Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NTP Sync has stopped.

    General pfSense Questions
    3
    5
    279
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrey
      last edited by

      Just noticed time is drifting away and that the NTP Sync to pools has stopped working.
      I've gone back in the logs as far as I can (July 12) and haven't seen a sync. I suspect this is related to 23.05 upgrade that was applied or the 23.05.1 upgrade that was also applied. it was working without issue on prior versions.

      I've changed the pools to try a couple of others, restarted the service and eventually just rebooted. All providing the same result.
      I can ping all the IP addresses returned by the pools.
      Not sure what else I can try.

      1.png

      Never shows any actual time servers and which ones are active.
      2.png

      Looking at the year graph looks like is stopped around July 1st (23.05.1 install around then as I recall)
      3.png

      ntplog.txt

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @jrey
        last edited by NollipfSense

        @jrey said in NTP Sync has stopped.:

        I've changed the pools to try a couple of others, restarted the service and eventually just rebooted.

        Here's mine and I have used these three for the longest time and never had an issue I have noticed. I like to use time.apple.com because most of my devices are Apple's. In the pass, I have used time.google.com also.

        Screenshot 2023-07-22 at 7.53.30 AM.png

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        J 1 Reply Last reply Reply Quote 0
        • J
          jrey @NollipfSense
          last edited by

          @NollipfSense Thanks for the reply I've tried a few different ones as part of testing - and until recently have never had an issue. Now the system never gets to finding candidates or setting an active one. The logs don't really show anything I can see as to why. Clearly see the "when it stopped" in the graph provided. Which correlates in time to the upgrade being applied.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @jrey
            last edited by

            @jrey did you validate the ntp pool fqdn your using even resolves?

            ;; QUESTION SECTION:
;0.ca.pool.ntp.org.             IN      A

;; ANSWER SECTION:
0.ca.pool.ntp.org.      3600    IN      A       162.159.200.1
0.ca.pool.ntp.org.      3600    IN      A       142.4.192.253
0.ca.pool.ntp.org.      3600    IN      A       216.197.156.83
0.ca.pool.ntp.org.      3600    IN      A       209.115.181.107

            Can pfsense resolve them to Ips?

            pool.jpg

            or any other fqdn that your trying to use for ntp?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            J 1 Reply Last reply Reply Quote 0
            • J
              jrey @johnpoz
              last edited by

              @johnpoz Yes, as above "I can ping all the IP addresses returned by the pools." and as is the nature of the pools, you likely get different responses which each subsequent uncached DNS query.
              However those IP addresses can be pinged as well..

              Nothing has really changed in my configuration and clearly it has stopped around the time I applied the last system update.
              But not a DNS issue for sure.

              No FW rules have even been changed since it worked last. The log file I originally attached in the first message has IP address, all check.

              4.png

              I setup a packet trace to check for 123 outbound on the Wan. I don't have an old log file, but I'm pretty sure it use to log the finding and changing of the active.
              Meanwhile
              The packet trace lead to a WTH moment.
              The requests are coming from an IP that I don't use in my network. (10.10.
              ifconfig, it is bound to localhost.
              Wait localhost, why that? (I don't even listen on localhost.)

              5.png

              But what I did, was select (WAN, LAN, localhost) on the above screen, then clear WAN, localhost) and NTP almost immediately started working again.
              Not sure why, but I pulled an old config and localhost has never been selected.
              Seems something in the update made the system think it was, and the system was listening to itself, even though I couldn't see this in the dialog as only LAN appeared selected.

              6.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.