Could having NTP server enabled on the client or server cause a ip leak somehow?
I read the suggestion here.
Thoughts on this?
Is this suggesting that having the NTP server enabled in LuCI means it will act as the NTP server for the computer connecting to the travel router and this can somehow leak geographical information?
The reason I am asking is because I compiled a few suggestions across posts and this is one of the things I disabled on my travel router and today I started to experience odd behavior with the connection dropping for like 30 minutes or so. I read in this post that WG relies somewhat on servers to be synced on time.
Also, should both the client and server routers be synced on the same timezone? One is GMT and the other is EST.
NTP is always UTC which is effectively GMT from a human perspective. What you set your system’s local time to is your own decision.
Your local hosts are exchanging time packets with your router. Your router is exchanging time packets with the outside world. Typically these contain only UDP headers, timestamps, and other protocol-related information. Both the SNTP and NTP protocols are open and the packet contents can be examined.
My only concern is about having work laptop thats connected to the travel router use it as an NTP server somehow. Just want to confirm that “NTP client” enabled on a travel router which is the wireguard client won’t result in this behavior? Thanks
Sorry I was confused in my original post. I meant to say NTP client rather than server. It is enabled by default and when checking I see that ntp server setting on both wg server and client is disabled by default.
root@GL-MT2500:~# uci get system.ntp.enable_server
The NTP servers are often sent with the DHCP lease. If your machine is configured to use what DHCP suggests, it will likely use the router if it is advertising itself as supplying NTP.
With that in mind, does this hold true then?
I guess i am wondering, if the travel router is an NTP client does that mean the clients of the travel router are also ntp clients and would that request happen locally on the travel router or is it sent through the tunnel to happen on the wg server side.
I saw some comments by @hansome on another thread about NTP leaking but I think that was referring to having the NTP server enabled and not the client.
Sorry if people are burnt out with another leak question, I have browsed through so many threads with great info but no one post has all the information. it would be awesome if we could compile this info a blog post or faq that hits every concern regarding leaks and best practices. i would contribute to it but I know others on here are far more knowledgable on the technical aspects.
Well, taking the time to understand how a service works would probably help both in phrasing of your questions and understanding the answers.
The NTP client will be sending NTP packets to remote NTP servers. It will receive replies back from those servers. Based on those replies, it will adjust the clock of the local machine in order to try to keep it synchronized with NTP time.
And only if that same host (you router) runs an NTP server, would clients on the local network be exchanging NTP packets with that host.
Most current laptop and desktop OS is incorporate a time client. It may be NTP or the simplified SNTP.
As previously stated, The NTP protocol in its common form does not include any geographic data. I have no idea what the poster of the message you referred to is concerned about.
If you truly have concerns about your company laptop, you really should be discussing it with your security team, not a bunch of randoms on various Internet boards. They should be supplying you a VPN and appropriate configuration so the critical services like DNS and NTP are only supplied by trusted sources.
If the wireguard client tunnel is ready, the NTP traffic is through the tunnel, if the tunnel tears down, NTP traffic is through the ISP network.
We don’t count this as leak, because the router protects the traffic from its LAN side, which is the most of internet traffic.