Force NTP to use specific gateways
-
Right now it looks like the NTP server uses random WAN gateways to connect to the defined stratum servers.
Problems is, it's also using the VPN client interface giving "No active peers available"Is it possible to force the NTP server to always use WAN1 / WAN2?
(edit: pfSense 2.3.3-RELEASE-p1 (amd64) )
-
You should be able to use static routes but that requires that you use only manually configured NTP peers where the DNS name resolves to a single IP address or use raw IP addresses. The gateway selection for manually configured DNS resolvers works the same way.
-
Thank you kpa, but that is not a (stable) solution. A better solution would be to be able to select outgoing NTP gateways, just like in Unbound.
-
There's no other practical way because redirecting locally originating traffic isn't possible with PF, only static routes work. There is the setfib(1) system that can be used to assign an alternate routing table to a process but it's not exposed trough the pfSense GUI in any way.
The gateway selection for the DNS forwarders (at the General Setup page) are using static routes, that just isn't spelled out for you. The reason static routes are a working solution for the DNS forwarders is that you'll never enter anything else but raw IP addresses as the DNS forwarders, each of the entered forwarders can be redirected individually by static routes. With NTP peers it's more complicated because the NTP service in a default setup will contact multiple peer candidates that you don't know in advance and can't be caught with static routes, you'll need a manual setup with raw IP addresses as the peers if you want to use static routes to redirect the traffic to a different gateway.