• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

ipv6 ntp service over tunnel

Started by sffroelich, September 28, 2010, 05:46:41 PM

Previous topic - Next topic

sffroelich

hi,

i'm probably missing something obvious - i have a tunnel setup to HE, from my home system.  i'm trying to point to both v4 and v6 public ntp servers - can't seem to get sync with any v6 server (even though i can easily ping those servers).  routing tables seem fine - can ping6 and tracepath6 to each v6 ntp server, but the ntp daemon can't get past the INIT state.  v4 targets are no problem.

i've even failed, pointing to the closest HE NTP server:  clock.fmt.he.net.

any ideas?

steve

cholzhauer

Interesting....since you can ping it, I assume all other "normal" IPv6 traffic works on your network?

I just tested the address you gave and my system defaulted to IPv4, but when I filled in the IPv6 address instead of the host name, it worked fine.

bpier

Perhaps obvious, or not:

In my ntp.conf, for example:


Bill

cholzhauer


Keiro

root@serv [~]# ntpdate -6 clock.fmt.he.net
29 Sep 13:54:57 ntpdate[2424]: sendto(clock.fmt.he.net): Operation not permitted
29 Sep 13:54:58 ntpdate[2424]: sendto(clock.fmt.he.net): Operation not permitted
29 Sep 13:54:59 ntpdate[2424]: sendto(clock.fmt.he.net): Operation not permitted
29 Sep 13:55:00 ntpdate[2424]: sendto(clock.fmt.he.net): Operation not permitted
29 Sep 13:55:01 ntpdate[2424]: no server suitable for synchronization found

... I hadn't thought about setting up a ipv6in4 ntp server.

I'll need to work on my ipv6in4 tunnel and get it to work first before that works, I think...

It works via ipv4... time.shatteredtears.com would be the time server in ipv4.

sffroelich

thank you Bill, Keiro, and Cholzhauer. but, i'm still not stuck.
good ideas, and you've helped me gain confidence in my system's routing table; yes, all other "normal ipv6 traffic" i've tried seemed to work fine:  using this system as a tunnel endpoint, and gateway for my home systems, all other systems seem to tunnel thru it just fine. 

and on this system, i tried a "lynx http://ipv6.(various.websites)"and that all worked great.  i was surprised when i tried the "ntpdate -6 clock.fmt.he.net" and it worked!  but resuming the ntp daemon still fails to get past INIT .  (same daemon failure to two other v6 servers - just fine to a v4 server).

setting the -6 option on the server line in /etc/ntp.conf didn't help on any of the 3 servers.
thanks for your helpful ideas. 
i wonder if there's some kind of mtu problem on that startup packet?  i'll try to sniff some packets, and will post any success.

again, thank you for taking time to post ideas.

steve

sffroelich

well, this is getting interesting...  i did get ntp (finally!) to connect to 1 of the 3 v6 ntp servers:  HE's clock.fmt.he.net is the only one, so far.
I'm running Lucid (Ubuntu 10.04) linux, and using the famous ntp client from D. Mills. after much searching, i found out how to launch the daemon, and control which ipv6 address to use for the client requests (only the local virtual tunnel endpoint v6 address - of the 3 i have on the box - works).  in /etc/default/ntp, i added the "-I he-ipv6" virtual interface name).
while watching tcpdump spy on the tunnel, i fired up the daemon.  saw the exchange with clock.fmt.he.net - then for the next in the list (ntp1.linuxhosted.ca - 2001:470:d:1c2:1:1:123:1), i was sent an ICMP6 destination unreachable from 2001:470:d:1c2:1:1:123:1 (recall - i can ping6 it!! but can't ntpdate to it) and the third target (andromeda.ziaspace.com 2001:470:a068:1:250:e4ff:fee0:c035) never answered, and no ICMP6 rebuke either. (perhaps andromeda is down). 
i wonder:  is HE blocking ntp traffic (udp port 123) going out to the public internet? 

bedtime for bonzo, for now.
steve

bpier


sffroelich

thanks, bpier!

i added your whole list - and they all worked just fine! 

the key must have been using the "-I <interface>" option, for me (i must still have some small problem on my machine). 

i'm up with good v6 time sources, now - thanks all.

steve