Hi,
I’m in the process of learning the VyOS CLI. After getting the basic configuration in order, I need to update the default NTP servers which are (off the the of my head):
1[.]ntp[.]vyos[.]io
2[.]ntp[.]vyos[.]io
3[.]ntp[.]vyos[.]io
4[.]ntp[.]vyos[.]io
To these servers:
0[.]no[.]pool[.]ntp[.]org
1[.]no[.]pool[.]ntp[.]org
2[.]no[.]pool[.]ntp[.]org
3[.]no[.]pool[.]ntp[.]org
The documentation [1] points me in the right direction. I can change the first NTP server by running the following command:
set system ntp server 0.no.pool.ntp.org
However I’d like to update the other 3 default servers and I can’t figure out the correct CLI syntax. What is the correct syntax to update all 4 NTP servers?
Any help is greatly appreciated
[1] NTP — VyOS 1.3.x (equuleus) documentation
Delete the current servers and add required
delete system ntp server
set system ntp server x.x.x.x
2 Likes
bcook
October 27, 2023, 1:25pm
3
possibly also of interest:
set nat destination rule 220 destination address '!172.16.254.241'
set nat destination rule 220 destination port '123'
set nat destination rule 220 inbound-interface 'eth5.512'
set nat destination rule 220 protocol 'tcp_udp'
set nat destination rule 220 translation address '172.16.254.241'
set nat destination rule 220 translation port '123'
yes ntp is only udp…
where eth5.512 is your network(s)
and 172.16.254.241 is your centralized ntp or local ntp
NextDNS gives you a map of where your dns requests are geographically going…
Some people would be upset to see their ntp queries going to places that they wouldn’t understand… (at least where I live/work…)
so 172.16.254.241 gets to sync, everyone else gets ‘hijacked/intercepted’ to go there…
some local dns servers don’t allow wildcard rewrites… so the hijacking always got me what I wanted without worrying about a dns rewrites (for ntp)…
set nat destination rule 120 destination address '!10.20.0.0/16'
set nat destination rule 120 destination port 'domain'
set nat destination rule 120 inbound-interface 'eth5.512'
set nat destination rule 120 protocol 'tcp_udp'
set nat destination rule 120 translation address '127.0.0.1'
set nat destination rule 120 translation port '53'
(if you aren’t going to one the DNS’ located in the /16… etc)
My 0.02
YMMV
1 Like
Also might be of interest:
Yes NTP uses UDP123 but NTS (aka ntpsec) uses TCP4460 AND UDP4123.
For more information see: ⚓ T5112 Enable support for Network Time Security (NTS) for chrony
system
Closed
November 26, 2023, 4:23pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.