NTPd: External peers stopped working
-
Hello,
NTPd does not seem to use external peers any more. A secondary time server from our internal network is working and I set it up as peer in pfSense. I checked with ntpdate, there seems no connection issue to this peer.
[2.3.4-RELEASE]/root: ntpdate -q ptbtime1.ptb.de server 192.53.103.108, stratum 1, offset 0.006594, delay 0.05330 21 Jul 13:28:45 ntpdate[18903]: adjust time server 192.53.103.108 offset 0.006594 sec [2.3.4-RELEASE]/root: ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== ptbtime1.ptb.de .INIT. 16 u - 64 0 0.000 0.000 0.000 news01.nierle.c .INIT. 16 u - 64 0 0.000 0.000 0.000 *presstore.int.m 192.53.103.108 2 u 45 64 17 0.148 -0.103 4.186
pfSense version:
2.3.4-RELEASE (amd64) built on Wed May 03 15:13:29 CDT 2017 FreeBSD 10.3-RELEASE-p19
my NTPd config:
<ntpd><interface>lan</interface> <logpeer>yes</logpeer> <logsys>yes</logsys> <statsgraph>yes</statsgraph> <gps><type>Default</type></gps> <peerstats>yes</peerstats> <restrictions><row><acl_network>10.11.0.0</acl_network> <mask>16</mask> <nomodify>yes</nomodify> <nopeer>yes</nopeer> <notrap>yes</notrap></row></restrictions> <clockstats>yes</clockstats> <loopstats>yes</loopstats> <prefer>ptbtime1.ptb.de pool.ntp.org</prefer></ntpd>
Any ideas? Thanks!
-
Not realy an 'idea', but using "pool.ntp.org" never troubled me.
[2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ntpdate -q pool.ntp.org server 193.140.100.40, stratum 2, offset -0.000248, delay 0.11893 server 216.182.1.2, stratum 2, offset -0.002764, delay 0.14154 server 185.53.93.157, stratum 2, offset -0.008575, delay 0.07903 server 85.10.240.253, stratum 2, offset -0.000071, delay 0.06528 21 Jul 19:22:49 ntpdate[38234]: adjust time server 85.10.240.253 offset -0.000071 sec
It was a "set it and forget it" thing (a decade ago ?!).
-
I have not had a good experience with pool.ntp.org. While it is reliable, for me, it's typically more off than my $10 wall clock that I set the time twice a year for day lights savings. I'll regularly see my active server be nearly 10sec off if I use pool.ntp.org.
Because of this horribleness, I just googled for public NTP servers from around the world that have been around for a long time and now I'm less than 1ms off. I've even added a Stratum 1 a few times to see how far off, and I'm usually less than 0.1ms off, rarely break past 1ms, and my worst is still single digit milliseconds.
0.1ms may be overkill, but 10,000 is horrible.
-
I run a server in the pool.. Its a stratum 1 server - its sure and the F is not 10sec off ;)
All pool servers are monitored - if they are too far off they are dropped from the pool, if they do not answer so many queries they are dropped from the pool. Ie if their score drops below 10 with 20 being the max score. So miss a few queries from the monitor, have your offset from the monitor too much and your score drops below 10 and your dropped from the pool.
You really should use the pool.ntp.org for your region..
See all zones in All Pool Servers.
Africa — africa.pool.ntp.org (35)
Antarctica — antarctica.pool.ntp.org (0)
Asia — asia.pool.ntp.org (268)
Europe — europe.pool.ntp.org (2766)
North America — north-america.pool.ntp.org (930)
Oceania — oceania.pool.ntp.org (100)
South America — south-america.pool.ntp.org (39)If your in Europe for example you can get more local to your area
Andorra — ad.pool.ntp.org (0) Albania — al.pool.ntp.org (0) Austria — at.pool.ntp.org (60) Aland Islands — ax.pool.ntp.org (0) Bosnia and Herzegovina — ba.pool.ntp.org (2) Belgium — be.pool.ntp.org (17) Bulgaria — bg.pool.ntp.org (47) Belarus — by.pool.ntp.org (7) Switzerland — ch.pool.ntp.org (130) Czech Republic — cz.pool.ntp.org (41) Germany — de.pool.ntp.org (761) Denmark — dk.pool.ntp.org (44) Estonia — ee.pool.ntp.org (11) Spain — es.pool.ntp.org (7) Finland — fi.pool.ntp.org (35) Faroe Islands — fo.pool.ntp.org (0) France — fr.pool.ntp.org (439) Guernsey — gg.pool.ntp.org (0) Gibraltar — gi.pool.ntp.org (0) Greece — gr.pool.ntp.org (13) Croatia — hr.pool.ntp.org (8) Hungary — hu.pool.ntp.org (64) Ireland — ie.pool.ntp.org (19) Isle of Man — im.pool.ntp.org (1) Iceland — is.pool.ntp.org (7) Italy — it.pool.ntp.org (21) Jersey — je.pool.ntp.org (0) Liechtenstein — li.pool.ntp.org (6) Lithuania — lt.pool.ntp.org (11) Luxembourg — lu.pool.ntp.org (16) Latvia — lv.pool.ntp.org (8) Monaco — mc.pool.ntp.org (0) Moldova — md.pool.ntp.org (14) Republic of Montenegro — me.pool.ntp.org (0) Macedonia — mk.pool.ntp.org (5) Malta — mt.pool.ntp.org (0) Netherlands — nl.pool.ntp.org (251) Norway — no.pool.ntp.org (33) Poland — pl.pool.ntp.org (68) Portugal — pt.pool.ntp.org (12) Romania — ro.pool.ntp.org (37) Republic of Serbia — rs.pool.ntp.org (14) Russian Federation — ru.pool.ntp.org (152) Sweden — se.pool.ntp.org (29) Slovenia — si.pool.ntp.org (18) Svalbard and Jan Mayen — sj.pool.ntp.org (0) Slovakia — sk.pool.ntp.org (18) San Marino — sm.pool.ntp.org (0) Turkey — tr.pool.ntp.org (22) Ukraine — ua.pool.ntp.org (73) United Kingdom — uk.pool.ntp.org (278) Holy See (Vatican City State) — va.pool.ntp.org (0) Yugoslavia — yu.pool.ntp.org (0)
That being said pool servers can drop off at any time, many of them are run by people as hobby - me for example ;) It goes offline now and then..
But sure if your having bad luck with pool servers, then go to the public ntp list.
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers
http://support.ntp.org/bin/view/Servers/StratumOneTimeServersLook for ones in your region, and look at their rules of engagement - many are open to the public, but some have certain restrictions that if you should pay attention too to be a good netizen ;) And they may block you if you do not pay attention to the rules they post, etc.
If you want good time and don't want to do it over the internet - for a few bucks you can run your own stratum 1 on a pi for gosh sake ;)
Did you mark in the ntp settings that its a pool? If your going to point at a pool fqdn then you should mark it as pool in the ntp configuration page in pfsense.
-
Hello,
thanks for the suggestions! But I now rather think this is a bug in pfsene; when I select multiple listen interfaces, it works again. I remembered changing this to only one interface and never thought any of it.
ptbtime1.ptb.org
I have this server as prefer, as it is the 'official' german time (yes, in Germany there is actually a law for that and they ran dcf 77 in the past)
I also use the pools all the time, mostly de.pool.ntp.org. My past experience is also rather of the one time setup sort.
Did you mark in the ntp settings that its a pool? If your going to point at a pool fqdn then you should mark it as pool in the ntp configuration page in pfsense.
I think there is no such setting? At least in my GUI, i only have 'prefer' and 'noselect' as options.
And your're right - running my own timeserver would be preferable:
for a few bucks you can run your own stratum 1 on a pi for gosh sake ;)
Do you have a suggestion, something wich works well with pfsense?
Thanks!
-
The pool option was added in the 2.4 betas.
If your syncing with non pool, it is more likely that the pool you were syncing too just went offline and you have not picked a different one. If you look to see what IP your checking you can just look that ip up on the pool site. They list all servers that are members of the pool.
The could be blocking you - you would want to sniff the traffic and find the point when was working and then it stops working.. Just look to see if pfsense is actually sending the query - and you don't just get an answer?
You can check this site for getting a ntp server up and running on a pi
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.htmlIt will for sure get you started.. There is also other threads here about supply a pps signal to pfsense..