Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Force NTP to use specific gateways

    General pfSense Questions
    2
    4
    678
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digdug3 last edited by

      Right now it looks like the NTP server uses random WAN gateways to connect to the defined stratum servers.
      Problems is, it's also using the VPN client interface giving "No active peers available"

      Is it possible to force the NTP server to always use WAN1 / WAN2?

      (edit: pfSense 2.3.3-RELEASE-p1 (amd64) )

      1 Reply Last reply Reply Quote 0
      • K
        kpa last edited by

        You should be able to use static routes but that requires that you use only manually configured NTP peers where the DNS name resolves to a single IP address or use raw IP addresses. The gateway selection for manually configured DNS resolvers works the same way.

        1 Reply Last reply Reply Quote 0
        • D
          digdug3 last edited by

          Thank you kpa, but that is not a (stable) solution. A better solution would be to be able to select outgoing NTP gateways, just like in Unbound.

          1 Reply Last reply Reply Quote 0
          • K
            kpa last edited by

            There's no other practical way because redirecting locally originating traffic isn't possible with PF, only static routes work. There is the setfib(1) system that can be used to assign an alternate routing table to a process but it's not exposed trough the pfSense GUI in any way.

            The gateway selection for the DNS forwarders (at the General Setup page) are using static routes, that just isn't spelled out for you. The reason static routes are a working solution for the DNS forwarders is that you'll never enter anything else but raw IP addresses as the DNS forwarders, each of the entered forwarders can be redirected individually by static routes. With NTP peers it's more complicated because the NTP service in a default setup will contact multiple peer candidates that you don't know in advance and can't be caught with static routes, you'll need a manual setup with raw IP addresses as the peers if you want to use static routes to redirect the traffic to a different gateway.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy