I'm attempting to learn NTP buy setting up opnsense as a server and then redirecting all NTP requests to the router.
I've learned a bunch about stratums and pools and ntpdate -q, but I'm having an issue with opnsense syncing.
I'm not 100% sure how troubleshoot further. The network Time status shows "Unreach/Pending".
What I've done so far:
- Successfully pinged 3.north-america.pool.ntp.org from opnsense cli
- Tracerouted 3.north-america.pool.ntp.org to make sure it wasn't going out a vpn
- Successfully queried the same ntp server using ntupdate on opnsense cli
Since the CLI can query, should that lean me to believe my config is the problem? I've googled a bunch and there are many threads, with a multitude of fixes. I tried an outbound NAT rule, but that also did not work.
(https://i.imgur.com/fDqsyAX.png)
Do you have rules set up on your interface to allow Clients to query the OPNsense?
I'm not 100% certain but the fact that a server on my LAN does see the settings (mostly stratum number) that I set in OPNsense, I think they communicate okay.
cwesterfield@bastion:~# ntpdate -q 10.0.1.1
server 10.0.1.1, stratum 5, offset 0.240657, delay 0.02579
26 Sep 21:51:40 ntpdate[32043]: no server suitable for synchronization found
I also realize today That When I use a server to query, the live firewall doesn't show the response. The top part of that log is a debian machine successfully doing a query. I only see the outbound stuff.
Is that expected?
(https://i.imgur.com/PHHAIs1.png)