Based on my packet captures, this looks like a path-specific problem with NTS-protected UDP/123 traffic rather than a general chrony packaging/configuration failure.
The default Ubuntu chrony config and `.sources` files are present on my systems and look correct. Since the default NTS configuration failed to sync, I tested other NTS/NTP servers to narrow down the failure. This occurred on two fresh Ubuntu 26.04 installs: Raspberry Pi 4 running Ubuntu 26.04 Server AMD64 system running Ubuntu 26.04 Desktop / GNOME In my case: PTB plain NTP over UDP/123 works. PTB NTS-KE over TCP/4460 works. PTB NTS-protected NTP over UDP/123 gets no replies. Netnod NTS works, but Netnod uses UDP/4123 for the authenticated NTP stage, not UDP/123. So my current interpretation is that UDP/123 is not blocked generally, but larger or NTS-shaped UDP/123 packets appear to be dropped or filtered somewhere on the network path. Ubuntu’s default NTS setup may fail for users on networks like mine if the default NTS servers use UDP/123 for the authenticated NTP stage. This appears to be an interoperability/reachability problem with NTS- over-UDP/123 on some networks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2152270 Title: nts-bootstrap-ubuntu.crt missing CN=ubuntu CA cert, NTS sync fails on fresh install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2152270/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
