Chrony: NTS and Authenticated NTP packets

Hi all,

I run chrony 4.5 with enabled NTS. Ports 123/udp and 4460/tcp are opened in the firewall.
Client and server do not use the key / keyfile parameter in chrony.conf.

The output of

chronyc serverstats


NTS-KE connections accepted: 11
NTS-KE connections dropped : 0
Authenticated NTP packets  : 0

Is something wrong with my configuration or is it correct that Authenticated NTP packets is zero? Because according to the documentation

Authenticated NTP packets: The number of received NTP requests that were authenticated (with a symmetric key or NTS)

You have a valid certificate?

I hope so :wink:

A client (also chrony 4.5) is configured with

server myserver nts iburst

can connect to the server (Reach is 377), chronyc authdata on the client shows

Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
myserver                    NTS     1   30  128  49h    0    0    8   64

and chronyc ntpdata on the client

NTP tests       : 111 111 1111
Authenticated   : Yes

Both, client and server, have no errors in chrony log.

It’s a bug. It counts requests that trigger a KoD response (NTS NAKs) instead of those that pass the authentication check.

Thanks for the info, Miroslav. Then we hope there will be a fix.

I guess thats’ the fix.