Does pfSense support SNTP

JKnott

I recently bought a Cisco SG-200 switch, which I am trying to configure. For the time server, it appears to support only SNTP and not NTP. Can pfSense act as a SNTP server?

KOM

I've never heard any mention of pfSense and SNTP together.

JKnott

@KOM said in Does pfSense support SNTP:

I've never heard any mention of pfSense and SNTP together.

That's 2 of us. However, this switch wants to use it. I checked the package manager and nothing there either. I can understand why SNTP might be used, but why kill NTP.

NogBadTheBad

@JKnott said in Does pfSense support SNTP:

Cisco SG-200

I point my Linksys switches to pfSense and it just works.

Screenshot 2019-05-07 at 19.11.27.png

https://www.galsys.co.uk/news/sntp-vs-ntp/

"Despite the chasm between what each protocol is capable of achieving, NTP and SNTP are, in fact, interoperable"

From a packet capture on port 123.

19:43:12.440374 IP 172.16.1.4.49152 > 172.16.1.1.123: UDP, length 48
19:43:12.440487 IP 172.16.1.1.123 > 172.16.1.4.49152: UDP, length 48

JKnott

@NogBadTheBad said in Does pfSense support SNTP:

I point my Linksys switches to pfSense and it just works.

That seems to work, apparently for IPv4 only though. Still better than nothing, though it seems strange on a box that otherwise supports IPv6. Is that a bug in SNTP or the switch?

johnpoz

You do see he is syncing via IPv6.. You can clearly setup IPv6 sntp in the switch firmware... What firmware are you using for sg200?

1.4.10.06
Is the latest that is the same as my sg300, does your switch have an IPv6 address?

JKnott

@johnpoz

Mine's 1.0.6.2. When I provide my NTP server (pfSense) host name, it resolves to the IPv4 address. The manual IP config only allows IPv4. I'll have to see about the update. Yes, it does use IPv6 for the management interface. It even has an IPv6 neighbours table.

johnpoz

@JKnott said in Does pfSense support SNTP:

Mine's 1.0.6.2

I don't even see that listed on the cisco site... got to be ancient...
edit: Oh I found it 27-Feb-2013, so 6 years old ;)
Did they even have any ipv6 in those old firmwares?

Yeah I would update... current for sg200 is 1.4.10.06, just recently came out... I have both my sg300 running it.

edit: Here I just added ipv6 to my sg300, bing bang zoom he syncing sntp with ntp running on pfsense via ipv6

He is going to use the pi on 3.32 since that is stratum 1, but wanted to point to pfsense ntp which is stratum 2.. But as you can see talking just fine to it.. And getting time.

JKnott

Is there some incantation to the network gods needed to update? I've downloaded the latest from April 29, and select the file, click on apply and nothing happens. The help(?) seems to imply a TFTP or HTTP server may be needed, but there's no way to enter a URL for HTTP. I guess I'll have to set up a TFTP server. It's been a while since I've done that.

JKnott

Wow, I can use XMODEM to upload a file!!!

JKnott

Got it going with TFTP. I'll soon be able to get my dog out for her walk.

Gertjan

@JKnott said in Does pfSense support SNTP:

Wow, I can use XMODEM to upload a file!!! .... TFTP .....

Nice ! You just made me think about a period, some 3 decades ago.
Back then, a Wellar solding station was as important as a keyboard.

johnpoz

So you don't have the gui eanbled? To update the firmware you can just use the gui.

JKnott

@johnpoz

I do have the GUI enabled, but that method doesn't work. It also doesn't support HTTPS or SCP. I'm slowing getting there. I've had to do 3 updates to get this far. Apparently, there are different file types for different versions. It you don't have the correct version to upload the next it will fail. You'd think they might have an upgrade path described somewhere. Right now I'm at 1.0.8.3 and when trying to update to 1.4.10.06 it fails with "Firmware Image download through TFTP failed." Those are the two versions listed on the update page I'm looking at now.

JKnott

I did some more digging and found 1.0.8.3 is the latest version for the 8 port model.

It does not support IPv6 for SNTP.

Gertjan

@JKnott said in Does pfSense support SNTP:

It does not support IPv6

Bring it back to the National Museum of Ancient Technologies. It was probably 'borrowed' from there anyway.

johnpoz

@JKnott said in Does pfSense support SNTP:

1.0.8.3 is the latest version for the 8 port model

Where do you see that?

Clearly showing on the download page the 1.4.10.6 for download..

You have the SG-200E ??

Gray1L

This post is deleted!

JKnott

@johnpoz said in Does pfSense support SNTP:

Where do you see that?

On one of the support forums. I saw that link with the 2 packages. 1.0.8.3 installs, 1.4.10.06 doesn't. Apparently the issue has to do with memory size and the fact that the package now includes the boot code. If you check the downloads, you'll see they have a different file type and my switch will not accept the new file type. I have the SG200-08.

johnpoz

@JKnott said in Does pfSense support SNTP:

SG200-08

Yeah I think that is E switch, because its not listed on the release notes for the 1.4.10.6 or even previous models..

That firmware is quite old
2014-09-29

When did you buy this switch? Can you return it? There are much better deals out there I am sure..

JKnott

@johnpoz said in Does pfSense support SNTP:

When did you buy this switch? Can you return it? There are much better deals out there I am sure..

I bought it yesterday. I got it at a consumer level store that's known for low prices, likely because the stock tends to be older.

johnpoz

Well if you want ipv6 and firmware that is not 5 years old.. You prob want to look for different model ;)

JKnott

@johnpoz

I'm not too worried about IPv6 vs IPv4 for SNTP. Even with pfSense, the NTP servers I use support IPv4 only. However, I bought it so that I would have a managed Gb switch and that's what it does. I have the same situation with my TP-Link access point. The management is IPv4 only, but it passes IPv6 as needed, other than the previously mentioned issue that prevents me from running a 2nd SSID.

johnpoz

@JKnott said in Does pfSense support SNTP:

he NTP servers I use support IPv4 only.

There are plenty of IPv6 ntp out there you could point too.. Shoot I have my pi stratum 1 ntp server in the pool via ipv6 and ipv4.. It sees plenty of ipv6 clients...

Your the whole IPv6 is the greatest thing since sliced bread guy around here - that you have hardware that doesn't support ipv6 pokes holes in your whole the ipv6 revolution is here, you ipv4 guys are behind the times... Must Use IPv6!!! ;)

JKnott

@johnpoz said in Does pfSense support SNTP:

@JKnott said in Does pfSense support SNTP:

he NTP servers I use support IPv4 only.

There are plenty of IPv6 ntp out there you could point too.. Shoot I have my pi stratum 1 ntp server in the pool via ipv6 and ipv4.. It sees plenty of ipv6 clients...

No doubt there are IPv6 servers. However, I've been using the same ones since long before I started with IPv6.

Your the whole IPv6 is the greatest thing since sliced bread guy around here - that you have hardware that doesn't support ipv6 pokes holes in your whole the ipv6 revolution is here, you ipv4 guys are behind the times... Must Use IPv6!!! ;)

I think you'll find I'm opposed to those who think IPv4 is all that's necessary, even though it hasn't been adequate, due to limited address space, for many years. Even Vint Cerf has said he never intended for 32 bit addresses to be inflicted on the public. It was only to be a concept demo. I am fully in favour of IPv6, as it brings some other advantages, beyond just increased address space. If it had sufficient address space, IPv4 would have been OK. I also not the type to toss functioning equipment, just because something better came along, unless I would get benefit from doing so. Thus my change to a Gb switch, as my Internet connection bandwidth was approaching 100 Mb. My AP is 2.4 GHz 802.11n as going beyond that wouldn't bring me much advantage, since my notebook computer is only 2.4 GHz n. Also, you're talking to a guy that used to use SNA, along with NetBIOS and IP on the same computer. I was also working with networks before Ethernet and IP were available, so I'm not afraid of old stuff.

As for NTP etc., I recently got into a discussion with a co-worker on a project we were working on. This project involved 2 GPS NTP servers (they weren't part of our work), located a few miles apart. He couldn't understand that multiple NTP servers should be peered, rather than main & fallback. There were other servers and the plan was to have the master on our project sync, not peer, with those on another network where there were two more. With 4 GPS NTP servers, they should have all been peered.

KOM

I must admit that I don't like IPv6 because I don't really understand it and all of its ramifications, and I've been getting by with IPv4 for decades.

JKnott

@KOM

What's to understand? Fundamentally, it works the same way as IPv4. You have packets, routing works the same and more. The same traffic is supported and from a user perspective it makes no difference whether IPv4 or IPv6 is used. However, in addition to the immense address space, there are a lot of technical improvements that go to performance. For example ARP is gone and replaced with ICMP6 neighbour solicitation. There is also automatic address configuration, without needing DHCP, though it's also available. The fixed length headers improve router performance and more. The designers of IPv6 took the good points of IPv4 and discarded the bad. One example of the bad is broadcasts. They caused disturbance to devices on the network, whether they were interested in the traffic or not. That's been replaced with multicasts. With mulitcasts, the closest to broadcasts is all hosts multicast, which go to all devices. However that would only be done with things, such as router advertisements that must go to all devices. Otherwise targeted multicast groups, such as all routers, etc. would be used. A really big bad that's no longer needed is NAT. There are some things which did not appear in IPv4, such as using SLAAC to assign addresses to devices or DHCPv6-PD, which ISPs use to provide the network prefix to customers. So, do a bit of reading and you can learn about IPv6. One book I recommend is "IPv6 Essentials", from O'Reilly, which covers IPv6 very well, though it doesn't cover DHCPv6-PD.

KOM

@JKnott said in Does pfSense support SNTP:

JKnott: "What's to understand?"

Lists a dozen things I don't understand.

I get the very basic top-level stuff, but all of those features you mentioned were news to me. I had no idea that IPv6 doesn't use ARP, for example. Plus, I don't use it here at work and likely never will unless our ISP revoked all IPv4 support.

Thanks for the book tip. I'll definitely look into it. I know I need to up my IPv6 game but didn't even know where to start. In past years I had tried reading up on it but I could never find a good resource. IPv6 and VLANs kind of passed me by.

JKnott

@KOM

I find the best way to learn is to do. I've been using IPv6 for 9 years and knew little about it when I started. Now, I know more about it than the tier two support and senior techs at my ISP (I had to teach them, when I had a problem recently.). One thing that really goes a long way in learning about networks is Wireshark. With it, you can look at the packets to see what's in them. By using Wireshark, I was able to identify the failing system, by name, at my ISP, weeks before they finally figured it out.

VLANs are just logically separate networks that appear as though they're physically different. That's done with a VLAN tag, that contains the VLAN number. Again, reading and Wireshark can help you learn. A good reference is "Ethernet", again from O'Reilly (I have a lot of O'Reilly books ). It covers VLANs and a lot of other things.

KOM

I understand the basic concept of VLANs, just not the specifics and gotchas. Anyway, I didn't mean to hijack this thread into a personal tutorial for me. Thanks for your suggestions.

JKnott

@KOM
Well, it's my thread and I don't mind. Forums like this are a great way to learn, even if things drift off topic.

NogBadTheBad

@Gertjan said in Does pfSense support SNTP:

@JKnott said in Does pfSense support SNTP:

Wow, I can use XMODEM to upload a file!!! .... TFTP .....

Nice ! You just made me think about a period, some 3 decades ago.
Back then, a Wellar solding station was as important as a keyboard.

You still have to XMODEM IOS to a Cisco switch if there's no IOS in flash :)

JKnott

@NogBadTheBad said in Does pfSense support SNTP:

You still have to XMODEM IOS to a Cisco switch if there's no IOS in flash :)

I think I saw that mentioned in my search for firmware updates. However, that would be a bit difficult to do without a serial port on that box. However, what is does to is create a web server, if the firmware can't be found. That web server can then be used to upload the firmware. I wonder if that gets turned on, when http upload is selected. I was using tftp, where I had to specify the IP address and file, but the missing firmware web server was 192.168.1.254, IIRC. I'll have to look into that.