Pfsense Date & Time

Cleetus Antony

@Gertjan PFSENSE connected to internet and everything is working. Clients r getting internet thru pfsense. When I want to create rules with scheduler, due to time wrong time, the rule doesnt work as indented for clients. Any clue ?

Cleetus Antony

@elvisimprsntr
I set the correct time zone in pfsense. Date is correct. but the time is few hours difference. Looks like the time in BIOS is local. there is no option I can see in BIOS to change to UTC. What am I missing ?

elvisimprsntr

This post is deleted!

elvisimprsntr

@Cleetus-Antony

simply set the BIOS time to UTC HH:MM:SS

https://www.timeanddate.com/worldclock/timezone/utc

Cleetus Antony

@elvisimprsntr
Time in BIOS is correct and its in UTC format. Still I installed new battery in motherboard.
But even after setting correct time zone in pfsense, time is 7 Hours ahead.

elvisimprsntr

@Cleetus-Antony

GUI: stop NTP service
CLI: ntpdate time.nist.gov
GUI: restart NTP service

Cleetus Antony

This post is deleted!

Cleetus Antony

@elvisimprsntr

Did the same. I got below msg on output.
Still the time is wrong.. Now 4 Hours 30 min difference.

14 Jun 19:03:04 ntpdate[63408]: the NTP socket is in use, exiting

Cleetus Antony

@elvisimprsntr
14 Jun 19:14:57 ntpdate[69805]: no server suitable for synchronization found

this is the result of second try

Cleetus Antony

@elvisimprsntr
"DNS Resolver is stopped or Disabled" when we chk the tatus of DNS Resolver.
In the DNS Resolver page, the Enable DNS Resolver tick mark is ON
May be NTP server setting is not resolving ??????
DNS Resolution behavior is set as Default.(First use local and fall back to remote)

DNS forwarder is ON and working.

Gertjan

@Cleetus-Antony said in Pfsense Date & Time:

DNS forwarder is ON and working.

Then the NTP client can resolve.

Cleetus Antony

@Gertjan But no effect. Tried all the ways . Time is still 4 and half hour ahead.

Cleetus Antony

@Gertjan
14 Jun 19:14:57 ntpdate[69805]: no server suitable for synchronization found

This response means any issue with DNS ?

Gertjan

@Cleetus-Antony

Noop.
A (the pfSense) NTP client syncs with an NTP server, typically an IP (and in that case : no DNS needed ;) ), a host name or even a pool.
It tells you it wasn't able to do so.

Example :
I'm in France, so I used a local NTP server pool :

Because you should never 'type in stuff without checking, I've checked this "2.fr.pool.ntp.org" :

[24.03-RELEASE][root@pfSense.bhf.tld]/root: dig @127.0.0.1 2.fr.pool.ntp.org +short
195.154.226.102
149.91.80.92
91.224.149.41
82.64.81.218

This tells me 3 things :
The pool is a pool, there are several IPs.
The 'host name' resolves to IPs.
And, bonus : my DNS works.

My 'NTP' is happy of course :

Hummm : the status told me my check was wrong ....
Ok, again :

[24.03-RELEASE][root@pfSense.bhf.tld]/root: dig @127.0.0.1 2.fr.pool.ntp.org AAAA +short
2001:41d0:801:2000::acb
2001:41d0:304:200::6803
2603:1020:802:3::a8
2001:861:4080:81b1::3

Also fine.

Cleetus Antony

@Gertjan said in Pfsense Date & Time:

dig @127.0.0.1 2.fr.pool.ntp.org +short

Thank u for the info.
My NTP is sad.

johnpoz

@Cleetus-Antony well your never going to sync if you can not resolve anything in the pool name your using.

If you try and resolve that fqdn, what do you get back?

23.09.1-RELEASE][admin@sg4860.home.arpa]/root: dig 0.in.pool.ntp.org

; <<>> DiG 9.18.16 <<>> 0.in.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21553
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;0.in.pool.ntp.org.             IN      A

;; ANSWER SECTION:
0.in.pool.ntp.org.      3600    IN      A       157.245.102.2
0.in.pool.ntp.org.      3600    IN      A       162.159.200.123
0.in.pool.ntp.org.      3600    IN      A       162.159.200.1
0.in.pool.ntp.org.      3600    IN      A       95.216.192.15

;; Query time: 326 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jun 14 07:54:50 CDT 2024
;; MSG SIZE  rcvd: 110

Also you have 2 notifications I see up there the red bell with 2 next too it - those are normally things you should pay attention too, and quite often point out stuff that had an error, etc..

Cleetus Antony

@johnpoz

johnpoz

@Cleetus-Antony ok well its resolving... So that is good.. Odd that ntp doesn't show that, I would think it would show the IPs it resolved and then if couldn't talk to them the reach would just be at zero, etc..

But yours is showing nothing, like it couldn't resolve what IPs are in the pool? Is that maybe a O vs a 0 (zero)?

You could try putting in say one of those IPs directly vs as a pool and see if it shows that IP.. And can it talk to it.. I would then sniff on your wan to validate its sending ntp, and maybe you just don't get an answer?

Gertjan

@Cleetus-Antony

Do you have a PC with a windows OS ? or any OS actually, as every device has a ntp client these days.
Get any of the IP's, and give it to your ntp windows client :

and test it.

Still doesn't work ?
Start checking your upstream 'WAN' (ISP ?) connection. Some one might be filtering upstream.
You don't have any pfSense floating firewall rules, right ?

Cleetus Antony

@Gertjan

I have no additional rules set. All default ones.
Before this ntp, I used pfsense default ntp settings. Stil the issue was same.