We have a private network to all our routers, in which we run a internal NTP server from the office which the NTP server has public internet access to get the updated time and then the routers will hit our internal NTP server to grab the latest time, this makes it a bit more secure then having each router open to the internet Daniel From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Matthew Harrison - PrimoWireless Ltd Sent: Tuesday, 3 June 2014 10:09 AM To: Sam Russell Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Mikrotik+certs+1970 I use NTP on all of ours. Regards, Matthew Harrison The Top Dog p. 06 7566620<tel:06%207566620> | e. matthew(a)primowireless.co.nz<mailto:matthew(a)primowireless.co.nz> [Image removed by sender.] Please excuse the shortness of my email as it was sent from my iPhone. On 3/06/2014, at 10:02, Sam Russell <sam.h.russell(a)gmail.com<mailto:sam.h.russell(a)gmail.com>> wrote: Hi all, I'm playing with mikrotiks for VPNs, and one of the "features" is that the RB750's we have don't hold time when they reboot. I'm planning to build them with NTP access (so if they can get internet then they can get time), but I'm also tempted to generate certs backdated to 1970 instead. Is anyone else doing this? How do you get mikrotiks to validate certs if the clock keeps resetting on power off - is relying on NTP the answer? Cheers Sam _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz<mailto:NZNOG(a)list.waikato.ac.nz> http://list.waikato.ac.nz/mailman/listinfo/nznog
