OpenNTPD not working



  • 2.0-RELEASE (i386) built on Tue Sep 13 18:02:53 EDT 2011

    ps waux | grep ntpd
    root   38990  0.0  0.6  3656  1392  ??  S    11:29AM   0:00.01 sh -c ps waux | grep ntpd
    root   39339  0.0  0.2   544   404  ??  R    11:29AM   0:00.00 grep ntpd
    _ntp   54309  0.0  0.5  3316  1328  ??  S    11:08AM   0:00.04 ntpd: ntp engine (ntpd)
    root   54493  0.0  0.6  3316  1352  ??  Ss   11:08AM   0:00.00 ntpd: [priv] (ntpd)

    But when I do

    /usr/sbin/ntpdate -d 192.168.44.254
    28 Sep 11:30:08 ntpdate[1020]: ntpdate 4.2.4p7@1.1607 Fri Jun 26 06:39:17 UTC 2009 (1)
    Looking for host 192.168.44.254 and service ntp
    host found : mistress.local
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    192.168.44.254: Server dropped: Leap not in sync
    server 192.168.44.254, port 123
    stratum 4, precision -28, leap 11, trust 000
    refid [192.168.44.254], delay 0.02670, dispersion 0.00011
    transmitted 4, in filter 4
    reference time:    d22dbb9f.4d56afff  Wed, Sep 28 2011 11:28:31.302
    originate timestamp: d22dbc00.6e7037ff  Wed, Sep 28 2011 11:30:08.431
    transmit timestamp:  d22dbc00.8eea747d  Wed, Sep 28 2011 11:30:08.558
    filter delay:  0.02791  0.02769  0.02771  0.02670
            0.00000  0.00000  0.00000  0.00000
    filter offset: -0.12735 -0.12753 -0.12723 -0.12741
            0.000000 0.000000 0.000000 0.000000
    delay 0.02670, dispersion 0.00011
    offset -0.127412

    28 Sep 11:30:08 ntpdate[1020]: no server suitable for synchronization found

    ???

    ADD:  when I tell NTPD to shutdown from the services menu, the logs say…

    Sep 28 11:38:58 php: /pkg_edit.php: OpenNTPD is starting up.

    ps waux | grep ntpd
    root    2842  0.0  0.6  3656  1468  ??  S    11:40AM  0:00.01 sh -c ps waux | grep ntpd
    root    3010  0.0  0.2  1812  560  ??  R    11:40AM  0:00.00 grep ntpd
    _ntp    8394  0.0  0.5  3316  1328  ??  S    11:38AM  0:00.01 ntpd: ntp engine (ntpd)
    root    8950  0.0  0.6  3316  1352  ??  Ss  11:38AM  0:00.00 ntpd: [priv] (ntpd)

    so it also won't shutdown.



  • This is my latest info.  I also NOTE:  there is nothing in the  'status-system logs- OpenNTPD'.

    /usr/sbin/ntpdate -d 192.168.44.254
    28 Sep 12:13:13 ntpdate[6612]: ntpdate 4.2.4p7@1.1607 Fri Jun 26 06:39:17 UTC 2009 (1)
    Looking for host 192.168.44.254 and service ntp
    host found : mistress.home
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    192.168.44.254: Server dropped: Leap not in sync
    server 192.168.44.254, port 123
    stratum 3, precision -28, leap 11, trust 000
    refid [192.168.44.254], delay 0.02684, dispersion 0.00009
    transmitted 4, in filter 4
    reference time:    d22dc617.b087ffff  Wed, Sep 28 2011 12:13:11.689
    originate timestamp: d22dc618.f6e9cfff  Wed, Sep 28 2011 12:13:12.964
    transmit timestamp:  d22dc619.288a47ec  Wed, Sep 28 2011 12:13:13.158
    filter delay:  0.02785  0.02698  0.02684  0.02693
            0.00000  0.00000  0.00000  0.00000
    filter offset: -0.19428 -0.19465 -0.19444 -0.19452
            0.000000 0.000000 0.000000 0.000000
    delay 0.02684, dispersion 0.00009
    offset -0.194448

    28 Sep 12:13:13 ntpdate[6612]: no server suitable for synchronization found



  • Hmm, …is mistress.home a.k.a. (192.168.44.254) a stratum 1 server?
    If no, you should select an internet host ip with a NTP server preferably a stratum higher than 3 (1 is the highest level).

    I modded my release box to get ntp working the way I like it.

    These are my personal modifications. (It works for me... no guaranties)
    I've selected both "LAN" and "localhost" in the "OpenNTPD" menu in the web GUI.

    Replace the default "function system_ntp_configure()" code with this code, located in \etc\inc\system.inc

    
    function system_ntp_configure() {
    	global $config, $g;
    
    	$ntpcfg = "# \n";
    	$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
    	$ntpcfg .= "# \n\n";
    	$ntpcfg .= "# \n";
    	$ntpcfg .= "# Sync to public primairy server stratum 1 \n";
    	$ntpcfg .= "server 0.nl.pool.ntp.org iburst maxpoll 9\n";
    	$ntpcfg .= "server 1.nl.pool.ntp.org iburst maxpoll 9\n";
    	$ntpcfg .= "server 2.nl.pool.ntp.org iburst maxpoll 9\n";
    	$ntpcfg .= "server 3.nl.pool.ntp.org iburst maxpoll 9\n";
    	$ntpcfg .= "# \n\n";
    
    	/* foreach through servers and write out to ntpd.conf */
    	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
    		$ntpcfg .= "servers {$ts}\n";
    	}
    	/* Setup listener(s) if the user has configured one */
           if ($config['installedpackages']['openntpd']) {
        		/* server config is in coregui1 */
    		$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
    		if ($xmlsettings['enable'] == 'on') {
    			$ifaces = explode(',', $xmlsettings['interface']);
    			$ifaces = array_map('get_real_interface', $ifaces);
    			$ifaces = array_filter($ifaces, 'does_interface_exist');
    			$ips = array_map('find_interface_ip', $ifaces);
    			foreach ($ips as $ip) {
    				if (is_ipaddr($ip))
    					$ntpcfg .= "listen on $ip\n";
    			}
    		}
    	}
    	$ntpcfg .= "\n";
    
    	/* open configuration for wrting or bail */
    	$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
    	if(!$fd) {
    		log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
    		return;
    	}
    	fwrite($fd, $ntpcfg);
    
    	/* slurp! */
    	fclose($fd);
    
    	/* if openntpd is running, kill it */
    	while(is_process_running("ntpd")) {
    		killbyname("ntpd");
    	}
    
    	/* if /var/empty does not exist, create it */
    	if(!is_dir("/var/empty"))
    		exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
    
    	if ($g['booting'])
    		return;
    
    	/* start opentpd, set time now and use /var/etc/ntpd.conf */
    	exec("ntpd -c {$g['varetc_path']}/ntpd.conf -f /var/db/ntpd.drift -p /var/run/ntpd.pid -l {$g['varlog_path']}/ntpd.log");
    
    	// Note that we are starting up
    	exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log");
    
    } 
    
    

    It will use dutch (NL) servers to connect to, in order to retrieve the NTP-time more quickly on first start.
    replace NL in "server 0.nl.pool.ntp.org iburst maxpoll 9/n" with something more suitable for your country in the first lines in the above modded code.

    My system (web GUI) timeserver settings are:
    "nl.pool.ntp.org de.pool.ntp.org europe.pool.ntp.org"
    Located and entered via web GUI : "System: General Setup" NTP time server.
    This page is also used to "restart the NTPservice" with correct PIDfile press "save" to apply modification and also kill and restart NTPd.

    I have not located the bootup process yet. (so this won't start automatically after bootup has finished.)
    (the dashboard widget will show the "NTP clock sync" service as stopped after a reboot)

    After the mod my "/var/etc/ntpd.conf" looks like this:

    
    # 
    # pfSense OpenNTPD configuration file 
    # 
    
    # 
    # Sync to public primairy server stratum 1 
    server 0.nl.pool.ntp.org iburst maxpoll 9
    server 1.nl.pool.ntp.org iburst maxpoll 9
    server 2.nl.pool.ntp.org iburst maxpoll 9
    server 3.nl.pool.ntp.org iburst maxpoll 9
    # 
    
    servers nl.pool.ntp.org
    servers de.pool.ntp.org
    servers europe.pool.ntp.org
    listen on 192.168.0.1
    listen on 127.0.0.1
    
    

    You can test ntp is working from the console with :

    
    [2.0-RELEASE][root@pfsense.home]/(7): ntpdc
    ntpdc> help
    ntpdc commands:
    addpeer      controlkey   fudge        keytype      quit         timeout
    addrefclock  ctlstats     help         listpeers    readkeys     timerstats
    addserver    debug        host         loopinfo     requestkey   traps
    addtrap      delay        hostnames    memstats     reset        trustedkey
    authinfo     delrestrict  ifreload     monlist      reslist      unconfig
    broadcast    disable      ifstats      passwd       restrict     unrestrict
    clkbug       dmpeers      iostats      peers        showpeer     untrustedkey
    clockstat    enable       kerninfo     preset       sysinfo      version
    clrtrap      exit         keyid        pstats       sysstats
    ntpdc> monlist
    remote address          port local address      count m ver code avgint  lstint
    ===============================================================================
    localhost              28027 127.0.0.1              3 7 2      0     13       0
    Holocron.home            123 192.168.0.1         3613 3 4      0     71      50
    virtueledoos.nl          123 84.xxx.xxx.xxx       2238 4 4      0    512      57
    edge.tillo.ch            123 84.xxx.xxx.xxx       2248 4 4      0    512     192
    sip.dicode.nl            123 84.xxx.xxx.xxx       2250 4 4      0    513     474
    damiana-ext-bge0.tools   123 84.xxx.xxx.xxx       2245 4 4      0    512     485
    W7-PC.home             60655 192.168.0.1           15 3 3      0  48344     995
    atom-xp.home             123 192.168.0.1            1 1 3      0      0  272197
    Simon-PC.home            123 192.168.0.1            1 3 3      0      0  300056
    Anduril.home             123 192.168.0.1            2 3 3      0      1  692478
    ntpdc>
    
    

    I also created a LAN rule to "Allow internal network to NTPd server". ( TCP/UDP port 123 = NTP).


  • Rebel Alliance Global Moderator

    problem is the server he is trying to sync against is not in sync, that is what "leap 11" means.  Once the server you are trying to sync with is in sync you should be good to go, I sync my pfsense against a local server.. And mine is only stratum 2 ;)

    ntpdate -d 192.168.1.4
    28 Sep 13:02:56 ntpdate[22538]: ntpdate 4.2.4p5-a (1)
    transmit(192.168.1.4)
    receive(192.168.1.4)
    transmit(192.168.1.4)
    receive(192.168.1.4)
    transmit(192.168.1.4)
    receive(192.168.1.4)
    transmit(192.168.1.4)
    receive(192.168.1.4)
    transmit(192.168.1.4)
    server 192.168.1.4, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [192.168.1.4], delay 0.02596, dispersion 0.00000
    transmitted 4, in filter 4
    reference time:    d22ddd4e.00537c34  Wed, Sep 28 2011 12:52:14.001
    originate timestamp: d22de03b.4f425a04  Wed, Sep 28 2011 13:04:43.309
    transmit timestamp:  d22ddfd0.61fb154e  Wed, Sep 28 2011 13:02:56.382
    filter delay:  0.02614  0.02596  0.02599  0.02602
            0.00000  0.00000  0.00000  0.00000
    filter offset: 106.9267 106.9266 106.9266 106.9266
            0.000000 0.000000 0.000000 0.000000
    delay 0.02596, dispersion 0.00000
    offset 106.926633

    28 Sep 13:02:56 ntpdate[22538]: step time server 192.168.1.4 offset 106.926633 sec



  • OK - more info.

    My pfsense FW (embedded) = mistress.local (I just changed it to mistress.home due to the  'General Setup'  saying NOT to use local)  on IP 192.168.44.254

    It get's its time from   0.us.pool.ntp.org

    The /usr/sbin/ntpdate -d 192.168.44.254  is a check from another computer on the network to the pfsense FW.

    My latest test.

    /usr/sbin/ntpdate -d 192.168.44.254
    1 Oct 10:14:42 ntpdate[515]: ntpdate 4.2.6@1.2089-o Fri May 28 01:20:57 UTC 2010 (1)
    Looking for host 192.168.44.254 and service ntp
    host found : mistress.home
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    receive(192.168.44.254)
    transmit(192.168.44.254)
    192.168.44.254: Server dropped: Leap not in sync
    server 192.168.44.254, port 123
    stratum 4, precision -28, leap 11, trust 000
    refid [192.168.44.254], delay 0.02689, dispersion 0.00096
    transmitted 4, in filter 4
    reference time:    d2319dcf.9c8defff  Sat, Oct  1 2011 10:10:23.611
    originate timestamp: d2319ed3.2868a7ff  Sat, Oct  1 2011 10:14:43.157
    transmit timestamp:  d2319ed2.c9299956  Sat, Oct  1 2011 10:14:42.785
    filter delay:  0.02768  0.02727  0.04030  0.02689
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.371718 0.371585 0.365035 0.371412
            0.000000 0.000000 0.000000 0.000000
    delay 0.02689, dispersion 0.00096
    offset 0.371412

    1 Oct 10:14:42 ntpdate[515]: no server suitable for synchronization found


  • Rebel Alliance Global Moderator

    1 Oct 10:14:42 ntpdate[515]: no server suitable for synchronization found

    What else do you need to know??

    that server at 192.168.44.254 is NOT in sync, so you can not sync off of it!

    Fix that SERVER!!  Then you can sync off of it.

    sync your pfsense to a server that is in sync, say pool.ntp.org

    ntpdate -d pool.ntp.org
    1 Oct 09:22:19 ntpdate[63426]: ntpdate 4.2.4p5-a (1)
    transmit(173.193.227.67)
    receive(173.193.227.67)
    transmit(173.193.227.67)
    receive(173.193.227.67)
    transmit(173.193.227.67)
    receive(173.193.227.67)
    transmit(173.193.227.67)
    receive(173.193.227.67)
    transmit(173.193.227.67)
    transmit(67.223.229.211)
    receive(67.223.229.211)
    transmit(67.223.229.211)
    receive(67.223.229.211)
    transmit(67.223.229.211)
    receive(67.223.229.211)
    transmit(67.223.229.211)
    receive(67.223.229.211)
    transmit(67.223.229.211)
    transmit(68.67.69.235)
    receive(68.67.69.235)
    transmit(68.67.69.235)
    receive(68.67.69.235)
    transmit(68.67.69.235)
    receive(68.67.69.235)
    transmit(68.67.69.235)
    receive(68.67.69.235)
    transmit(68.67.69.235)
    server 173.193.227.67, port 123
    stratum 4, precision -20, leap 00, trust 000
    refid [173.193.227.67], delay 0.06474, dispersion 0.00058
    transmitted 4, in filter 4
    reference time:    d2319fe6.ca2746a4  Sat, Oct  1 2011  9:19:18.789
    originate timestamp: d231a09b.cbef66a2  Sat, Oct  1 2011  9:22:19.796
    transmit timestamp:  d231a09b.c5e39fbb  Sat, Oct  1 2011  9:22:19.773
    filter delay:  0.06474  0.06622  0.06638  0.06601
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.002454 0.003179 0.003203 0.003080
            0.000000 0.000000 0.000000 0.000000
    delay 0.06474, dispersion 0.00058
    offset 0.002454

    server 67.223.229.211, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [67.223.229.211], delay 0.06375, dispersion 0.00034
    transmitted 4, in filter 4
    reference time:    d2319ca6.af0f578b  Sat, Oct  1 2011  9:05:26.683
    originate timestamp: d231a09b.fed53576  Sat, Oct  1 2011  9:22:19.995
    transmit timestamp:  d231a09b.f8f93cca  Sat, Oct  1 2011  9:22:19.972
    filter delay:  0.06407  0.06850  0.06375  0.06392
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.003482 0.005845 0.003660 0.003717
            0.000000 0.000000 0.000000 0.000000
    delay 0.06375, dispersion 0.00034
    offset 0.003660

    server 68.67.69.235, port 123
    stratum 3, precision -20, leap 00, trust 000
    refid [68.67.69.235], delay 0.08972, dispersion 0.00064
    transmitted 4, in filter 4
    reference time:    d231a037.e7cc4787  Sat, Oct  1 2011  9:20:39.905
    originate timestamp: d231a09c.46eced1e  Sat, Oct  1 2011  9:22:20.277
    transmit timestamp:  d231a09c.40301039  Sat, Oct  1 2011  9:22:20.250
    filter delay:  0.09128  0.09348  0.08972  0.08980
            0.00000  0.00000  0.00000  0.00000
    filter offset: -0.00533 -0.00436 -0.00619 -0.00579
            0.000000 0.000000 0.000000 0.000000
    delay 0.08972, dispersion 0.00064
    offset -0.006196

    1 Oct 09:22:20 ntpdate[63426]: adjust time server 67.223.229.211 offset 0.003660 sec



  • I updated from 2.0-RC3 to 2.0-Release so my   Uptime = 2 days, 23:06

    Almost 3-days to sync in.  Should have taken 15 minutes or so.

    But WHY isn't it in sync.

    The offset is only - offset 0.371412

    Yes, I have previously checked against pool.ntp.org but moved to 0.us.pool.ntp.org as I wasn't getting any success  and that one IS in sync despite the offset 0.551141

    /usr/sbin/ntpdate -d 0.us.pool.ntp.org
    1 Oct 10:48:01 ntpdate[537]: ntpdate 4.2.6@1.2089-o Fri May 28 01:20:57 UTC 2010 (1)
    Looking for host 0.us.pool.ntp.org and service ntp
    host found : ntp2.rescomp.berkeley.edu
    transmit(169.229.70.95)
    receive(169.229.70.95)
    transmit(169.229.70.95)
    transmit(208.75.88.4)
    receive(169.229.70.95)
    transmit(169.229.70.95)
    receive(208.75.88.4)
    transmit(208.75.88.4)
    receive(169.229.70.95)
    transmit(169.229.70.95)
    receive(208.75.88.4)
    transmit(208.75.88.4)
    transmit(208.97.140.69)
    receive(208.75.88.4)
    transmit(208.75.88.4)
    receive(169.229.70.95)
    transmit(169.229.70.95)
    receive(208.97.140.69)
    transmit(208.97.140.69)
    receive(208.75.88.4)
    transmit(208.75.88.4)
    receive(208.97.140.69)
    transmit(208.97.140.69)
    receive(208.97.140.69)
    transmit(208.97.140.69)
    receive(208.97.140.69)
    transmit(208.97.140.69)
    server 169.229.70.95, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [169.229.70.95], delay 0.11014, dispersion 0.00752
    transmitted 4, in filter 4
    reference time:    d231a083.64a0a057  Sat, Oct  1 2011 10:21:55.393
    originate timestamp: d231a6a2.da46136d  Sat, Oct  1 2011 10:48:02.852
    transmit timestamp:  d231a6a2.40e93e1c  Sat, Oct  1 2011 10:48:02.253
    filter delay:  0.13739  0.14780  0.14052  0.11014
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.545457 0.547989 0.553706 0.556794
            0.000000 0.000000 0.000000 0.000000
    delay 0.11014, dispersion 0.00752
    offset 0.556794

    server 208.75.88.4, port 123
    stratum 2, precision -19, leap 00, trust 000
    refid [208.75.88.4], delay 0.09875, dispersion 0.00363
    transmitted 4, in filter 4
    reference time:    d231a322.f6f451c7  Sat, Oct  1 2011 10:33:06.964
    originate timestamp: d231a6a2.eda470da  Sat, Oct  1 2011 10:48:02.928
    transmit timestamp:  d231a6a2.5691105e  Sat, Oct  1 2011 10:48:02.338
    filter delay:  0.10872  0.09875  0.10445  0.11700
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.553060 0.554893 0.551142 0.544405
            0.000000 0.000000 0.000000 0.000000
    delay 0.09875, dispersion 0.00363
    offset 0.554893

    server 208.97.140.69, port 123
    stratum 2, precision -20, leap 00, trust 000
    refid [208.97.140.69], delay 0.10046, dispersion 0.00230
    transmitted 4, in filter 4
    reference time:    d231a503.f7be6079  Sat, Oct  1 2011 10:41:07.967
    originate timestamp: d231a6a3.2632798c  Sat, Oct  1 2011 10:48:03.149
    transmit timestamp:  d231a6a2.8fa6efc3  Sat, Oct  1 2011 10:48:02.561
    filter delay:  0.10507  0.10046  0.12903  0.10054
            0.00000  0.00000  0.00000  0.00000
    filter offset: 0.550695 0.551141 0.535937 0.550521
            0.000000 0.000000 0.000000 0.000000
    delay 0.10046, dispersion 0.00230
    offset 0.551141

    1 Oct 10:48:02 ntpdate[537]: step time server 208.75.88.4 offset 0.554893 sec


  • Rebel Alliance Global Moderator

    just because offset is not much, does not mean the ntp server is in sync and will allow others to sync off of it.

    What I would suggest you do is kill your ntpd and then run it in the console so you can see what is happening.

    I am really not a big fan of this really low end openntpd to be honest, not sure why don't just run full blown ntp??  Must easier to work with, shoot the version currently installed dos not even log, nor does it support the -v option which is suppose to log debug, etc.

    but if you run it in the console with -d you will see what is happening

    example here is mine

    [2.1-DEVELOPMENT][root@pfsense.local.lan]/usr/local/sbin(19): ./ntpd -d -f /var/etc/ntpd.conf
    listening on 192.168.1.253
    listening on 127.0.0.1
    ntp engine ready
    reply from 192.168.1.4: offset 127.161665 delay 0.000531, next query 6s
    reply from 192.168.1.4: offset 127.161404 delay 0.000391, next query 6s
    reply from 192.168.1.4: offset 127.161170 delay 0.000280, next query 8s
    peer 192.168.1.4 now valid
    reply from 192.168.1.4: offset 127.160922 delay 0.000339, next query 8s
    reply from 192.168.1.4: offset 127.160598 delay 0.000267, next query 8s
    reply from 192.168.1.4: offset 127.160319 delay 0.000342, next query 9s
    ^Cntp engine exiting
    Terminating

    But I think you are confusing what that 192.168.1.254 box is saying when you try and do a ntpdate to it, that box is saying you can not use it as a timesource, not that your pfsense box is not in sync with what servers its using.

    Lets see the output of the above example – and we can see where its syncing and if it says that peer is valid, etc.

    as to that .254 box your trying to ntpdate too -- what does it use as its servers?  Is it running full blown ntpd, or openntpd?



  • i can confirm, that openNTP doesnt work on pfsense 2.0 with alix.
    my alix with pfsense is up till 3 days and i always get no sync with my clients.

    
    root@pc1:/home/schtebo# ntpdate -d 192.168.6.254
     3 Oct 15:48:34 ntpdate[11780]: ntpdate 4.2.6p2@1.2194-o Fri Jun 17 06:06:36 UTC 2011 (1)
    Looking for host 192.168.6.254 and service ntp
    host found : pfsense.net.local
    transmit(192.168.6.254)
    receive(192.168.6.254)
    transmit(192.168.6.254)
    receive(192.168.6.254)
    transmit(192.168.6.254)
    receive(192.168.6.254)
    transmit(192.168.6.254)
    receive(192.168.6.254)
    transmit(192.168.6.254)
    192.168.6.254: Server dropped: Leap not in sync
    server 192.168.6.254, port 123
    stratum 2, precision -28, leap 11, trust 000
    refid [192.168.6.254], delay 0.02644, dispersion 0.00092
    transmitted 4, in filter 4
    reference time:    d2343a3b.0cd2e7ff  Mon, Oct  3 2011 15:42:19.050
    originate timestamp: d2343bb9.5c60c7ff  Mon, Oct  3 2011 15:48:41.360
    transmit timestamp:  d2343bb8.4d0c07b9  Mon, Oct  3 2011 15:48:40.300
    filter delay:  0.02650  0.02644  0.02646  0.02644 
             0.00000  0.00000  0.00000  0.00000 
    filter offset: 1.057472 1.058120 1.058786 1.059461
             0.000000 0.000000 0.000000 0.000000
    delay 0.02644, dispersion 0.00092
    offset 1.058120
    
     3 Oct 15:48:42 ntpdate[11780]: no server suitable for synchronization found
    
    

  • Rebel Alliance Global Moderator

    Again what part do you not understand about that .254 box not being in sync??

    leap 11

    Means its not in sync, and no clients will be able to sync off of it, if your syncing your pfsense openntp off of that it will never sync, and therefore no clients will be able to sync off of the pfsense openntp because it does not have a valid timesource to sync from.

    Your ntpdate command is clearly telling you that box is "no server suitable for synchronization found"

    You need to sync your pfsense box off something that is actually in sync, and then give it time.  Then you will be able to sync off of it.

    So here is a client that is not my pfsense box testing the openntp running on my pfsense box 192.168.1.253, which syncs off my networks time server 192.168.1.4, which is a valid stratum 2 – so my pfsense becomes a stratum 3

    ntpdate -d 192.168.1.253
    6 Oct 13:00:39 ntpdate[11558]: ntpdate 4.2.6p2@1.2194-o Fri Jun 17 05:59:45 UTC 2011 (1)
    Looking for host 192.168.1.253 and service ntp
    host found : pfsense.local.lan
    transmit(192.168.1.253)
    receive(192.168.1.253)
    transmit(192.168.1.253)
    receive(192.168.1.253)
    transmit(192.168.1.253)
    receive(192.168.1.253)
    transmit(192.168.1.253)
    receive(192.168.1.253)
    transmit(192.168.1.253)
    server 192.168.1.253, port 123
    stratum 3, precision -21, leap 00, trust 000
    refid [192.168.1.253], delay 0.02779, dispersion 0.00017
    transmitted 4, in filter 4
    reference time:    d2386908.f3829fff  Thu, Oct  6 2011 12:51:04.951
    originate timestamp: d2386b4d.72efe7ff  Thu, Oct  6 2011 13:00:45.448
    transmit timestamp:  d2386b4d.73522c2d  Thu, Oct  6 2011 13:00:45.450
    filter delay:  0.02809  0.02831  0.02779  0.02786
            0.00000  0.00000  0.00000  0.00000
    filter offset: -0.00270 -0.00304 -0.00251 -0.00263
            0.000000 0.000000 0.000000 0.000000
    delay 0.02779, dispersion 0.00017
    offset -0.002517

    6 Oct 13:00:47 ntpdate[11558]: adjust time server 192.168.1.253 offset -0.002517 sec

    
     ntpq
    ntpq> host 192.168.1.4
    current host set to 192.168.1.4
    ntpq> pe
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    +ntp.your.org    .CDMA.           1 u  301 1024  377   11.474    4.556   5.515
    +173-14-55-9-Mic .ACTS.           1 u  274 1024  377   38.172    0.493   7.656
    *nist.netservice .ACTS.           1 u  940 1024  377   19.719    1.479   7.581
    +ns.nts.umn.edu  192.168.245.213  2 u   69 1024  373   23.286    5.908  16.962
    +caesar.cs.wisc. 128.105.201.11   2 u  208 1024  377   16.659   -0.409   5.992
    
    

    So if I ask one of my other clients, on where its syncing from, you will see that my 192.168.1.4 box is stratum 2

    
    ntpq> host 192.168.1.100
    current host set to 192.168.1.100
    ntpq> pe
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    *p4-28g.local.la 64.113.32.5      2 u 141m  128  377    0.589   -4.683  11.668
    
    

    Notice the refid 64.113.32.5

    so 192.168.1.100 is telling me he syncs with p4-28.local.lan (192.168.1.4) who syncs with

    ;; ANSWER SECTION:
    5.32.113.64.in-addr.arpa. 85982 IN      PTR     nist.netservicesgroup.com.

    Why do you keep asking this 192.168.1.254 for time, who is he trying to sync with?  And where is your pfsense box set to sync with?

    If you pfsense box is not syncing, you need to verify where he is trying to sync and that its a valid time source, and then give it time to do its things!!



  • Why do you keep asking this 192.168.1.254 for time, who is he trying to sync with?  And where is your pfsense box set to sync with?

    Is this address on your WAN or LAN?

    I dont think your pfSense box will sync from someone on the lan…


Locked