1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Ntp sync / reliability

Ntp sync / reliability

  • J

    I am running pfsense 2.0.1 (great work btw!) with great success. One thing I have noticed (this also applies to 2.0 which I was running previous to yesterdays upgrade) is that the ntp seems to not stay in sync all the time. I have several managed switches on the network which have their SNTP settings pointed at the pfsense box (running the OpenNTPD service available to my network at 192.168.1.1:123). They can all synchronize with the pfsense box which is great however at random times the pfsense is not able to provide service due to the following:

    192.168.1.1: Server dropped: Leap not in sync
    server 192.168.1.1, port 123
    stratum 5, precision -28, leap 11, trust 000

    20 Dec 22:39:21 ntpdate[3576]: no server suitable for synchronization found

    Based on the numbers (failures & successes) over a 24-hour period the pfsense box is not in sync approximately 10% of the time. I have no other benchmark to compare with so I set one of my managed switches to point to one of the NIST IP's located here: http://tf.nist.gov/tf-cgi/servers.cgi. When I used one of these servers I had no sync issues over a 24-hour period and the switch was able to obtain time 100% of the period. My pfsense box (ntpd.conf) is currently pointed to 0.us.pool.ntp.org.

    One thing I have observed is that if I make any changes to my pfsense box, e.g. ranging from changing the GUI theme to starting / stopping a service, the NTP service appears to be "reset" and requires an hour or so to get in sync. However once the server is in sync it randomly loses this leap sync.

    I was curious what experience other folks have on this matter. Yes, for the most part the time is correct 90% of the time and lags slightly when the server is not in sync so certainly not a showstopper.

    I would say that the overall goal is to simply have one machine (pfsense box) obtain time and serve it out to the entire local network.

    0
  • jimp
    Rebel Alliance Developer Netgate

    you might try changing the upstream NTP server(s) to one(s) specifically closer to you in the ntp.org pool. They have lists for people all over the world, finding one closer to you may improve its accuracy and ability to stay in sync.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy