Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NTP no server suitable for synchronization found

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 372 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Michal Krzeminski
      last edited by

      Hello, due to network reorganization i had to split existing NTP sources and created a standalone instance of NTP server on the pfSense v23.01.

      The server itself seems to pull the time from outside servers OK:

      Active Peer 194.146.251.101 .EXT. 1 u 22 64 377 1.407 +1.529 0.151
      Candidate 80.50.231.226 .MRS. 1 u 19 64 377 0.715 +1.428 0.057
      Candidate 194.146.251.100 .EXT. 1 u 39 64 377 1.482 +1.517 0.058
      Outlier 213.135.57.60 229.30.220.210 2 u 15 64 377 1.329 +1.447 0.720
      Outlier 195.187.245.55 .GPS. 1 u 31 64 377 1.918 +1.524 0.027

      However, attempts to sync a client vary: i can sync a Windows machine (this particular was my work laptop with time source replaced from time.windows.com to my newly setup server), i can sync a Linux (Debian 5.10) using ntpdate by hand no problem as well:

      ntpdate 10.140.0.1

      3 Apr 10:01:07 ntpdate[237582]: adjust time server 10.140.0.1 offset +0.079342 sec

      However, couple of hosts that synced with a time server before refuse to get synchronized. They run on FreeBSD and response is following:

      ahmes.c.main:~# ntpdate 10.140.0.1
      3 Apr 14:24:12 ntpdate[27920]: no server suitable for synchronization found

      I have turned on packet capture during an attempt but can't make whats wrong with it; the request is received and response sent albeit with bad udp checksum (which may or may not be a problem...not sure).

      Any help would be appreciated. Captured incoming request and response from pfSense ntpserver below.

      14:24:10.840660 IP (tos 0x0, ttl 64, id 41655, offset 0, flags [DF], proto UDP (17), length 76)
      10.142.0.50.123 > 10.140.0.1.123: [udp sum ok] NTPv4, length 48
      Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 4 (16s), precision -6
      Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec)
      Reference Timestamp: 0.000000000
      Originator Timestamp: 0.000000000
      Receive Timestamp: 0.000000000
      Transmit Timestamp: 3921135850.627857999 (2024/04/03 14:24:10)
      Originator - Receive Timestamp: 0.000000000
      Originator - Transmit Timestamp: 3921135850.627857999 (2024/04/03 14:24:10)

      14:24:10.840774 IP (tos 0xb8, ttl 64, id 27891, offset 0, flags [none], proto UDP (17), length 76)
      10.140.0.1.123 > 10.142.0.50.123: [bad udp cksum 0x1596 -> 0x27d3!] NTPv4, length 48
      Server, Leap indicator: (0), Stratum 2 (secondary reference), poll 4 (16s), precision -23
      Root Delay: 0.001373, Root dispersion: 0.010162, Reference-ID: 194.146.251.101
      Reference Timestamp: 3921135473.029547184 (2024/04/03 14:17:53)
      Originator Timestamp: 3921135850.627857999 (2024/04/03 14:24:10)
      Receive Timestamp: 3921135850.840705588 (2024/04/03 14:24:10)
      Transmit Timestamp: 3921135850.840767366 (2024/04/03 14:24:10)
      Originator - Receive Timestamp: +0.212847588
      Originator - Transmit Timestamp: +0.212909366

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The checksum is probably because you have hardware checksum offloading enabled. But if it's not that would be a problem.

        Those clients are set to sync against stratum 1 only? Seems unlikely.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.