Figure
1:
An example of the time dispersion for my NTP server (green dots,
left axis), click on the graph to go to the current data
Network Time Server
stratum-2 free to use NTS / NTP time server
This is the homepage / info-page of the Network Time Security server ntp.viarouge.net
This time server provides a NTP service on both UDP port 443 (to bypass the NTP router filtering) as well as the standardized 123 port, and encrypted TLS1.3 NTS service on TCP port 4460 to initiate encryption.
It retrieves time data exclusively from other NTP servers providing NTS (encrypted) service and so should theoretically not be subject to man in the middle attack
It should be most of the time a stratum-2-server since it recovers time data from some stratum-1-server as ie. PTB in Germany
Here below is an example of the server’s “chronyc sources -v” returned table:
.-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ gbg1-ts.nts.netnod.se 1 10 377 229 +113us[ +113us] +/- 18ms ^+ time.cloudflare.com 3 10 21 21m +1810us[+1810us] +/- 10ms ^+ ptbtime1.ptb.de 1 10 21 22m +1711us[+1711us] +/- 10ms ^* ntppool1.time.nl 1 10 21 28m +260us[ +390us] +/- 10ms ^+ paris.time.system76.com 2 10 114 61m -2996us[-2876us] +/- 17ms ^- ntp2.glypnod.com 2 10 21 21m -102us[ -102us] +/- 25ms
This server is world opened, and you can add it to your own server, but please consider these statements before to do that:
- It runs inside a virtual private server (VPS), GNU/Linux Debian 12, chronyd (chrony) version 4.3
- I do my best for it running 24/7, but I cannot guarantee this
- it is located in France, near Nancy, it is a member of the pool of ~200 French NTP IPv4 servers (pool.ntp.org does not yet reference the encrypted time broadcast servers)
- as running in a virtual machine (VPS), this server cannot have such low time dispersion as a bare metal server could have, the image below shows that (check if it is compatible with your needs):
Figure
1:
An example of the time dispersion for my NTP server (green dots,
left axis), click on the graph to go to the current data
If you use chrony, you can take advantage of the workaround to bypass the NTP filtering done by many BGP routers on the Internet, by adding this line to your chrony.conf:
- to retrieve NTS TLS1.3 encrypted time :
server ntp.viarouge.net port 443 nts iburst
- to retrieve standard NTP (non-encrypted time) :
server ntp.viarouge.net port 443 iburst
If you use NTP / NTPsec, I am not sure that it is possible to select alternative UDP port other than the default 123, so the standard NTP queries on UDP 123 are internally redirected to port UDP 443 too, and so that allows a classical configuration:
- to retrieve NTS TLS1.3 encrypted time (with NTPsec) add this line to ntp.conf:
server ntp.viarouge.net nts iburst
- to retrieve standard NTP (non-encrypted time, with NTP) add this line to ntp.conf:
server ntp.viarouge.net iburst
NTP servers list with NTS support
updated: 2013.07.31