[chrony-users] Chrony Client Support for different ports to the same ser

[chrony-users] Chrony Client Support for different ports to the same server?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-users] Chrony Client Support for different ports to the same server?
From: "Derek Atkins" <derek@xxxxxxxxx>
Date: Mon, 27 Jan 2025 07:55:48 -0500
Dkim-filter: OpenDKIM Filter v2.11.0 mail.ihtfp.org 113AF80F4337
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1737982548; bh=CDHPfYu8NyAycDCFljMfUAlZ22gv1Z/ZatOufmSgWl0=; h=Date:Subject:From:To:From; b=UyzSdaYGqIlRVMdyNCWgnQnPyIUrePoQreMQUZEuQ4G2q6U8aZD1aofVuUDF8oYrZ SRhrBmT+FoR+FuXciMpUksdJ2w85eqm+NvvjpFoDl2d8wSGaVVs+OC+H3YiaL3Edo+ zbc6Pv9LP23qERKWvWU8DphxKD3KKu/v+hZlFJJE=

Hi,

tl;dr:
I have a configuration of
server a.b.c.d
server a.b.c.d port 4123

However the second configuration is ignored and not used; I only see
packets going out to port 123, not port 4123.  Is this a bug, or is there
some way to get chrony to fallback if it does not receive responses on
123?

LONG VERSION:

I'm using Chrony as a time client on an embedded device system.  I control
both the client and server, but I'm trying to build generic solutions that
don't know their environment a priori.
Some environments I go into actually block port 123.  Don't ask me why --
they will not unblock them.  So I thought I'd run NTP on both 123 and 4123
on the server, and configure the client to try both ports.  As a result,
my device-side client configuration looks like:

server a.b.c.d
server a.b.c.d port 4123

However, it looks like this does not work.  For example, if I run "chronyc
sources" I only see a.b.c.d in there once:

# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* a.b.c.d                      10   6   377    31  -1592ns[-5815ns] +/-
1214us
#


Running tcpdump, I only see packets go out to port 123, never to port
4123.  Of course, the server only sees the packets sent to 4123 because
123 is blocked.

If I manually comment out the first server line, then chrony will happily
reach out to port 4123 and receive a response from the server. However, I
do not know, a priori, whether port 123 is blocked in my environment or
not, and these devices do not get manually configured in the field, so
there is no way to tell it the port #.

The documentation seems to imply this configuration should work, but
clearly it's not.  Am I missing something?  Is this a bug?

Alternatively, is there some test I can run to see if a port gets a valid
response?  Like "chronyd test a.b.c.d port 123" and use an exit-code to
determine if it got a response or not?

Thanks,

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@xxxxxxxxx             www.ihtfp.com
       Computer and Internet Security Consultant


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-users] Chrony Client Support for different ports to the same server?
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Isolated Network Configuration
Next by Date: Re: [chrony-users] Chrony Client Support for different ports to the same server?
Previous by thread: Re: [chrony-users] Isolated Network Configuration
Next by thread: Re: [chrony-users] Chrony Client Support for different ports to the same server?

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/