/usr/local/arm-linux-musleabihf/lib/
none@none ~/chrony $ echo $CC
/usr/local/bin/arm-linux-musleabihf-gcc

  1. build and install gmp

./configure --host=arm-linux-musleabihf --prefix=/usr/local/arm-linux-musleabihf/
make
sudo make install

  1. build and install nettle

./configure --host=arm-linux-musleabihf --prefix=/usr/local/arm-linux-musleabihf/ --enable-arm-neon
make
sudo make install

  1. build and install gnutls

/configure --host=arm-linux-musleabihf --prefix=/usr/local/arm-linux-musleabihf/ --with-included-unistring --with-included-libtasn1 --without-p11-kit
make
sudo make install

  1. configure chrony (./configure) and make sure that the output says that nts is supported:

Features : +CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS +NTS -READLINE +SECHASH +IPV6 -DEBUG

  1. make
  2. copy the binaries to omnia (chronyc, chronyd) and check that they work
  3. configure chronyd, test it and create a service for it. I use chrt to fix the priority but you can use nice, check the comment into the service
Service

root@turris:~# cat /etc/init.d/chrony
#!/bin/sh /etc/rc.common

USE_PROCD=1

START=98
#change to not call chrt if it does not exist
PROG=“/root/chrt -r 1 /root/chronyd -n -m”

start_service() {
procd_open_instance
procd_set_param command $PROG
procd_set_param stdout 1
procd_set_param stderr 1
#procd_set_param nice 5
procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
procd_close_instance
}

root@turris:~# cat /etc/chrony.conf
server ptbnts1.ptb.de iburst nts
server ptbnts2.ptb.de iburst nts
server nts.ntp.se iburst nts
server nts.sth1.ntp.se iburst nts
server nts.sth2.ntp.se iburst nts
server time.cloudflare.com iburst nts
driftfile /etc/chrony.drift
makestep 1.0 3
rtcsync
allow all
[/details]

  1. activate the service and deactivate sysntpd

Does anyone has a list of public nts servers?

1 Like