NTP clock sync
-
Only snort.
-
That might do it.
Turn off snort for a while and see if it becomes stable.
-
I'm sorry, I'm new at this…
How can I make snort not start following a reboot without uninstalling the package?
-
By uninstalling it…
-
I also notice sometime I change theme ntp would go down, and sometime hard to starts like you need to do a few times before ntp will come up.
I would suggest try to use other ntp server, I did that and that did fixed it for me. -
Removing snort didn't help. :'(
Even manually starting the service does not always work but I have found what I think is an always working workaround: press the Save button (nothing needs to be changed) on the System, General Setup page.
-
Are you blocking port 123? Forwarding port 123? Is your NTP server busted?
-
I am actually forwarding ntp on my WAN interface to my internal ntp server. No on the other 2 questions.
I should probably explain a little more about my configuration.
As I am new to pfSense, this is a testing/learning installation in a VirtualBox VM (with all 3 network interfaces bridged).
It is located behind a simple NATing DD-WRT router without any port forwarding, so the ntp service forwarding in pfSense mentioned above is never hit by any traffic.
I have my ntp server running in the VirtualBox host OS (Ubuntu Server 12.04 LTS) and in addition to that I have a couple of public ntp servers configured in pfSense.
Internal ntp (and VirtualBox) host is 192.168.10.10 and pfSense VM is 192.168.10.254.
Most of the times the ntp service does not start following a reboot but occasionally it works.
When the service starts, sometimes it is able to connect with all my configured servers but most often I get "Unreach/Pending" on the public ones.
I presently do not have any interfaces selected on the Services, NTP page but I have noticed no difference in behaviour when selecting LAN and WAN.
-
Ahhh - I see. So you broke it.
Did you know that pfsense makes an ok NTP server?
Why are you doing it elsewhere?
-
Ahhh - I see. So you broke it.
I'm sorry for being thick, but in what way?
Did you know that pfsense makes an ok NTP server?
It doesn't appear to be so okay to me… ;D
Why are you doing it elsewhere?
Because that was used long before I even started to consider pfSense. I also like redundancy so I intend to keep it even if I decide on using pfSense for production.
-
Well - You have pfsense being an NTP server already. Then you have additional NTP Servers. I think all these NTP Servers are on public IP right?
I wonder. What would happen if you stopped forwarding your NTP port? Just removed that rule you added.
-
Well - You have pfsense being an NTP server already.
Correct but presently being very unreliable (that may however be my fault).
Then you have additional NTP Servers.
Only one, my Ubuntu server (192.168.10.10) on my internal LAN network. The other ntp servers I have configured in pfSense are public ntp servers on the internet.
I wonder. What would happen if you stopped forwarding your NTP port? Just removed that rule you added.
No difference, ntp service in pfSense is still unreliable.
-
Hmmm… Sorry if you already said, but is this freshly upgraded to 2.1?
If so, maybe a clean install with fix it for you. You can restore your settings after.
-
Hmmm… Sorry if you already said, but is this freshly upgraded to 2.1?
Yes. 2.0.3 > 2.1 RC > 2.1 released, with the two upgrades happening only the last few days.
If so, maybe a clean install with fix it for you.
Maybe and that is of course not a problem since this is for testing only but when evaluating the system for possible production use, it isn't an confidence building message…
-
I suspect a clean install SHOULD fix it since mine works fine as do most.
Keep in mind I always fully expect for the person with a pfsense complaint to flounder helplessly for about a couple days and then suddenly say "I just realized my Ethernet cable was unplugged" or something.I'd wipe it and reinstall - load no packages and set no rules. Try NTP.
If it works, it works.
Then restore your settings.
Hopefully it doesn't break.
If it does, it means something you have done is wrong.
-
Will do.
Thank you very much for being so very helpful!
-
I haven't helped you yet - But hopefully I can. Lets see what happens with a fresh install.
-
At least you have tried very much, for which I am grateful.
New 2.1 install, configuration restored -> same issue…
-
That is so strange. Something on your network is killing NTP. Has to be.
Its not broken here. Did you select WAN as interface and save? And you entered DNS servers? And you have NTP server address entered?
-
Something on your network is killing NTP. Has to be.
I very much doubt that (no such indication on any other system in the network) and even if it was, the result in pfSense should only be no contact (or in some other way a non-functional ntp), not that the service totally fail to start.
Regardless of whatever specific things I (and owner524 and val) have in the setup that causes issues, the service should still be starting. I tend to think it is a bug, that is only showing under some specific conditions.
It would probably be very useful if the other users reporting problems here could explain about their respective configurations. Maybe we could find out what we have in common that may cause the issue?
In addition to what I have reported so far in the thread, I can add that it is a full 64 bit install and I used the FreeBSD 64 bit template, gave it 3 bridged network interfaces, 2 cpus and 4011 MB RAM in VirtualBox.
Its not broken here.
Yes it seems only a few of us are having this issue.
Did you select WAN as interface and save?
Well I have to select both WAN and LAN since I have both my own and public ntp servers configured but there is no change in behaviour. And really, not selecting any interface does mean all interfaces are used, if I understand things correctly? If so it should be more forgiving, if anything, to not select any interface.
Only selecting the WAN interface means also that in your local network you cannot use the pfSense as an ntp server serving your internal network, doesn't it?
By my trial and error testing, I'm under the impression that the ntp server interface selection does limit the interface usage both for when the ntp service connects to other servers and also for serving ntp clients.
And you entered DNS servers?
Yes and it is working.
And you have NTP server address entered?
Yes, remember that when I use the manual workaround reported earlier (press the Save button on the System, General Setup page), so far the service have started every time and then it works.
