NTP using DHCP



  • I'd like to setup all of my devices (Windows and Linux computers, phones, tablets, etc.) to use pfSense as the NTP server. Instead of manually adding the NTP server to all the devices, is it possible to add the NTP server to the DHCP (all the devices are on static DHCP) configuration and call it a day?



  • Yes.  Services - DHCP Server - LAN tab - NTP Servers.



  • Awesome! Thanks!


  • LAYER 8 Global Moderator

    doesn't mean your OS will actually use that option that is handed out, but sure ntp is a dhcp option you can hand out.



  • @johnpoz:

    doesn't mean your OS will actually use that option that is handed out, but sure ntp is a dhcp option you can hand out.

    So it looks like only Linux devices support that. Everyone else will need to have the NTP servers manually configured. Is that correct?


  • LAYER 8 Global Moderator

    What flavor of OS are you using, Windows 7,8?  OS X? Are they members of AD?



  • OSX, Windows 7, Windows 2012 R2, Linux (Ubuntu), Android phones, and an iPad.


  • LAYER 8 Global Moderator

    so you have a 2k12 server - is this AD DC?  Or just workgroup?

    I don't think ipad uses ntp??  Would have to look into that - same goes for the android phones.  If ntp setup on your linux box, it should pick up the dhcp option.  I don't play enough with OS X to take a good guess, but I would say it could use the dhcp option.

    Your problem with phones would be if had to set static - were are you pointing them.. What when they are out about in the world?



  • The 2012 server is just a workstation. There's no AD setup on it. Does Ubuntu come with an NTP client by default or do you have to install it first? When I'm not on the network, the phones are connected to the cell towers which is where they get their time from (I would assume).


  • LAYER 8 Global Moderator

    So why would you have to change that for the phones?  I would have to look into how ipad keeps time.

    Depends on what you setup for ubuntu - I don't run any desktop versions, I just run server version and always install min amount of packages and only setup what I specific need for the use case.  I always setup ntp by hand on them.  But I could fire up a desktop client and see what it does out of the box.

    Window machines - I am kind of a ntp nut, so I am always running the latest version of it on my window boxes ;)  You can always grab latest and greatest copy from here

    http://www.satsignal.eu/ntp/x86/index.html

    I install the one from here http://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stable

    And then update it with the ones from the satsignal site.

    From a quick and dirty standpoint - I do believe windows wants to sync with like time.windows.com, so you could always do a host over ride manybe to point that fqdn to your ntp server.

    Question for you - what exactly are you looking to accomplish.. Are you wanting your boxes to be nuts on correct in time with your ntp server, or you just looking to setup an overall time sync on your network and easy fast way to point them to your ntp server?



  • As you said, due to how phones work, I'm not as worried about them (especially since I'm not using anything that's time sensitive). I'm using the desktop version of Ubuntu and I never installed an NTP client on it.

    I'd appreciate any help/guidance you can provide. I've setup my server with egress filtering (block everything coming out except certain things that I allow). Currently, the NTP port (123) is allowed access to the WAN, but I would rather have all time clients talk to pfSense and pfSense talk to the WAN for time. This is more of an educational experiment than a practical one (I've posted another thread in the Firewall section asking about allowing specific ports to only access specific FQDNs on the WAN: https://forum.pfsense.org/index.php?topic=81384.msg444600;boardseen#new)


  • LAYER 8 Global Moderator

    sure - makes sense to have all clients get time from your local source, and have it sync time with outside sources.

    Like I said I always setup all my stuff manually.  Your ipad mention got me curious about mine so going to look into that.  I don't see the need to block outbound on my home network so I don't have any rules in place - but all of my machines, or any devices that allow for setting ntp I point to my server.

    When I get a chance this weekend I will fireup a desktop ubuntu vm and see what it does for ntp - I do hand it out via dhcp as well.  On your window boxes since they are not part of a domain, I would go with the software I linked too.. It walks you thru a setup so very simple to point to whatever ntp you want to point to, and disables the built in windows time service, etc.



  • Is NTP Redirection still a viable solution?

    https://forum.pfsense.org/index.php?topic=57756.0;prev_next=next



  • That actually word! Thanks!


Log in to reply