OPNsense Forum
English Forums => General Discussion => Topic started by: thereaper on January 24, 2024, 06:32:48 am
-
My router forgets date-time if it gets shut down. I believe its either incompatibility of RTC clock hardware with FreeBSD (OS not updating RTC clock) or battery (just replaced it :) or just my luck.
To set date back to correct one, I need to ssh into the box and issue "date" command.
It would be nice to set date and time using GUI. Thanks! And it is a great project!
PS: Box is Lenovo M73 (10AX) micro PC with added 2nd Eth card.
-
Do you have NTP enabled?
-
Do you have NTP enabled?
Yes. But it is a cascading failure.
- Box boots with date 01-01-2012.
- NTP starts and tries to DNS resolve configured servers
- DNS requests go to Unbound, who tries to connect to upstream DNS servers using DoT (DNS over TLS)
- Unbound fails to connect due to TLS error - difference between 2012 and 2024 years.
-
NTP servers rarely change IP addresses - use addresses instead of DNS names.
-
NTP servers rarely change IP addresses - use addresses instead of DNS names.
Good advice, but it is a step away from default OPNsense configuration. I still think ability to set date time in GUI is good feature.
-
It is. I still let my recommendation stand - you should adapt your NTP configuration to use local servers, e.g. provided by your ISP. E.g. I use the official german time source by PTB (Physikalisch-Technische Bundesanstalt) everywhere. They have four public servers with both IPv4 and IPv6 addresses.
-
Sorry for hijacking,
But I wanted to ask Patrick
It is. I still let my recommendation stand - you should adapt your NTP configuration to use local servers, e.g. provided by your ISP. E.g. I use the official german time source by PTB (Physikalisch-Technische Bundesanstalt) everywhere. They have four public servers with both IPv4 and IPv6 addresses.
By "everywhere" do you as well push dhcp option 42 to your host on the network? Having them set and use those specific NTP servers you mentioned?
Regards,
S.
-
No - I push the OPNsense firewall as the NTP server to all local clients. Or configure my pair of data centre NTP servers via Ansible.
PTB offer free public service but kindly request that you do not point client systems at their servers but just your local NTP servers for your network.
I have about a dozen NTP servers in various locations that use the PTB as their upstream time source. That's what I meant by "everywhere".
-
I see,
Many thanks Patrick.
Regards,
S.
-
Yes. But it is a cascading failure.
- Box boots with date 01-01-2012
Do you have a hardware defect ? You could simply solve it by changing a battery:
https://www.duracell.com/en-us/products/lithium-coin-batteries/
-
Do you have a hardware defect ? You could simply solve it by changing a battery:
https://www.duracell.com/en-us/products/lithium-coin-batteries/
I don't see Duracell batteries in FreeBSD supported hardware list, not sure it is compatible... :)
-
My router forgets date-time if it gets shut down. I believe its either incompatibility of RTC clock hardware with FreeBSD (OS not updating RTC clock) or battery (just replaced it :) or just my luck.
To set date back to correct one, I need to ssh into the box and issue "date" command.
It would be nice to set date and time using GUI. Thanks! And it is a great project!
PS: Box is Lenovo M73 (10AX) micro PC with added 2nd Eth card.
It's more likely that your battery isn't good despite just being replaced. I would want to solve that as I assume you're losing your BIOS settings as well which could cause the machine not to boot.
Yes. But it is a cascading failure.
- Box boots with date 01-01-2012.
- NTP starts and tries to DNS resolve configured servers
- DNS requests go to Unbound, who tries to connect to upstream DNS servers using DoT (DNS over TLS)
- Unbound fails to connect due to TLS error - difference between 2012 and 2024 years.
You can configure OPNsense to use the same DNS servers but without DoT while having Unbound stay the same. That would allow it to start and resolve the NTP servers. Two other alternatives are configuring a GPS receiver or another machine as a source. You can set the other machine to be a lower strata so that once DoT works then you'll switch back to online servers.
Also, IIRC, the NTP server doesn't like it when the difference is too large. You might want to look into using chrony instead.
By "everywhere" do you as well push dhcp option 42 to your host on the network? Having them set and use those specific NTP servers you mentioned?
I have never gotten this to work. AFAICT, nothing respects the DHCP NTP option out of the box. If you want to use it you have to configure each machine to do so. I found it easier to just forward the NTP port to OPNsense.