Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Does pfSense support SNTP

    General pfSense Questions
    6
    33
    914
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnott
      JKnott last edited by

      I recently bought a Cisco SG-200 switch, which I am trying to configure. For the time server, it appears to support only SNTP and not NTP. Can pfSense act as a SNTP server?

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        I've never heard any mention of pfSense and SNTP together.

        JKnott 1 Reply Last reply Reply Quote 0
        • JKnott
          JKnott @KOM last edited by

          @KOM said in Does pfSense support SNTP:

          I've never heard any mention of pfSense and SNTP together.

          That's 2 of us. However, this switch wants to use it. I checked the package manager and nothing there either. I can understand why SNTP might be used, but why kill NTP.

          1 Reply Last reply Reply Quote 0
          • NogBadTheBad
            NogBadTheBad Galactic Empire last edited by NogBadTheBad

            @JKnott said in Does pfSense support SNTP:

            Cisco SG-200

            I point my Linksys switches to pfSense and it just works.

            Screenshot 2019-05-07 at 19.11.27.png

            https://www.galsys.co.uk/news/sntp-vs-ntp/

            "Despite the chasm between what each protocol is capable of achieving, NTP and SNTP are, in fact, interoperable"

            From a packet capture on port 123.

            19:43:12.440374 IP 172.16.1.4.49152 > 172.16.1.1.123: UDP, length 48
            19:43:12.440487 IP 172.16.1.1.123 > 172.16.1.4.49152: UDP, length 48

            JKnott 1 Reply Last reply Reply Quote 0
            • JKnott
              JKnott @NogBadTheBad last edited by

              @NogBadTheBad said in Does pfSense support SNTP:

              I point my Linksys switches to pfSense and it just works.

              That seems to work, apparently for IPv4 only though. Still better than nothing, though it seems strange on a box that otherwise supports IPv6. Is that a bug in SNTP or the switch?

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by johnpoz

                You do see he is syncing via IPv6.. You can clearly setup IPv6 sntp in the switch firmware... What firmware are you using for sg200?

                1.4.10.06
                Is the latest that is the same as my sg300, does your switch have an IPv6 address?

                JKnott 1 Reply Last reply Reply Quote 0
                • JKnott
                  JKnott @johnpoz last edited by JKnott

                  @johnpoz

                  Mine's 1.0.6.2. When I provide my NTP server (pfSense) host name, it resolves to the IPv4 address. The manual IP config only allows IPv4. I'll have to see about the update. Yes, it does use IPv6 for the management interface. It even has an IPv6 neighbours table.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by johnpoz

                    @JKnott said in Does pfSense support SNTP:

                    Mine's 1.0.6.2

                    I don't even see that listed on the cisco site... got to be ancient...
                    edit: Oh I found it 27-Feb-2013, so 6 years old ;)
                    Did they even have any ipv6 in those old firmwares?

                    Yeah I would update... current for sg200 is 1.4.10.06, just recently came out... I have both my sg300 running it.

                    edit: Here I just added ipv6 to my sg300, bing bang zoom he syncing sntp with ntp running on pfsense via ipv6
                    sntpipv6.png

                    He is going to use the pi on 3.32 since that is stratum 1, but wanted to point to pfsense ntp which is stratum 2.. But as you can see talking just fine to it.. And getting time.

                    1 Reply Last reply Reply Quote 0
                    • JKnott
                      JKnott last edited by

                      Is there some incantation to the network gods needed to update? I've downloaded the latest from April 29, and select the file, click on apply and nothing happens. The help(?) seems to imply a TFTP or HTTP server may be needed, but there's no way to enter a URL for HTTP. I guess I'll have to set up a TFTP server. It's been a while since I've done that.

                      1 Reply Last reply Reply Quote 0
                      • JKnott
                        JKnott last edited by

                        Wow, I can use XMODEM to upload a file!!!

                        Gertjan 1 Reply Last reply Reply Quote 0
                        • JKnott
                          JKnott last edited by

                          Got it going with TFTP. I'll soon be able to get my dog out for her walk. ๐Ÿ˜‰

                          1 Reply Last reply Reply Quote 1
                          • Gertjan
                            Gertjan @JKnott last edited by

                            @JKnott said in Does pfSense support SNTP:

                            Wow, I can use XMODEM to upload a file!!! .... TFTP .....

                            Nice ! You just made me think about a period, some 3 decades ago.
                            Back then, a Wellar solding station was as important as a keyboard.

                            NogBadTheBad 1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator last edited by

                              So you don't have the gui eanbled? To update the firmware you can just use the gui.

                              firmwareup.png

                              JKnott 1 Reply Last reply Reply Quote 0
                              • JKnott
                                JKnott @johnpoz last edited by JKnott

                                @johnpoz

                                I do have the GUI enabled, but that method doesn't work. It also doesn't support HTTPS or SCP. I'm slowing getting there. I've had to do 3 updates to get this far. Apparently, there are different file types for different versions. It you don't have the correct version to upload the next it will fail. You'd think they might have an upgrade path described somewhere. Right now I'm at 1.0.8.3 and when trying to update to 1.4.10.06 it fails with "Firmware Image download through TFTP failed." Those are the two versions listed on the update page I'm looking at now.

                                1 Reply Last reply Reply Quote 0
                                • JKnott
                                  JKnott last edited by

                                  I did some more digging and found 1.0.8.3 is the latest version for the 8 port model. โ˜น

                                  It does not support IPv6 for SNTP.

                                  Gertjan 1 Reply Last reply Reply Quote 0
                                  • Gertjan
                                    Gertjan @JKnott last edited by

                                    @JKnott said in Does pfSense support SNTP:

                                    It does not support IPv6

                                    Bring it back to the National Museum of Ancient Technologies. It was probably 'borrowed' from there anyway.

                                    1 Reply Last reply Reply Quote 0
                                    • johnpoz
                                      johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                      @JKnott said in Does pfSense support SNTP:

                                      1.0.8.3 is the latest version for the 8 port model

                                      Where do you see that?
                                      latestver.png

                                      Clearly showing on the download page the 1.4.10.6 for download..

                                      You have the SG-200E ??

                                      JKnott 1 Reply Last reply Reply Quote 0
                                      • G
                                        Gray1L Banned last edited by

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • JKnott
                                          JKnott @johnpoz last edited by

                                          @johnpoz said in Does pfSense support SNTP:

                                          Where do you see that?

                                          On one of the support forums. I saw that link with the 2 packages. 1.0.8.3 installs, 1.4.10.06 doesn't. Apparently the issue has to do with memory size and the fact that the package now includes the boot code. If you check the downloads, you'll see they have a different file type and my switch will not accept the new file type. I have the SG200-08.

                                          1 Reply Last reply Reply Quote 0
                                          • johnpoz
                                            johnpoz LAYER 8 Global Moderator last edited by

                                            @JKnott said in Does pfSense support SNTP:

                                            SG200-08

                                            Yeah I think that is E switch, because its not listed on the release notes for the 1.4.10.6 or even previous models..

                                            That firmware is quite old
                                            2014-09-29

                                            When did you buy this switch? Can you return it? There are much better deals out there I am sure..

                                            JKnott 1 Reply Last reply Reply Quote 0
                                            • JKnott
                                              JKnott @johnpoz last edited by

                                              @johnpoz said in Does pfSense support SNTP:

                                              When did you buy this switch? Can you return it? There are much better deals out there I am sure..

                                              I bought it yesterday. I got it at a consumer level store that's known for low prices, likely because the stock tends to be older.

                                              1 Reply Last reply Reply Quote 0
                                              • johnpoz
                                                johnpoz LAYER 8 Global Moderator last edited by

                                                Well if you want ipv6 and firmware that is not 5 years old.. You prob want to look for different model ;)

                                                JKnott 1 Reply Last reply Reply Quote 0
                                                • JKnott
                                                  JKnott @johnpoz last edited by

                                                  @johnpoz

                                                  I'm not too worried about IPv6 vs IPv4 for SNTP. Even with pfSense, the NTP servers I use support IPv4 only. However, I bought it so that I would have a managed Gb switch and that's what it does. I have the same situation with my TP-Link access point. The management is IPv4 only, but it passes IPv6 as needed, other than the previously mentioned issue that prevents me from running a 2nd SSID.

                                                  1 Reply Last reply Reply Quote 0
                                                  • johnpoz
                                                    johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                                    @JKnott said in Does pfSense support SNTP:

                                                    he NTP servers I use support IPv4 only.

                                                    There are plenty of IPv6 ntp out there you could point too.. Shoot I have my pi stratum 1 ntp server in the pool via ipv6 and ipv4.. It sees plenty of ipv6 clients...

                                                    Your the whole IPv6 is the greatest thing since sliced bread guy around here - that you have hardware that doesn't support ipv6 pokes holes in your whole the ipv6 revolution is here, you ipv4 guys are behind the times... Must Use IPv6!!! ;)

                                                    JKnott 1 Reply Last reply Reply Quote 0
                                                    • JKnott
                                                      JKnott @johnpoz last edited by

                                                      @johnpoz said in Does pfSense support SNTP:

                                                      @JKnott said in Does pfSense support SNTP:

                                                      he NTP servers I use support IPv4 only.

                                                      There are plenty of IPv6 ntp out there you could point too.. Shoot I have my pi stratum 1 ntp server in the pool via ipv6 and ipv4.. It sees plenty of ipv6 clients...

                                                      No doubt there are IPv6 servers. However, I've been using the same ones since long before I started with IPv6.

                                                      Your the whole IPv6 is the greatest thing since sliced bread guy around here - that you have hardware that doesn't support ipv6 pokes holes in your whole the ipv6 revolution is here, you ipv4 guys are behind the times... Must Use IPv6!!! ;)

                                                      I think you'll find I'm opposed to those who think IPv4 is all that's necessary, even though it hasn't been adequate, due to limited address space, for many years. Even Vint Cerf has said he never intended for 32 bit addresses to be inflicted on the public. It was only to be a concept demo. I am fully in favour of IPv6, as it brings some other advantages, beyond just increased address space. If it had sufficient address space, IPv4 would have been OK. I also not the type to toss functioning equipment, just because something better came along, unless I would get benefit from doing so. Thus my change to a Gb switch, as my Internet connection bandwidth was approaching 100 Mb. My AP is 2.4 GHz 802.11n as going beyond that wouldn't bring me much advantage, since my notebook computer is only 2.4 GHz n. Also, you're talking to a guy that used to use SNA, along with NetBIOS and IP on the same computer. I was also working with networks before Ethernet and IP were available, so I'm not afraid of old stuff.

                                                      As for NTP etc., I recently got into a discussion with a co-worker on a project we were working on. This project involved 2 GPS NTP servers (they weren't part of our work), located a few miles apart. He couldn't understand that multiple NTP servers should be peered, rather than main & fallback. There were other servers and the plan was to have the master on our project sync, not peer, with those on another network where there were two more. With 4 GPS NTP servers, they should have all been peered.

                                                      1 Reply Last reply Reply Quote 0
                                                      • KOM
                                                        KOM last edited by

                                                        I must admit that I don't like IPv6 because I don't really understand it and all of its ramifications, and I've been getting by with IPv4 for decades.

                                                        JKnott 1 Reply Last reply Reply Quote 0
                                                        • JKnott
                                                          JKnott @KOM last edited by

                                                          @KOM

                                                          What's to understand? Fundamentally, it works the same way as IPv4. You have packets, routing works the same and more. The same traffic is supported and from a user perspective it makes no difference whether IPv4 or IPv6 is used. However, in addition to the immense address space, there are a lot of technical improvements that go to performance. For example ARP is gone and replaced with ICMP6 neighbour solicitation. There is also automatic address configuration, without needing DHCP, though it's also available. The fixed length headers improve router performance and more. The designers of IPv6 took the good points of IPv4 and discarded the bad. One example of the bad is broadcasts. They caused disturbance to devices on the network, whether they were interested in the traffic or not. That's been replaced with multicasts. With mulitcasts, the closest to broadcasts is all hosts multicast, which go to all devices. However that would only be done with things, such as router advertisements that must go to all devices. Otherwise targeted multicast groups, such as all routers, etc. would be used. A really big bad that's no longer needed is NAT. There are some things which did not appear in IPv4, such as using SLAAC to assign addresses to devices or DHCPv6-PD, which ISPs use to provide the network prefix to customers. So, do a bit of reading and you can learn about IPv6. One book I recommend is "IPv6 Essentials", from O'Reilly, which covers IPv6 very well, though it doesn't cover DHCPv6-PD.

                                                          1 Reply Last reply Reply Quote 1
                                                          • KOM
                                                            KOM last edited by

                                                            @JKnott said in Does pfSense support SNTP:

                                                            JKnott: "What's to understand?"

                                                            Lists a dozen things I don't understand.

                                                            ๐Ÿ˜† ๐Ÿ˜† ๐Ÿ˜†

                                                            I get the very basic top-level stuff, but all of those features you mentioned were news to me. I had no idea that IPv6 doesn't use ARP, for example. Plus, I don't use it here at work and likely never will unless our ISP revoked all IPv4 support.

                                                            Thanks for the book tip. I'll definitely look into it. I know I need to up my IPv6 game but didn't even know where to start. In past years I had tried reading up on it but I could never find a good resource. IPv6 and VLANs kind of passed me by.

                                                            JKnott 1 Reply Last reply Reply Quote 0
                                                            • JKnott
                                                              JKnott @KOM last edited by JKnott

                                                              @KOM

                                                              I find the best way to learn is to do. I've been using IPv6 for 9 years and knew little about it when I started. Now, I know more about it than the tier two support and senior techs at my ISP (I had to teach them, when I had a problem recently.). One thing that really goes a long way in learning about networks is Wireshark. With it, you can look at the packets to see what's in them. By using Wireshark, I was able to identify the failing system, by name, at my ISP, weeks before they finally figured it out.

                                                              VLANs are just logically separate networks that appear as though they're physically different. That's done with a VLAN tag, that contains the VLAN number. Again, reading and Wireshark can help you learn. A good reference is "Ethernet", again from O'Reilly (I have a lot of O'Reilly books ๐Ÿ˜ ). It covers VLANs and a lot of other things.

                                                              1 Reply Last reply Reply Quote 0
                                                              • KOM
                                                                KOM last edited by

                                                                I understand the basic concept of VLANs, just not the specifics and gotchas. Anyway, I didn't mean to hijack this thread into a personal tutorial for me. Thanks for your suggestions.

                                                                JKnott 1 Reply Last reply Reply Quote 0
                                                                • JKnott
                                                                  JKnott @KOM last edited by

                                                                  @KOM
                                                                  Well, it's my thread and I don't mind. Forums like this are a great way to learn, even if things drift off topic.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • NogBadTheBad
                                                                    NogBadTheBad Galactic Empire @Gertjan last edited by

                                                                    @Gertjan said in Does pfSense support SNTP:

                                                                    @JKnott said in Does pfSense support SNTP:

                                                                    Wow, I can use XMODEM to upload a file!!! .... TFTP .....

                                                                    Nice ! You just made me think about a period, some 3 decades ago.
                                                                    Back then, a Wellar solding station was as important as a keyboard.

                                                                    You still have to XMODEM IOS to a Cisco switch if there's no IOS in flash :)

                                                                    JKnott 1 Reply Last reply Reply Quote 0
                                                                    • JKnott
                                                                      JKnott @NogBadTheBad last edited by

                                                                      @NogBadTheBad said in Does pfSense support SNTP:

                                                                      You still have to XMODEM IOS to a Cisco switch if there's no IOS in flash :)

                                                                      I think I saw that mentioned in my search for firmware updates. However, that would be a bit difficult to do without a serial port on that box. However, what is does to is create a web server, if the firmware can't be found. That web server can then be used to upload the firmware. I wonder if that gets turned on, when http upload is selected. I was using tftp, where I had to specify the IP address and file, but the missing firmware web server was 192.168.1.254, IIRC. I'll have to look into that.

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • First post
                                                                        Last post

                                                                      Products

                                                                      • Platform Overview
                                                                      • TNSR
                                                                      • pfSense
                                                                      • Appliances

                                                                      Services

                                                                      • Training
                                                                      • Professional Services

                                                                      Support

                                                                      • Subscription Plans
                                                                      • Contact Support
                                                                      • Product Lifecycle
                                                                      • Documentation

                                                                      News

                                                                      • Media Coverage
                                                                      • Press
                                                                      • Events

                                                                      Resources

                                                                      • Blog
                                                                      • FAQ
                                                                      • Find a Partner
                                                                      • Resource Library
                                                                      • Security Information

                                                                      Company

                                                                      • About Us
                                                                      • Careers
                                                                      • Partners
                                                                      • Contact Us
                                                                      • Legal
                                                                      Our Mission

                                                                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                                      Subscribe to our Newsletter

                                                                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                                      ยฉ 2021 Rubicon Communications, LLC | Privacy Policy