[Solved] NTPD on VLAN sub-interface
I'm on 2.4.2-RELEASE with several VLAN sub-interfaces.
I am unable to get NTPD working when VLAN sub-interface(s) is/are slected in Services / NTP / Settings -> Interfaces.
NTPD starts, but in the log I see only
Feb 22 13:16:09 ntpd 43676 Soliciting pool server 5.x.146.13 Feb 22 13:16:09 ntpd 43676 Soliciting pool server 148.y.154.36 Feb 22 13:16:09 ntpd 43676 Soliciting pool server 213.z.53.187 Feb 22 13:16:09 ntpd 43676 Soliciting pool server 176.w.144.121
ntpq -p shows:
ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 0.de.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.001 1.de.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.001 2.de.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.001 3.de.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.001
interface definitions in my ntp.conf
grep interface /var/etc/ntpd.conf interface ignore all interface ignore wildcard interface listen vmx4.13 interface listen vmx3 interface listen vmx2
Once I unselect all VLAN sub-interfaces and restart NTPD, it works well.
Am I missing something or is this a bug?
I have ntpd on multiple vlans without any issues.
[2.4.2-RELEASE][firstname.lastname@example.org]/root: grep interface /var/etc/ntpd.conf
interface ignore all
interface ignore wildcard
interface listen igb0
interface listen igb2
interface listen igb2.200
interface listen igb2.100
interface listen igb2.300
interface listen igb2.500
interface listen igb3
You need to figure out why ntpd can not get to ntp servers your using..
Thanks for your reply.
Do you also serve ntp to your native vlan of your switch or what is the reason of having the igb2 and igb2.* sub-interfaces as well in your ntp.conf?
Anyway, I've assigned an ip address to my vmx4 interface and added as NTP interface, but did not help.
My complete non-working ntpd.conf is following:
# # pfSense ntp configuration file # tinker panic 0 # Orphan mode stratum tos orphan 12 # Upstream Servers pool 0.de.pool.ntp.org iburst maxpoll 9 pool 1.de.pool.ntp.org iburst maxpoll 9 pool 2.de.pool.ntp.org iburst maxpoll 9 pool 3.de.pool.ntp.org iburst maxpoll 9 statsdir /var/log/ntp logconfig =syncall +clockall +peerall +sysall driftfile /var/db/ntpd.drift restrict default kod limited nomodify nopeer notrap restrict -6 default kod limited nomodify nopeer notrap restrict source kod limited nomodify notrap interface ignore all interface ignore wildcard interface listen vmx4.13 interface listen vmx3 interface listen vmx2 interface listen vmx4
however ntpstat -q works ok:
ntpdate -q a.fraho.eu server 184.108.40.206, stratum 2, offset -0.000490, delay 0.03764 23 Feb 10:58:28 ntpdate: adjust time server 220.127.116.11 offset -0.000490 sec
Once I remove the vmx4.13 from ntp interfaces NTP starts communicating with configured servers.
It it a vlan 13 and Friday issue? ;D
Any idea what to check?
I think that I've figured it out.
Long story short:
In case WAN is not among the list of the interfaces to listen on, NTPD picks the source ip for it's outgoing ntp traffic as follows:
- sort the ip addresses where it is configured to listen on (interfaces)
- select the first one as source address
This ip should have outgoing nat configured.
As I did not want to have NTPD listen on WAN interface and my vlan sub-interfaces did not have outgoing nat, all ntp traffic leaved the WAN interface with internal ip address as source ip.
Solution1: select WAN interface to listen on (access from outside is blocked by default)
Solution2: make sure you have outgoing nat for the interface with lowest ip address.
edit: some typos
"Do you also serve ntp to your native vlan of your switch or what is the reason of having the igb2 and igb2.* sub-interfaces as well in your ntp.conf?"
Yes ;) I have some native vlans as well as some tagged vlans.
Nice info how ntpd picks its source IP for talking to ntp.. Well have to test that out.. My ntpd doesn't listen on wan or talk outside for ntp.. It points to my ntp servers on my local network that are stratum 1.. No reason to use anything else, these servers also serve ntp to pool on both ipv4 and ipv6.. If you were not using de pool at some point your pfsense might get ntp from my ntp server ;)
Glad you got it sorted.
Just wanted to note that I was having this issue tonight in 2.4.4 p3 and the solution was to add WAN to the NTP interfaces. Thanks to those that figured it out. @johnpoz There is definitely something so this.
Did you not have outbound nat configure correctly?
I followed the HA guide and so far it's working.