Centos 6.5 - pfSense NTP - no server suitable for synchronization found



  • Hi,

    under Services pfSense Webgui offers configuration for NTP.
    No interface is selected (still tried selecting all or just some relevant interfaces).
    Additionally I can set serial GPS which is currently none and service is running (showed by a green play button).

    As far as I understand this configuration is about to offer NTP services for other clients.

    Under System -> General Setup I am able to set several time servers where pfSense itself can synchronize its time with. Because we do not have internet access here the given server set does not work which for us is no problem. So we set time of pfSense manually.

    There are several client within the network behind pfSense. The do have different times than pfSense has.
    For testing I tried to run a simple query to get the current time from pfSense:

    sudo ntpdate -q 172.12.34.56
    
    

    I am getting this response:

    server 172.12.34.56, stratum 16, offset 8300.075787, delay 0.02582
    17 May 15:26:57 ntpdate[26482]: no server suitable for synchronization found

    A ping does work fine, also every port forwardings and outbound connections do work.

    There are some firewall rules and one of them is like the following:
    Protocol:  IPv4*
    Source:  172.12.0.0/16
    Port: *
    Destination:  *
    Port: *
    Gateway: *
    Queue: none

    There are no blocking firewall rules, only passing ones.
    So I expect to have every port opened probably neccessary. Additionally I would expect to let pfSense create Port openings itself when "enabling" NTP.
    Am I missing something here?

    When being under Services -> NTP I am also able to click a little button in the upper right (where the buttons to start and stop the service also are placed) named "status of items on this page".

    There are two entries:
    Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter
    Unreach/Pending 192.53.103.108 .INIT. 16 u - 512 0 0.000 0.000 0.000
    Unreach/Pending 131.188.3.221         .INIT. 16 u - 512 0 0.000 0.000 0.000

    I thought pfSense is offering NTP of its current time and date.
    Whil pfSense is able to synchronize with other time servers.
    Or am I wrong, and pfSense is only forwarding expernal time servers to the internal network?
    This would explain that internal client to not get a connection because the external timeservers are not reachable due to missing internet connection.

    Is there a way then to let clients synchronize theier time with the time manually set on pfSense?

    Thanks in advance.

    If you need further information, just request for it.



  • After testin in an other environment we were able to confirm that pfSense is just working als a relais.

    NTP for Clients against pfSense is only working if pfSense itself has valid connections to at least on other/ real NTP server.