OpenNTPd on pfsense 2.0.1 – Leap 11
-
Hi all,
I am having the exact same issue as this fellow:
http://forum.pfsense.org/index.php?topic=41797.0;prev_next=nextMy pfSense box (10.3.3.1) is set to sunc off my isp (ntp.internode.on.net)
When I run ntpd on the command line on the pfSense box I get this:
2.0.1-RELEASE][admin@pfsense.rizal]/usr/local/sbin(6): ./ntpd -d -f /var/etc/ntpd.conf listening on 10.3.3.1 listening on 127.0.0.1 ntp engine ready reply from 192.231.203.132: offset 1.704999 delay 0.021944, next query 7s reply from 116.66.162.4: offset 1.708221 delay 0.035372, next query 7s reply from 202.127.210.37: offset 1.710047 delay 0.038504, next query 9s reply from 203.82.209.217: offset 1.705295 delay 0.075555, next query 8s reply from 192.231.203.132: offset 1.697289 delay 0.019584, next query 9s reply from 116.66.162.4: offset 1.700486 delay 0.033955, next query 9s reply from 203.82.209.217: offset 1.695077 delay 0.072558, next query 7s reply from 202.127.210.37: offset 1.696208 delay 0.030671, next query 7s reply from 203.82.209.217: offset 1.686169 delay 0.069318, next query 5s reply from 192.231.203.132: offset 1.690536 delay 0.018927, next query 7s reply from 116.66.162.4: offset 1.693147 delay 0.031822, next query 7s reply from 202.127.210.37: offset 1.696890 delay 0.034365, next query 7s peer 203.82.209.217 now valid reply from 203.82.209.217: offset 1.703157 delay 0.069203, next query 8s peer 192.231.203.132 now valid reply from 192.231.203.132: offset 1.709338 delay 0.032208, next query 7s peer 116.66.162.4 now valid reply from 116.66.162.4: offset 1.717453 delay 0.033581, next query 9s peer 202.127.210.37 now valid reply from 202.127.210.37: offset 1.721407 delay 0.035603, next query 9s reply from 203.82.209.217: offset 1.731117 delay 0.070014, next query 7s reply from 192.231.203.132: offset 1.739532 delay 0.019014, next query 6s ..... adjusting local clock by 1.699683s reply from 116.66.162.4: offset 1.888702 delay 0.030843, next query 30s reply from 202.127.210.37: offset 1.886726 delay 0.036368, next query 34s reply from 203.82.209.217: offset 1.882044 delay 0.074429, next query 31s reply from 192.231.203.132: offset 1.878635 delay 0.017656, next query 34s
Yet at the same time hosts on the LAN are getting this:
root@proxmox:~# ntpdate -dq ntp 20 Jun 22:50:54 ntpdate[503365]: ntpdate 4.2.4p4@1.1520-o Sun Nov 22 16:14:35 UTC 2009 (1) transmit(10.3.3.1) receive(10.3.3.1) transmit(10.3.3.1) receive(10.3.3.1) transmit(10.3.3.1) receive(10.3.3.1) transmit(10.3.3.1) receive(10.3.3.1) transmit(10.3.3.1) 10.3.3.1: Server dropped: Leap not in sync server 10.3.3.1, port 123 stratum 4, precision -28, leap 11, trust 000 refid [10.3.3.1], delay 0.02596, dispersion 0.00000 transmitted 4, in filter 4 reference time: d38c4569.937827ff Wed, Jun 20 2012 22:49:45.576 originate timestamp: d38c45ce.ac5fbfff Wed, Jun 20 2012 22:51:26.673 transmit timestamp: d38c45ae.39ba7fc3 Wed, Jun 20 2012 22:50:54.225 filter delay: 0.02626 0.02597 0.02603 0.02596 0.00000 0.00000 0.00000 0.00000 filter offset: 32.44775 32.44764 32.44761 32.44765 0.000000 0.000000 0.000000 0.000000 delay 0.02596, dispersion 0.00000 offset 32.447652 20 Jun 22:50:54 ntpdate[503365]: no server suitable for synchronization found
If I sync directly to my ISP I get success.
root@proxmox:~# ntpdate -dq ntp.internode.on.net 20 Jun 22:54:30 ntpdate[503598]: ntpdate 4.2.4p4@1.1520-o Sun Nov 22 16:14:35 UTC 2009 (1) transmit(192.231.203.132) receive(192.231.203.132) transmit(192.231.203.132) receive(192.231.203.132) transmit(192.231.203.132) receive(192.231.203.132) transmit(192.231.203.132) receive(192.231.203.132) transmit(192.231.203.132) server 192.231.203.132, port 123 stratum 2, precision -20, leap 01, trust 000 refid [192.231.203.132], delay 0.04430, dispersion 0.00046 transmitted 4, in filter 4 reference time: d38c39a5.e496780d Wed, Jun 20 2012 21:59:33.892 originate timestamp: d38c46a9.699d551c Wed, Jun 20 2012 22:55:05.412 transmit timestamp: d38c4686.e850bd87 Wed, Jun 20 2012 22:54:30.907 filter delay: 0.04430 0.04503 0.04597 0.04453 0.00000 0.00000 0.00000 0.00000 filter offset: 34.49500 34.49532 34.49578 34.49559 0.000000 0.000000 0.000000 0.000000 delay 0.04430, dispersion 0.00046 offset 34.495008 20 Jun 22:54:30 ntpdate[503598]: step time server 192.231.203.132 offset 34.495008 sec
If I manually restart the ntpd it sometimes allows clients to sync.
I am not sure why my pfsense box is always a "Leap 11"Is this a know issue?
I know a place I work at are running pfSense 2 BETA and are having now issue with ntp.Thanks.
-
did you read the post ?
it clearly states you need to let you pfsense box sync with a valid time source. the error you are getting points to the fact that the ntp server you are synching to is not in sync.
change your ntp server to select a valid stratum 1 or 2 server to sync off, then try again
-
Ummm yes of course, that is why I referenced it.
If I sync directly from any host on the LAN to my ISP's ntp server, we get a sync everytime.
It reads to me that the openntp service on the pfsense box is getting a sync with my ISPs NTP server.So that leads me to believe that the NTP server I am synching to is in sync.
Could it mean anything else?
-
A little bump on this.
Am I the only one currently with this issue?
Maybe it is due to upgrading from early BETAs through to 2.0.1-RELEASE.
I have all my boxes skipping past my pfSense and going straight to my ISP's NTP server. So I guess no big deal, it would just be nice to have the OpenNTPd implementation working.
Thanks.
-
Problem is openntp blows ;) You can not even query it to find out what its doing.
2.1 has changed over to actual ntpd finally - I would think they would back fill this to 2.0 line?
if not the actual ntpd is there, you can run it vs the openntpd
Or just move to 2.1!! Its in beta - very stable! This should fix your ntp related problems. They have even added a status page where you can view status of ntpd and it even logs
Jun 23 08:10:23 ntpd[45285]: proto: precision = 1.955 usec
Jun 23 08:10:23 ntpd[45057]: ntpd 4.2.6p5@1.2349-o Wed Jun 13 22:00:05 UTC 2012 (1)
Jun 23 08:10:23 ntpdate[44986]: adjust time server 192.168.1.40 offset -0.000764 sec
-
Yes, we have copied that into 2.0.x as well. When 2.0.2 comes out here shortly, it will have ntpd, not openntpd.
-
Fantastic!
Thanks for the information guys. I thought I was going crazy (and so did heper it seems)
It does fascinate me that one of the places I work at switched it on in the GUI with their multiple pfSense boxes at multiple campuses and never had an issue with it.
I must check to see if they are actually pointing their systems to it for NTP or they only think they are.