OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: abulafia on December 02, 2021, 02:19:44 pm
-
Since [some time], chrony hardly connects to any servers anymore:
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.cloudflare.com 3 6 37 11 -36us[ +469us] +/- 17ms
^? sth1.nts.netnod.se 0 8 0 - +0ns[ +0ns] +/- 0ns
^? sth2.nts.netnod.se 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ptbtime1.ptb.de 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ptbtime2.ptb.de 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ptbtime3.ptb.de 0 8 0 - +0ns[ +0ns] +/- 0ns
^- nts1.time.nl 2 6 37 10 -2907us[-2907us] +/- 39ms
^? nts.ntp.se 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ntp2.glypnod.com 0 8 0 - +0ns[ +0ns] +/- 0ns
^? ntpmon.dcs1.biz 0 8 0 - +0ns[ +0ns] +/- 0ns
^? netmon2.dcs1.biz 0 8 0 - +0ns[ +0ns] +/- 0ns
^? sth-ts.nts.netnod.se 0 8 0 - +0ns[ +0ns] +/- 0ns
I can DNS-resolve all and ping most of the above domains
It seems to be an issue with file access rights? System log shows:
2021-12-02T14:15:43 chronyd[5971] Selected source 162.159.200.123 (time.cloudflare.com)
2021-12-02T14:15:41 chronyd[5971] Selected source 94.198.159.11 (nts1.time.nl)
2021-12-02T14:15:36 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:35 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:35 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:35 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:35 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:35 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:34 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:34 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:34 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:34 chronyd[5971] Could not set credentials : Error while reading file.
2021-12-02T14:15:34 chronyd[5971] Source 194.58.202.203 changed to 194.58.202.202 (nts.netnod.se)
2021-12-02T14:15:20 configctl[3020] event @ 1638450920.24 exec: system event config_changed
[ Chrony restart ]
It used to run fine; so I am suspecting the latest updates 21.7.5 or 21.7.6 -- or the recent update of my SSL certificate by the new ACME?
-
Indeed some form of permission error on the SSL cert file:
The following was set:
root@OPNsense:/usr/local/etc # ls -la /etc/ssl/
total 454
drwxr-xr-x 2 root wheel 4 Nov 29 11:30 .
drwxr-xr-x 25 root wheel 99 Nov 25 21:09 .. -
rw-r----- 1 root wheel 698890 Nov 29 11:30 cert.pem
-rw-r--r-- 1 root wheel 10921 Nov 10 11:08 openssl.cnf
with cert.pem set to "rw-r-----", I had the described issues
If the cert.pem is set to "rw-r--r--" (mask 644), chrony can connect to all NTS servers just fine (like before).
-
Is this being fixed with the next opnsense update?
Or only by users self by using terminal?
-
This has been fixed in 22.1: https://github.com/opnsense/core/issues/5396
-
21.7.7 as well (already released).
Cheers,
Franco