Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NTP Question

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kahomono
      last edited by

      I have two new devices on my network that need correct time.  The problem is, they are in a subnet that has no internet access.

      So I set the time server IP for them both to my pfSense firewall box.  I confirmed it was generally working as a time server by syncing a Windows box to it, successfully.

      I do need to be able to power these devices off and on.  When my devices power on, they default to 2015-01-01 00:00:00.  They are not synching successfully off the firewall.  I suspect the time adjustment they would need is too great so it's refusing to make it.

      Any way I can (A) confirm my suspicion and (B) make it happen anyway?

      1 Reply Last reply Reply Quote 0
      • A
        AndrewZ
        last edited by

        I believe the similar issue exists on all the popular ARM-based [RTC-less] computers like Raspberry, people are using fake-hwclock package to overcome the issue. Essentially it's all about saving/restoring the time to minimize the difference with the NTP time.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          when you power off they reset to 2015 1-1 really?  what are these devices?  Are they doing actual ntp or ntpdate sort of update.  So normally a ntpdate doesn't care what the jump in time/date is.  When doing ntp client yes it will not normally move large chunks.  It can normally skew the clock a specific limit, but this is adjusted at the client not the server side.  If your ntpserver on pfsense is in sync.. Do a ntpq to it and you can see.  for example

          
          ntpq> host pfsense.local.lan
          current host set to pfsense.local.lan
          ntpq> pe
               remote           refid      st t when poll reach   delay   offset  jitter
          ==============================================================================
          *pi3-ntp.local.l .PPS.            1 u  100  128  377    0.374    0.259   0.070
          +esxi.local.lan  64.113.32.5      2 u   16  128  377    0.610    4.456   0.350
          
          

          If your pfsense is showing that is using a peer ie you see the * and its reach is 377, etc. then it should be allowing for others to sync off of it, since it has a valid peer, etc.  Your clients not syncing point issues with the client.  How long have you waited to see if time syncs..  ntp is not instant like a ntpdate would be it can take time especially if there is a large offset..

          edit:
          I have not had any issues with my pi's I even use one as a stratum 1 as you can see above.  It has a gps board on it..  I would have to see what its doing on boot up but most likely I have something doing a ntpdate before it starts ntp..  But sure as mentioned the fake-hwclock can be used to save the time so that on reboot or power off and when it comes back its not off by more than normally what is it 1000 seconds is typical limit of the skew I believe.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • dennypageD
            dennypage
            last edited by

            @Kahomono:

            I do need to be able to power these devices off and on.  When my devices power on, they default to 2015-01-01 00:00:00.  They are not synching successfully off the firewall.  I suspect the time adjustment they would need is too great so it's refusing to make it.

            Any way I can (A) confirm my suspicion and (B) make it happen anyway?

            Override of large time offsets has to be done on the client and cannot be done on the server. How this is done varies greatly by client. If you provide information on the client, someone here might have experience a similar device and be able to provide you with some guidance.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.