Archive > 23.1 Legacy Series
Secure NTP
ks98330q:
Just checking to see if secure NTP can be configured on OPNSense.
If not, could it be enabled?
CJ:
Interesting. I hadn't realized there was an effort to do secure NTP.
Is your concern interception between the internet and the OPNSense machine, OPNSense and your LAN clients, or your LAN clients to the internet?
lilsense:
you can install Chrony and use NTS.
abulafia:
--- Quote from: lilsense on April 27, 2023, 02:11:26 pm ---you can install Chrony and use NTS.
--- End quote ---
Yep. Here's a list of NTS servers:
- https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d
- https://gitlab.com/-/snippets/2481323
I use:
time.cloudflare.com,ptbtime1.ptb.de,ptbtime2.ptb.de,ptbtime3.ptb.de,ntp2.glypnod.com,nts.sth1.ntp.se,nts.sth2.ntp.se,ntp.3eck.net,ntp.trifence.ch,ntp.zeitgitter.net,nts1.adopo.net,www.jabber-germany.de,www.masters-of-cloud.de,ntppool1.time.nl,ntppool2.time.nl,ptbtime4.ptb.de,paris.time.system76.com,ntp3.fau.de
ks98330q:
--- Quote from: CJRoss on April 27, 2023, 01:49:38 pm ---Interesting. I hadn't realized there was an effort to do secure NTP.
Is your concern interception between the internet and the OPNSense machine, OPNSense and your LAN clients, or your LAN clients to the internet?
--- End quote ---
Yes. It obviously isnt well known, or most dont reallly give $.02 about it. Anyway, NIST in the US offers an authenticated NTP service. Its free, and renews every september.
Navigation
[0] Message Index
[#] Next page
Go to full version