The Wayback Machine - https://web.archive.org/web/20201104101345/https://github.com/opnsense/plugins/pull/2087
Skip to content

/ plugins

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/chrony: add NTS peer mode #2087

Open
wants to merge 7 commits into
base: master
from
Open

net/chrony: add NTS peer mode #2087

wants to merge 7 commits into from

Conversation

@mimugmail
Copy link
Member

@mimugmail mimugmail commented Nov 1, 2020

Add NTS for peers to chrony which was introduced in 4.0

https://blog.apnic.net/2019/11/08/network-time-security-new-ntp-authentication-mechanism/
mimugmail added 7 commits Nov 1, 2020
@mimugmail
Update Makefile
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
b83cda2
@mimugmail
Update pkg-descr
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
79f4179
@mimugmail
Update general.xml
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
5dfaaf7
@mimugmail
Update General.xml
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
2232533
@mimugmail
Update setup.sh
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
0b47067
@mimugmail
Update chrony.conf
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
103976b
@mimugmail
Update chrony.conf
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
ee49b4a
@fichtner
fichtner reviewed Nov 3, 2020
View changes
net/chrony/src/opnsense/scripts/OPNsense/Chrony/setup.sh
mkdir -p /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
chown -R chronyd:chronyd /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
chmod 750 /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
Comment on lines +3 to +5

This comment has been minimized.

Sign in to view
@fichtner

fichtner Nov 3, 2020
Member

Suggested change
mkdir -p /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
chown -R chronyd:chronyd /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
chmod 750 /var/db/chrony/ /var/lib/chrony/ /var/run/chrony/
mkdir -p /var/db/chrony /var/lib/chrony /var/run/chrony
chown -R chronyd:chronyd /var/db/chrony /var/lib/chrony /var/run/chrony
chmod 750 /var/db/chrony /var/lib/chrony /var/run/chrony
@fichtner
fichtner reviewed Nov 3, 2020
View changes
net/chrony/src/opnsense/mvc/app/controllers/OPNsense/Chrony/forms/general.xml
<id>general.ntsclient</id>
<label>NTS Client Support</label>
<type>checkbox</type>
<help>Enable NTS in client mode. This will add another layer of security for peers when OPNsense is the client. Every server in Peers has to support NTS.</help>

This comment has been minimized.

Sign in to view
@fichtner

fichtner Nov 3, 2020
Member

I'm not sure if this is the best approach. It will probably get in the way later. But I'm not strictly opposed to this.
@fichtner fichtner self-assigned this Nov 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@mimugmail @fichtner
You can’t perform that action at this time.