NTP Question

General pfSense Questions
Log in to reply
  • K

    I have two new devices on my network that need correct time.  The problem is, they are in a subnet that has no internet access.

    So I set the time server IP for them both to my pfSense firewall box.  I confirmed it was generally working as a time server by syncing a Windows box to it, successfully.

    I do need to be able to power these devices off and on.  When my devices power on, they default to 2015-01-01 00:00:00.  They are not synching successfully off the firewall.  I suspect the time adjustment they would need is too great so it's refusing to make it.

    Any way I can (A) confirm my suspicion and (B) make it happen anyway?

    0
  • A

    I believe the similar issue exists on all the popular ARM-based [RTC-less] computers like Raspberry, people are using fake-hwclock package to overcome the issue. Essentially it's all about saving/restoring the time to minimize the difference with the NTP time.

    0
  • johnpoz
    LAYER 8 Global Moderator

    when you power off they reset to 2015 1-1 really?  what are these devices?  Are they doing actual ntp or ntpdate sort of update.  So normally a ntpdate doesn't care what the jump in time/date is.  When doing ntp client yes it will not normally move large chunks.  It can normally skew the clock a specific limit, but this is adjusted at the client not the server side.  If your ntpserver on pfsense is in sync.. Do a ntpq to it and you can see.  for example

    
ntpq> host pfsense.local.lan
current host set to pfsense.local.lan
ntpq> pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*pi3-ntp.local.l .PPS.            1 u  100  128  377    0.374    0.259   0.070
+esxi.local.lan  64.113.32.5      2 u   16  128  377    0.610    4.456   0.350

    If your pfsense is showing that is using a peer ie you see the * and its reach is 377, etc. then it should be allowing for others to sync off of it, since it has a valid peer, etc.  Your clients not syncing point issues with the client.  How long have you waited to see if time syncs..  ntp is not instant like a ntpdate would be it can take time especially if there is a large offset..

    edit:
    I have not had any issues with my pi's I even use one as a stratum 1 as you can see above.  It has a gps board on it..  I would have to see what its doing on boot up but most likely I have something doing a ntpdate before it starts ntp..  But sure as mentioned the fake-hwclock can be used to save the time so that on reboot or power off and when it comes back its not off by more than normally what is it 1000 seconds is typical limit of the skew I believe.

    0
  • dennypage

    @Kahomono:

    I do need to be able to power these devices off and on.  When my devices power on, they default to 2015-01-01 00:00:00.  They are not synching successfully off the firewall.  I suspect the time adjustment they would need is too great so it's refusing to make it.

    Any way I can (A) confirm my suspicion and (B) make it happen anyway?

    Override of large time offsets has to be done on the client and cannot be done on the server. How this is done varies greatly by client. If you provide information on the client, someone here might have experience a similar device and be able to provide you with some guidance.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy