Updating all 4 NTP servers - Correct syntax?

SourceNix · October 27, 2023, 9:13am

Hi,

I’m in the process of learning the VyOS CLI. After getting the basic configuration in order, I need to update the default NTP servers which are (off the the of my head):

1[.]ntp[.]vyos[.]io
2[.]ntp[.]vyos[.]io
3[.]ntp[.]vyos[.]io
4[.]ntp[.]vyos[.]io

To these servers:
0[.]no[.]pool[.]ntp[.]org
1[.]no[.]pool[.]ntp[.]org
2[.]no[.]pool[.]ntp[.]org
3[.]no[.]pool[.]ntp[.]org

The documentation [1] points me in the right direction. I can change the first NTP server by running the following command:

set system ntp server 0.no.pool.ntp.org

However I’d like to update the other 3 default servers and I can’t figure out the correct CLI syntax. What is the correct syntax to update all 4 NTP servers?

Any help is greatly appreciated

[1] NTP — VyOS 1.3.x (equuleus) documentation

Viacheslav · October 27, 2023, 9:17am

Delete the current servers and add required

delete system ntp server
set system ntp server x.x.x.x

bcook · October 27, 2023, 1:25pm

possibly also of interest:

set nat destination rule 220 destination address '!172.16.254.241'
set nat destination rule 220 destination port '123'
set nat destination rule 220 inbound-interface 'eth5.512'
set nat destination rule 220 protocol 'tcp_udp'
set nat destination rule 220 translation address '172.16.254.241'
set nat destination rule 220 translation port '123'

yes ntp is only udp…

where eth5.512 is your network(s)

and 172.16.254.241 is your centralized ntp or local ntp

NextDNS gives you a map of where your dns requests are geographically going…

Some people would be upset to see their ntp queries going to places that they wouldn’t understand… (at least where I live/work…)

so 172.16.254.241 gets to sync, everyone else gets ‘hijacked/intercepted’ to go there…

some local dns servers don’t allow wildcard rewrites… so the hijacking always got me what I wanted without worrying about a dns rewrites (for ntp)…

set nat destination rule 120 destination address '!10.20.0.0/16'
set nat destination rule 120 destination port 'domain'
set nat destination rule 120 inbound-interface 'eth5.512'
set nat destination rule 120 protocol 'tcp_udp'
set nat destination rule 120 translation address '127.0.0.1'
set nat destination rule 120 translation port '53'

(if you aren’t going to one the DNS’ located in the /16… etc)

My 0.02

YMMV

Apachez · October 27, 2023, 4:22pm

Also might be of interest:

Yes NTP uses UDP123 but NTS (aka ntpsec) uses TCP4460 AND UDP4123.

For more information see: ⚓ T5112 Enable support for Network Time Security (NTS) for chrony

system · November 26, 2023, 4:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.