OpenNTP won't start
-
There is an issue with ntpd starting, it started with this change I believe: https://github.com/bsdperimeter/pfsense/commit/d46c3acd20608169bc577c81806064499db3f946
verbosity doesn't seem to be an option for OpenNTP, but there is an option for a logfile, -l
ntpd - NTP daemon program - Ver. 4.2.4p5 USAGE: ntpd [ - <flag>[<val>] | --<name>[{=| }<val>] ]... Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution -6 no ipv6 Force IPv6 DNS name resolution -a no authreq Require crypto authentication -A no authnoreq Do not require crypto authentication -b no bcastsync Allow us to sync to broadcast servers -c Str configfile configuration file name -f Str driftfile frequency drift file name -g no panicgate Allow the first adjustment to be Big -i Str jaildir Jail directory -I Str interface Listen on interface -k Str keyfile path to symmetric keys -l Str logfile path to the log file -L no novirtualips Do not listen to virtual IPs -n no nofork Do not fork -N no nice Run at high priority -p Str pidfile path to the PID file -P Num priority Process priority -q no quit Set the time and quit -r Str propagationdelay Broadcast/propagation delay -U Num updateinterval interval in seconds between scans for new or dropped interfaces -s Str statsdir Statistics file location -t Str trustedkey Trusted key number -u Str user Run as userid (or userid:groupid) -v Str var make ARG an ntp variable (RW) -V Str dvar make ARG an ntp variable (RW|DEF) -x no slew Slew up to 600 seconds -v opt version Output version information and exit -? no help Display usage information and exit -! no more-help Extended usage information passed thru pager Options are specified by doubled hyphens and their name or by a single hyphen and the flag character.</val></name></val></flag>error on startup:
Starting OpenNTP time client…ntpd: illegal option --v
usage: ntpd [-dSs] [-f file] -
Did you actually do a binary update, or just a gitsync? Mine does not complain about that option.
-
As mentioned before around here, pfsense has both openntp and true ntpd – why I have no freaking idea, that makes little sense to me. Pick one ;) openntp is the wrong choice.
But hey simple pkg_add -r and I have the current version and for everything else you need so you can log and can query it with ntpq or ntpdc, etc..
you listed out the options for ntpd, but then when you ran it was openntp
ls -la /usr/local/sbin/ntpd
-r-xr-xr-x 1 root wheel 43984 Mar 21 07:57 /usr/local/sbin/ntpdls -la /usr/sbin/ntpd
-r-xr-xr-x 1 root wheel 347760 Mar 21 07:55 /usr/sbin/ntpdthe one in usr/sbin is
/usr/sbin/ntpd --version
ntpd - NTP daemon program - Ver. 4.2.4p5one in /usr/local/sbin is that other pos ;)
-
We'd love to use the stock FreeBSD ntpd but it does not support selective binding that we need. You can filter it in various ways but it doesn't change the fact that it will always bind to every IP. OpenNTPd, when told to only listen on certain IPs, only binds to those and no others.
OpenNTPd does log correctly on current snapshots.
-
what does it matter if binds to all ips? Not going to be open from wan until you allow the firewall rule. Its not going to answer queries until configured to do so, etc.
I agree it not an optimal thing – you really should be able to bind to the ips you want/need. But the to me the many other features outweigh that small flaw.
"OpenNTPd does log correctly on current snapshots."
What does it log?? I just started it up vs the ntpd -- now I am blind to checking if its sync'd or not because I can not query it. I see it started in the system log.. But not seeing any entries in openntp tab in the logs section.
4:13 php: /status_services.php: OpenNTPD is starting up.
I am on the latest snap I do believe
2.1-DEVELOPMENT (i386)
built on Wed Apr 18 18:25:03 EDT 2012
FreeBSD 8.3-RELEASEYou are on the latest version.
What does it log?
-
Because to make the NTP service properly accessible in many cases, especially over VPNs, it's required.
The way NTP works (and most UDP services) the reply is sourced from the bound interface closest to the client. So, say you have LAN and DMZ. If you request the time from the LAN interface from a DMZ client, it responds from the DMZ interface, even when the request was made to the LAN, so the reply is ignored. If the daemon is only bound to the LAN IP, that's where the reply comes from.
Now imagine you're querying the service on a CARP VIP, the reply comes from the interface, not the CARP VIP… kind of annoying, at least it did last I tried it.
-
OpenNTPd does log correctly on current snapshots.
I'm running 2.1-DEVELOPMENT (i386) built on Tue Apr 17 16:58:04 EDT 2012 FreeBSD 8.3-RELEASE and my ntpd log is empty.
I expected to see at least a startup message.
My snapshot not current enough?
-
K - how about since you have both versions installed we get something in the gui that allows for which one you want to run! That would be the best of both worlds and make everyone happy I think?
Not sure why and the hell I would not just query the dmz interface for ntp for boxes in my dmz? As to vpn, again could not just query the correct ip ;) Since as you stated its going to be listening on every one? Since you can not just bind it to specific.
Same thing goes with your carp vip example.. Again its listening on all IPs is not?? Then query the one you want a reply from – why would you ever query the interface that is not closest too you?? I could see the thing with the VIP being hey that's the logical one, etc.
Not sure i would ever being doing queries to a ntp over a vpn connection in the first place? Run one local to that network, and sync it to a good source, etc.
Again the features of the full ntpd so far outweigh the selective binding - the openntp client other than selective binding blows chunks compared to the normal ntpd.
It would be fantastic to allow for simple choice of which one you want to run - that is for sure.
-
Those were just examples, but in the case of the CARP VIP, you are querying the one 'closest' to you. It still responds from the "wrong" IP on the same interface, iirc. It's been a while since I tested that, may need to try it again.
As for the GUI switch, patches accepted. Let me know when you're done coding it up. :-)
I'm running 2.1-DEVELOPMENT (i386) built on Tue Apr 17 16:58:04 EDT 2012 FreeBSD 8.3-RELEASE and my ntpd log is empty.
I expected to see at least a startup message.
My snapshot not current enough?
I thought it may have been fixed by then, but now I'm not seeing logs in mine again. It was logging fine on the 17th after I made some changes to the syslog config format, but now it doesn't seem to be. It was at least logging time adjustments every few minutes.
Apr 17 09:03:50 ntpd[41857]: adjusting local clock by 0.002309s Apr 17 09:07:30 ntpd[41857]: adjusting local clock by 0.000968s Apr 17 09:08:38 ntpd[41857]: adjusting clock frequency by 12.622102 to 0.462800ppm Apr 17 09:13:05 ntpd[41857]: adjusting local clock by 0.003031s Apr 17 09:16:47 ntpd[41857]: adjusting local clock by 0.003045s Apr 17 09:19:28 ntpd[41857]: adjusting local clock by 0.000410s -
updated the binaries and its working again… no logging still... but at least it works :-)
-
I recently upgraded to 2.1-DEVELOPMENT (i386)
built on Sat Apr 28 05:27:55 EDT 2012
FreeBSD 8.3-RELEASE
and ntpd logging is still not working (Status -> System Logs, OpenNTPD tab displays an empty log). -
NTP logging should be fixed now, it's happy in the current snapshot since I fixed it yesterday.
-
NTP logging should be fixed now, it's happy in the current snapshot since I fixed it yesterday.
Thanks.
-
thank you! I think this is the first time I've seen OpenNTPD logging functioning. :)
