Page MenuHomeVyOS Platform

NTP allow-clients address doesn't work it allows to use ntp server for all addresses
Closed, ResolvedPublicBUG

Description

Tested in VyOS 1.3.0 & VyOS 1.4-rolling-202201060842
"set system ntp allow-clients address '1.20.20.0/24'" command doesn't work

To recreate:
NTP Client --------- NTP server
1.10.10.10/24 --------- 1.10.10.1/24

Simple NTP server config. The client synchronizes without any problems (expected):

set system ntp server 1.1.1.2

Adding restrictions on the server. So that only clients from 1.20.20.20/24 can get NTP:

set system ntp allow-clients address '1.20.20.0/24'
commit
save

BUT. 1.10.10.10 is still getting NTP. Despite the config.

vyos@vyos:~$ cat /run/ntpd/ntpd.conf
### Autogenerated by ntp.py ###

#
# Non-configurable defaults
#
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requess
restrict default noquery nopeer notrap nomodify
# Allow pool associations
restrict source nomodify notrap noquery
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict 127.0.0.1
restrict -6 ::1

#
# Configurable section
#
server 1.1.1.2 iburst
server time1.vyos.net iburst
server time2.vyos.net iburst
server time3.vyos.net iburst

# Allowed clients configuration
restrict 1.20.20.0 mask 255.255.255.0 nomodify notrap nopeer

Some logs:

Jan 14 04:05:13 vyos ntpd[1812]: ntpd exiting on signal 15 (Terminated)
Jan 14 04:05:13 vyos ntpd[1812]: 1.1.1.2 local addr 1.1.1.1 -> <null>
Jan 14 04:05:14 vyos ntpd[2012]: ntpd [email protected] (1): Starting
Jan 14 04:05:14 vyos ntpd[2012]: Command line: /usr/sbin/ntpd -g -p /run/ntpd/ntpd.pid -c /run/ntpd/ntpd.conf -u ntp:ntp
Jan 14 04:05:14 vyos systemd[1]: ntp.service: Can't open PID file /run/ntpd/ntpd.pid (yet?) after start: No such file or directory
Jan 14 04:05:14 vyos ntpd[2014]: proto: precision = 0.253 usec (-22)
Jan 14 04:05:14 vyos ntpd[2014]: Listen and drop on 0 v6wildcard [::]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 2 lo 127.0.0.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 3 eth0 1.1.1.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 4 eth1 1.10.10.1:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 5 lo [fe80::200:ff:fe00:0%1]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 6 lo [::1]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 7 eth0 [fe80::5204:ff:fe01:0%2]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 8 eth1 [fe80::5204:ff:fe01:1%3]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 9 eth2 [fe80::5204:ff:fe01:2%4]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listen normally on 10 eth3 [fe80::5204:ff:fe01:3%5]:123
Jan 14 04:05:14 vyos ntpd[2014]: Listening on routing socket on fd #27 for interface updates
Jan 14 04:05:14 vyos ntpd[2014]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Jan 14 04:05:14 vyos ntpd[2014]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized

Details

Difficulty level
Unknown (require assessment)
Version
1.3.0, 1.4-rolling-202201060842
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Unknown Object (User) created this task.Jan 14 2022, 4:35 AM
Unknown Object (User) created this object in space S1 VyOS Public.
Unknown Object (User) updated the task description. (Show Details)Jan 14 2022, 4:42 AM
Unknown Object (User) renamed this task from NTP allow-clients address requires a reboot to NTP allow-clients address doesn't work.Jan 14 2022, 9:55 AM
Unknown Object (User) updated the task description. (Show Details)
Unknown Object (User) updated the task description. (Show Details)Jan 14 2022, 10:01 AM
Unknown Object (User) added a project: VyOS 1.4 Sagitta.
Unknown Object (User) changed Version from 1.3.0 to 1.3.0, 1.4-rolling-202201060842.
Viacheslav changed the task status from Open to In progress.Jan 15 2022, 3:14 PM
Viacheslav claimed this task.
Viacheslav changed the subtype of this task from "Task" to "Bug".
Viacheslav renamed this task from NTP allow-clients address doesn't work to NTP allow-clients address doesn't work it allows to use ntp server for all addresses.Jan 15 2022, 3:32 PM