答复: [chrony-users] ipV4 and ipV6 |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
I'm testing the IPv4 and IPv6 dual-stack mode. That is, two certificates are configured on the server. One certificate is generated by the IPv4 network port and the other certificate is generated by the IPv6 network port. There are two clients. If the IPv4 certificate is placed on the IPv6 certificate, the IPv4 client can be authenticated successfully, but the IPv6 client cannot pass the TLS authentication. This is strange. Although the bindaddress parameter does not support IPv4 and IPv6 at the same time, the ntsservercert parameter can be set to multiple values. Is there any impact between these two parameters?
The following figure shows the configuration of the server.
driftfile /var/lib/chrony/drift
makestep 1 -1
rtcsync
allow 11.11.68.145/16
local stratum 10
ntsdumpdir /var/lib/chrony
logdir /var/log/chrony
allow 1111:1111::1:66d2/64
ntsserverkey /etc/pki/tls/private/server.key
ntsservercert /etc/pki/tls/certs/server.crt
ntsserverkey /etc/pki/tls/private/serverV6.key
ntsservercert /etc/pki/tls/certs/serverV6.crt
Network adapter information:
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:f5:9f:33 brd ff:ff:ff:ff:ff:ff
inet 11.11.101.42/16 scope global eth1
valid_lft forever preferred_lft forever
inet6 1111:1111::1:7eb6/64 scope global
valid_lft forever preferred_lft forever
-----邮件原件-----
发件人: Miroslav Lichvar [mailto:mlichvar@xxxxxxxxxx]
发送时间: 2022年11月28日 16:47
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: [chrony-users] ipV4 and ipV6
On Sat, Nov 26, 2022 at 06:29:55AM +0000, chengyechun wrote:
> Hi all
> When the chrony works in both IPv4 and IPv6 modes, for example, one client is configured with two servers, one server is iPv4 and the other is ipv6, and the NTS function is configured. I found that they were able to communicate, but the time source state was displayed as x, which was a bit odd since they didn't have a big time difference:
> [cid:image001.png@01D901A3.8C0B2D20]
The output shows that the sources are off by ~1.1 seconds from each other, but the estimate of accuracy is only in hundreds of microseconds. Their intervals don't overlap, so they are marked as falsetickers.
It looks like two servers configured with the local reference mode.
That cannot work.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.