Help with NTP
Hi, I am currently running Pfsense 2.1 x64. I have had NTP working since 2.1 came out with no issues whatsoever until today. It just simply stopped working.
No updates, packages, or changes of any sort took place on the box before this happened. It was working fine the last 3 days, and before that, today poof NTP is dead.
All my NTP Servers under System–---NTP now say Unreachable/Pending with a Strata of 16 (Means its not synchronized)
Attempts to force it to synchorize via SSH Command line with ntpdate -d pool.ntp.org or ntpdate -u time.nist.gov have failed. It fails with the message the "no server suitable for synchronization found"
Here is an output from ntpupdate -d 0.us.pool.ntp.org
5 Feb 05:19:20 ntpdate: ntpdate 4.2.4p5-a (1)
22.214.171.124: Server dropped: no data
server 126.96.36.199, port 123
stratum 0, precision 0, leap 00, trust 000
refid [188.8.131.52], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
transmit timestamp: d69c8eac.45bbcc5a Wed, Feb 5 2014 5:19:24.272
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
5 Feb 05:19:25 ntpdate: no server suitable for synchronization found
Here is a copy of the current Pfsense 2.1 x64 ntpd.conf
tinker panic 0
server 0.us.pool.ntp.org iburst maxpoll 9
server 1.us.pool.ntp.org iburst maxpoll 9
server 2.us.pool.ntp.org iburst maxpoll 9
server 3.us.pool.ntp.org iburst maxpoll 9
server time.nist.gov iburst maxpoll 9
logconfig =syncall +clockall
restrict default kod nomodify notrap nopeer
restrict -6 default kod nomodify notrap nopeer
interface ignore all
interface listen em1
Here is a traffic capture from Pfsense showing "What seems"to be the WAN/Pfsense is indeed contacting the said NTP Time Servers:
Obscured the last octets of the source IP
66.213.xxx.xx is my WAN IP Address
06:19:25.192961 IP 66.213.xxx.xx.25004 > 184.108.40.206.123: UDP, length 48
06:19:25.593927 IP 66.213.xxx.xx.25004 > 220.127.116.11.123: UDP, length 48
06:19:25.793918 IP 66.213.xxx.xx.25004 > 18.104.22.168.123: UDP, length 48
06:19:26.193900 IP 66.213.xxx.xx.25004 > 22.214.171.124.123: UDP, length 48
So it seems like the traffic is getting out, I am at a loss right now after a long day of looking at this. the Default Pass Rule on the LAN is still there.
Is it possible that NTP on Pfsense is rejecting or ignoring the packets? What exactly could the problem be?
Anyone who can help with this problem i'll appreciate it. Big time! :)
I tried the 0.us.pool.ntp.org address and also one of four servers replied with "no data". It could be a server problem. Test some others servers.
I tried testing some other servers with the same results.
removing the pfblocker package solved the issue for me, and NTP is now working properly.
There is a recently launched NTP attack on a large number of servers, dunno how many are left working properly. Last I heard was a 400gbps ddos.
The reason removing pfblocker allowed it to work was that the attack was a coverup for an infiltration of some servers, who were subsequently identified as compromised and added to pfblocker's lists.