OpenNTP will not start

stvboyle

I'm running 2.0-RC1. I enabled OpenNTP on the LAN interface. Under System -> General Setup I have the ntp server configured as 0.us.pool.ntp.org. Under Status -> Services it shows ntpd as stopped. It will not seem to start, status is always Stopped. Under Status -> System Logs -> OpenNTP there are no log entries. My NTP clients show a status of INIT, they are not getting the time.

What am I missing here?

AhnHEL

Known bug, there is a recent commit for ntpd but i dont know if it resolves this issue.

stvboyle

I updated to a newer build and the ntpd service would start but my clients could still not get the time. I did get it working with a little effort, here is what I did:
1. Setup time servers and enabled OpenNTPD through the web admin interface.
2. Telnet into pfSense.
3. Kill all processes related to ntp.
4. Edit /var/etc/ntpd.conf - add 'listen on <insert a="" lan="" ip="" here="">' and 'listen on 127.0.0.1'.
5. Run /bin/sh /usr/local/sbin/ntpdate_sync_once.sh.

At that point my clients were able to connect and starting getting time updates. If I upgrade I have to do the steps over again. I suspect on reboot I have to do steps 2, 3 and 5 again.</insert>

AhnHEL

I was just about to post to report that even though NTPD service is started, that it appears to not be working.

Seems even a restart of the service will always overwrite the conf file.

Thanks for the temporary workaround.

Tikimotel

Solution:
In "/etc/inc/system.inc" replace $ntpdcfg with $ntpcfg
The correct function should be like below.


function system_ntp_configure() {
	global $config, $g;

	$ntpcfg = "# \n";
	$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
	$ntpcfg .= "# \n\n";

	/* foreach through servers and write out to ntpd.conf */
	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
		$ntpcfg .= "servers {$ts}\n";
	}
	/* Setup listener(s) if the user has configured one */
       if ($config['installedpackages']['openntpd']) {
    		/* server config is in coregui1 */
		$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
		if ($xmlsettings['enable'] == 'on') {
			$ifaces = explode(',', $xmlsettings['interface']);
			$ifaces = array_map('get_real_interface', $ifaces);
			$ifaces = array_filter($ifaces, 'does_interface_exist');
			$ips = array_map('find_interface_ip', $ifaces);
			foreach ($ips as $ip) {
				if (is_ipaddr($ip))
					$ntpcfg .= "listen on $ip\n";
			}
		}
	}
	$ntpcfg .= "\n";

	/* open configuration for wrting or bail */
	$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
	if(!$fd) {
		log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
		return;
	}
	fwrite($fd, $ntpcfg);

	/* slurp! */
	fclose($fd);

line $ntpdcfg .= "listen on $ip\n"; was/is wrong, "listen on 192.168.0.1" for example was never written in "/var/etc/ntpd.conf"

To test / generate new ntpd.conf via:
Diagnostic:execute command (php execute)

system_ntp_configure();

my "/var/etc/ntpd.conf"

# 
# pfSense OpenNTPD configuration file 
# 

servers nl.pool.ntp.org
servers de.pool.ntp.org
listen on 192.168.0.1

AhnHEL

Thanks for your assistance Tikimotel.

Made your edits to the inc file and I can confirm the conf file is proper now with the "server" and the "listen on" entries.

Issue I'm having now is that when I start the service, Status/Services shows it as stopped always. Any ideas?

Tikimotel

Onhel, i'm still looking for logging of the service.
The timeserver system of ntp and ntpd seems a mix of ntp and an old openntpd package integrated into the release.
Names of conf files mentioned in the various files involved with configuring the "openntd" are inconsistent.

I can't reproduce your stopped service, it is running (and stops/starts) fine on my install.

The names of the ntp servers won't resolve? (so it won't start??) Try ipnumbers (not names) in system–>general setup

Maybe starting the service (ntpd) from a shell might return some information on why it won't start.
Since adding a "driftfile" to the config doesn't work.
I believe ntpd is not the ntp mentioned at http://support.ntp.org/bin/view/Servers/NTPPoolServers,
but openntp ported from openbsd see man pages here http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd
and here http://www.openbsd.org/cgi-bin/man.cgi?query=ntpd.conf.

Maybe the command-line options "-v" or "-n" could shed a light on your start / stop issue?
I'm trying to help but I'm no real expert.

Tikimotel

:)
Try this command-line in a shell

 /usr/local/sbin/ntpd -d -f /var/etc/ntpd.conf

The output should be similar to this:
(use crtl+c to abort at anytime)


listening on 192.168.0.1
listening on 127.0.0.1
ntp engine ready
reply from 178.251.120.16: offset 0.088332 delay 0.009902, next query 6s
reply from 109.72.80.61: offset 0.030679 delay 0.010436, next query 7s
reply from 85.17.141.90: offset 0.018913 delay 0.010278, next query 7s
reply from 213.198.55.2: offset 0.018760 delay 0.016012, next query 8s
reply from 131.188.3.220: offset 0.019946 delay 0.020260, next query 5s
reply from 212.112.227.201: offset 0.022334 delay 0.020664, next query 9s
reply from 178.63.212.146: offset 0.019786 delay 0.021309, next query 8s
reply from 193.228.143.13: offset 0.017242 delay 0.037530, next query 9s
reply from 80.153.14.198: offset 0.021177 delay 0.041390, next query 9s
reply from 131.188.3.220: offset 0.018617 delay 0.017646, next query 6s
..
..
..
reply from 212.112.227.201: offset 0.022671 delay 0.020763, next query 8s
reply from 193.228.143.13: offset 0.017741 delay 0.037683, next query 5s
peer 178.251.120.16 now valid
reply from 178.251.120.16: offset 0.087101 delay 0.008655, next query 8s
peer 131.188.3.220 now valid
reply from 131.188.3.220: offset 0.019348 delay 0.018466, next query 9s
peer 85.17.141.90 now valid
reply from 85.17.141.90: offset 0.018607 delay 0.008756, next query 7s
peer 109.72.80.61 now valid
reply from 109.72.80.61: offset 0.030426 delay 0.008848, next query 8s
peer 178.63.212.146 now valid
reply from 178.63.212.146: offset 0.019605 delay 0.019835, next query 6s
..
..
..
reply from 213.198.55.2: offset 0.019852 delay 0.015709, next query 32s
^Cntp engine exiting
Terminating

It seems the port is stripped clean, there aren't many options available.

ntpd: illegal option -- n
usage: ntpd [-dSs] [-f file]

AhnHEL

I'm using a 64 bit snap from April 1st. Is it possible there are some code differences and thats why the inc edits arent working for me?

There are two instances of ntpdcfg that I changed to ntpcfg to match what you posted that I highlighted in red but still no luck. Once I put the d back in ntpcfg, the service starts again.

function system_ntp_configure() {
global $config, $g;

$ntpcfg = "# \n";
$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
$ntpcfg .= "# \n\n";

/* foreach through servers and write out to ntpd.conf /
foreach (explode(' ', $config['system']['timeservers']) as $ts) {
$ntpcfg .= "servers {$ts}\n";
}
/ Setup listener(s) if the user has configured one /
if ($config['installedpackages']['openntpd']) {
/ server config is in coregui1 */
$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
if ($xmlsettings['enable'] == 'on') {
$ifaces = explode(',', $xmlsettings['interface']);
$ifaces = array_map('get_real_interface', $ifaces);
$ifaces = array_filter($ifaces, 'does_interface_exist');
$ips = array_map('find_interface_ip', $ifaces);
foreach ($ips as $ip) {
if (is_ipaddr($ip))
$ntpcfg .= "listen on $ip\n";
}
}
}
$ntpcfg .= "\n";

/* open configuration for wrting or bail */
$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
if(!$fd) {
log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
return;
}
fwrite($fd, $ntpcfg);

/* slurp! */
fclose($fd);

Tikimotel

$ntpcfg is only a collection of "strings" which will be used to write to a file called "/var/etc/ntpd.conf" and has nothing to do with the starting or stopping of the service.
So I'm baffled why it is going "wrong" with your install…
Have you tried executing the command-line I showed earlier? (using the correct /var/etc/ntpd.conf offcourse)

function system_ntp_configure() {
global $config, $g;

$ntpcfg = "# \n";
$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
$ntpcfg .= "# \n\n";

$ntpcfg =
# 
# pfSense OpenNTPD configuration file 
#

/* foreach through servers and write out to ntpd.conf */
foreach (explode(' ', $config['system']['timeservers']) as $ts) {
$ntpcfg .= "servers {$ts}\n";
}

$ntpcfg =
# 
# pfSense OpenNTPD configuration file 
# 

servers nl.pool.ntp.org
servers de.pool.ntp.org
servers europe.pool.ntp.org

/* Setup listener(s) if the user has configured one /
if ($config['installedpackages']['openntpd']) {
/ server config is in coregui1 */

Here it checks if the "packageinformation" is in /conf/config.xml

$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
if ($xmlsettings['enable'] == 'on') {

locate and test if <enable>on</enable> is true

$ifaces = explode(',', $xmlsettings['interface']);

locate and put into array <interface>LAN,Loopback</interface>

$ifaces = array_map('get_real_interface', $ifaces);
$ifaces = array_filter($ifaces, 'does_interface_exist');
$ips = array_map('find_interface_ip', $ifaces);

convert LAN and Loopback into ipnumbers --> 192.168.0.1,127.0.0.1 --> Test ipnumbers --> into array $ips

foreach ($ips as $ip) {
if (is_ipaddr($ip))
$ntpcfg .= "listen on $ip\n";
}
}
}
$ntpcfg .= "\n";

$ntpcfg =
# 
# pfSense OpenNTPD configuration file 
# 

servers nl.pool.ntp.org
servers de.pool.ntp.org
servers europe.ntp.org
listen on 192.168.0.1
listen on 127.0.0.1

/* open configuration for wrting or bail */
$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");

test if $ntpcfg can be written, "{$g['varetc_path']}/ntpd.conf" is destination of $ntpcfg

if(!$fd) {
log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
return;
}
fwrite($fd, $ntpcfg);

here $ntpcfg is written to file

/* slurp! */
fclose($fd);

file is closed

AhnHEL

Executing the command line I get the following after making the edit:

root(1): /usr/local/sbin/ntpd -d -f /var/etc/ntpd.conf
listening on 192.168.1.1
fatal: bind: Address already in use
dispatch_imsg in main: pipe closed
Terminating

Without making any edits, I get output and the service is running but mind you I dont have the listen on entries in the conf file so no clients can sync to ntpd.

/usr/local/sbin/ntpd -d -f /var/etc/ntpd.conf
ntp engine ready
reply from 209.167.68.100: offset 0.076802 delay 0.020013, next query 8s
reply from 173.193.227.67: offset 0.080000 delay 0.019019, next query 9s
reply from 72.26.125.125: offset 0.081708 delay 0.085034, next query 8s
reply from 209.167.68.100: offset 0.078196 delay 0.018326, next query 8s
reply from 72.26.125.125: offset 0.082557 delay 0.084236, next query 7s
reply from 173.193.227.67: offset 0.080637 delay 0.014315, next query 7s
reply from 72.26.125.125: offset 0.081665 delay 0.080064, next query 9s
reply from 209.167.68.100: offset 0.078240 delay 0.018210, next query 6s
reply from 173.193.227.67: offset 0.082350 delay 0.018398, next query 6s
peer 209.167.68.100 now valid
reply from 209.167.68.100: offset 0.079528 delay 0.019125, next query 8s
peer 173.193.227.67 now valid
reply from 173.193.227.67: offset 0.083322 delay 0.019781, next query 6s
peer 72.26.125.125 now valid
reply from 72.26.125.125: offset 0.082294 delay 0.079365, next query 9s
reply from 173.193.227.67: offset 0.083190 delay 0.016300, next query 6s
reply from 209.167.68.100: offset 0.080482 delay 0.019987, next query 8s
/etc/inc/system.increply from 72.26.125.125: offset 0.083860 delay 0.081156, next query 9s
reply from 173.193.227.67: offset 0.083825 delay 0.015223, next query 8s
reply from 209.167.68.100: offset 0.081236 delay 0.019048, next query 8s
^Cntp engine exiting
Terminating

So it seems my only issue is getting the string(s) that put the listen on entries into the conf file because the service is running fine.

skywalker

has someone managed to fix this?
I ran into exactly the same problem.
I noticed that after fixing the system.inc, the /usr/local/sbin/ntpdate_sync_once.sh script seems to run forever thus blocking port 123 thus ntpd won't start.
Does this help?

racmar

Yes, I have this same problem with ntpdate_sync_once.sh running forever. My temp. fix is to comment out ntpdate on line 7 like so:

	#ntpdate $SERVER

I haven't figured out why it is hanging and blocking port 123, but the above temp. fix at least lets ntpd run.

Tikimotel

I'm puzzled by the message from Onhel:
root(1): /usr/local/sbin/ntpd -d -f /var/etc/ntpd.conf
listening on 192.168.1.1
fatal: bind: Address already in use
dispatch_imsg in main: pipe closed
Terminating

Have you tried "loopback" (a.k.a 127.0.0.1) is it also already in use?

I only needed to make my above mentioned adjustments and open the firewall (locally) for the ntp port, in order to get clients to use pfsense as a ntp-server.

Onhel ? Clean install or Update over pfsense 1.2.3 ?
Maybe some older 1.2.3 firewall settings mess thing up. (old default rules?)

My system is a clean pfsense 2.0 install from late march and updated via manual update. (2.0-RC1 (amd64) built on Fri Mar 25 03:25:35 EDT 2011 )
(stopped updating for a while now, since the upnp problems of recent snapshots.)

I had to add the LAN firewall settings myself. No default "rules" for reaching dns forwarder, upnp or nat-pmp for instance.
(this works for me… )

Firewall_settings_NTP.png_thumb

AhnHEL

Yes Loopback is on.

Its from a clean install, started from scratch some time ago so no remnants of 1.2.3

I even used a clean install and removed all references to ntpd in my config. Only way to get it running is to kill all ntp processes and then I can start and stop the service as normal but I still get fatal bind error running the above command.

vorgusa

I am having the same problem still with "built on Wed Apr 6 " its the script used to update the time when the pfsense starts (at least thats what I think it does)

[2.0-RC1][user@router]/home/user(5): ps -aux | grep ntp
root 38597 0.0 0.1 3656 1400 ?? SN 7:47PM 0:05.38 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh
root 38697 0.0 0.1 3656 1364 ?? IN 7:47PM 0:00.00 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh
root 41630 0.0 0.1 3504 1356 ?? SN 7:47PM 0:00.25 ntpdate 0.pfsense.pool.ntp.org
root 12536 0.0 0.1 3656 1396 v0- S 7:47PM 0:05.34 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh

It just hangs and leaves the port open so when NTPD tries to start it can not. Once those are killed ntpd can start.

The script seems to run fine once the original ones have been killed, maybe something to do with when/how its started?

[2.0-RC1][root@router]/usr/local/sbin(7): ./ntpdate_sync_once.sh
7 Apr 08:28:57 ntpdate[41586]: adjust time server 207.150.168.70 offset 0.032785 sec
[2.0-RC1][root@router]/usr/local/sbin(9): ps -aux | grep ntp
root 42402 0.0 0.1 3316 1340 ?? Ss 8:29AM 0:00.00 ntpd: [priv] (ntpd)
_ntp 42196 0.0 0.1 3316 1344 1 S 8:29AM 0:00.00 ntpd: ntp engine (ntpd)

vorgusa

Do the people with the problem have a VPN running? if I stop my NTPD and restart my site to site vpn, I get the ntpdate_sync_once script again plus ntpdate. NTPD does not start up which I believe the ntpdate_synch script is supposed to do when its done

[2.0-RC1][root@router]/etc(48): ps -aux | grep ntp
root 22882 1.1 0.1 3504 1396 ?? SN 9:00AM 0:00.01 ntpdate 0.pfsense.pool.ntp.org
root 21483 1.0 0.1 3656 1504 ?? SN 9:00AM 0:00.00 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh

racmar

Now that I think about it, the NTPD problem did start after I enabled the VPN.

racmar

I just deleted my VPN and NTPD start fine after a reboot. Interesting, and good catch vorgusa!

AhnHEL

Some commits but still not running right, see below link.

http://redmine.pfsense.org/issues/1397