root@OpenWrt:~# tcpdump -vvvn -i tunl0 udp and port 123 and host 44.1.1.44
tcpdump: listening on tunl0, link-type RAW (Raw IP), snapshot length 262144 bytes
10:09:07.781705 IP (tos 0x48, ttl 64, id 11385, offset 0, flags [DF], proto UDP (17), length 76)
44.60.44.1.46695 > 44.1.1.44.123: [bad udp cksum 0x85b3 -> 0x9279!] NTPv4, Client, length 48
Leap indicator: (0), Stratum 0 (unspecified), poll 0 (1s), precision 0
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 1349083242.779565174 (1942-10-02T09:20:42Z)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 1349083242.779565174 (1942-10-02T09:20:42Z)
10:09:07.981557 IP (tos 0x0, ttl 50, id 38178, offset 0, flags [DF], proto UDP (17), length 76)
44.1.1.44.123 > 44.60.44.1.46695: [udp sum ok] NTPv4, Server, length 48
Leap indicator: (0), Stratum 2 (secondary reference), poll 0 (1s), precision -22
Root Delay: 0.004333, Root dispersion: 0.039169, Reference-ID: 0x55c7d666
Reference Timestamp: 3924323032.642092258 (2024-05-10T09:43:52Z)
Originator Timestamp: 1349083242.779565174 (1942-10-02T09:20:42Z)
Receive Timestamp: 3924324547.884376446 (2024-05-10T10:09:07Z)
Transmit Timestamp: 3924324547.884487523 (2024-05-10T10:09:07Z)
Originator - Receive Timestamp: +2575241305.104811271
Originator - Transmit Timestamp: +2575241305.104922349
So now the question truly begs. Since you know our IPs, why not make a firewall/access rule allowing them also (that's what I do, because it seems to have been done on the old gw.ampr.org)?
It seems that we took an extremely circuitous route for me to determine the same information I inquired upon originally and had to learn through days of seeing connectivity errors relying on the statement. I'm glad it's clarified now.