Previously, when VyOS was using ntpd, multiple listen addresses for NTP service were allowed, and this is reflected in documentation.
However, with chrony, you there can only be one bindaddress directive set as per documentation:
Currently, for each of the IPv4 and IPv6 protocols, only one bindaddress directive can be specified. Therefore, it is not useful on computers which should serve NTP on multiple network interfaces.
Test configuration:
vyos@vyos# show service ntp allow-client { address 10.0.0.0/8 } listen-address 10.2.0.1 listen-address 10.3.0.1 server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } server 10.6.0.20 { prefer }
chrony.conf output:
root@vyos:~# cat /run/chrony/chrony.conf ... # NTP should listen on configured addresses only bindaddress 10.2.0.1 bindaddress 10.3.0.1
Client test - it seems NTP queries only work when sent to the last bindaddress specified in chrony config:
$ sudo ntpdate 10.2.0.1 12 Apr 08:34:57 ntpdate[20566]: no server suitable for synchronization found $ sudo ntpdate 10.3.0.1 12 Apr 08:35:05 ntpdate[20578]: adjust time server 10.3.0.1 offset +0.000611 sec
If I remove listen-address from configuration, there is no bindaddress in chrony config file:
root@vyos:~# cat /run/chrony/chrony.conf | grep bindaddress root@vyos:~#
As a result, queryies can be sent to any interface configured in VyOS:
$ sudo ntpdate 10.2.0.1 12 Apr 08:36:50 ntpdate[20589]: adjust time server 10.2.0.1 offset -0.000784 sec $ sudo ntpdate 10.3.0.1 12 Apr 08:36:59 ntpdate[20601]: adjust time server 10.3.0.1 offset +0.000468 sec
I suppose VyOS shouldn't allow more than one listen-address directive for NTP service in order to maintain predictable behaviour.