OpenNTPD is not working properly
-
Hello!
I installed pfSense (version 1.2.3) on a dedicated machine that is used as a network firewall. Seeing that OpenNTP server package is included by default I enabled it and set it to update the machine's clock and also to act as a ntp server for the other machines on the LAN. The firewall's clock is updated properly but I cannot connect or use the ntp service to update the other machine's on the network.
UDP packages are comming in from the LAN but the ntpd server doesn't react to any of them (no response is sent). Nothing is logged into ntp.log (nothing can be seen in the Status–>System logs->OpenNTPD page).
Could somebody enlighten me what is that I'm doing wrong and give me some pointer how to solve this issue. Thank you!P.S The pfSense is an out of the box installation.
-
Once enabled it will work after some time.
Also, Nothing ever logs under Status–>System logs->OpenNTPD page.
-
The problem is that after a day still doesn't work. What is the amount of time that is needed to pass after a restart in this case? Thanks!
-
Have you made sure that you don't have firewall rules that are preventing the NTP packets from getting through? The default config should be correct (allows everything from LAN), but if you have any OPT interfaces or have setup any other rules, you may have accidentally prevented NTP.
Otherwise, NTP works entirely over UDP. The synchronization period between two systems can take a few minutes or longer. If the clocks are too far out of sync initially, most ntpd implementations will abort unless a special flag is set. It is pretty common for UNIX clients to run ntpdate on boot to get the clock mostly correct and then start ntpd to have periodic synchronization. I'm not really sure what the Windows implementation does.
-
I don't have any firewall rules that would prevent NTP packets getting through, for matter of fact the config the the default config. I even setup a rule that specifically allows NTP packets to get through from LAN. I also used ntpdate to sync the clocks before testing and the same thing happens. If I try to sync the clocks on the machines residing on the LAN I get the message that no usable server exists. Also I stopped the ntp service and ran it manually (I logged in to the firewall using ssh and worked on the console) with no daemonize parameter (so it will run in foreground) to see what happens, because ColdFusion said that nothing is logged to ntp.log. The same thing happens. I see that ntpd syncs the firewall's clock properly using outside servers, I see ntp packets getting through (using tcpdump) but I get no response from ntpd. It's like the ntpd never got any request.
-
Problem solved. :-[ It seems that now it suddenly works. I let the service running since yesterday. Yesterday nothing worked but now it works. The clocks are syncing properly with the firewall. Thanks for your patience and sorry for the false problem ;D
P.S. Could you explain why it works only after the service is ran for some time? I tried to read about it but I didn't find anything that would explain this kind of behavior (I suppose that it has to setup itself properly that is why at start it doesn't respond at all). Thanks!
-
Could you explain why it works only after the service is ran for some time?
My guess is that the ntp server needs some time to pass to be confident that the ntp client has stabilised its time offset calculation and that the server doesn't offer the service until that has happened.