答复: 答复: [chrony-users] ipV4 and ipV6

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]



-----邮件原件-----
发件人: Miroslav Lichvar [mailto:mlichvar@xxxxxxxxxx] 
发送时间: 2022年11月30日 16:38
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: 答复: [chrony-users] ipV4 and ipV6

On Wed, Nov 30, 2022 at 02:05:20AM +0000, chengyechun wrote:
> I'm testing the IPv4 and IPv6 dual-stack mode. That is, two certificates are configured on the server. One certificate is generated by the IPv4 network port and the other certificate is generated by the IPv6 network port. There are two clients. If the IPv4 certificate is placed on the IPv6 certificate, the IPv4 client can be authenticated successfully, but the IPv6 client cannot pass the TLS authentication.

Do the certificates contain a different name? If there are multiple certificates with the same name, the server will provide only one the clients.
Different IP addresses
> This is strange. Although the bindaddress parameter does not support 
> IPv4 and IPv6 at the same time

You can have two bindaddress directives in the config, one for IPv4 and one for IPv6.
I see.

> the ntsservercert parameter can be set to multiple values. Is there any impact between these two parameters?
> The following figure shows the configuration of the server.

It's not clear to me why you need two certificates and what it has to do with IPv4 vs IPv6.
This is because one client uses IPv6 to communicate with the server, while the other uses IPv4. This is because ip_address is used to generate a certificate. The template is as follows:

organization = "xiaoyu"
country = CN
ip_address = "11.11.7.120"
serial = 001
activation_date = "2022-01-01 00:00:00 UTC"
expiration_date = "2022-12-31 23:59:59 UTC"
signing_key
encryption_key


The IPv6 template is to modify ip_address. Can this be unified?--
Miroslav Lichvar


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/