Hello,
I have installed a few time ago my opnsense routerand i have just noticed that the ntp synchronisation is always in error.
In the Network Time / Status all 3 servers stay in 'Unreach/Pending' status.
When i made a try with ntpdate on the router i always get a permission error :
ntpdate -q 0.fr.pool.ntp.org
9 Mar 23:21:30 ntpdate[94426]: sendto(ntp.tuxfamily.net): Permission denied
9 Mar 23:21:30 ntpdate[94426]: sendto(eva.aplu.fr): Permission denied
9 Mar 23:21:31 ntpdate[94426]: sendto(vps-f60b2d25.vps.ovh.net): Permission denied
9 Mar 23:21:31 ntpdate[94426]: sendto(ns3051461.ip-51-255-95.eu): Permission denied
9 Mar 23:21:33 ntpdate[94426]: no server suitable for synchronization found
I have made some researches with G but none of them have produced results.
What i am almost sure that it is not an issue with firewall rules because i can see the requests allowed in the logs.
Neither with the dns : the names are correctly resolved.
Has anyone an idea ?
Thanks in advance
Mins
ntpd will use source and destination ports both 123/UDP. ntpdate -q will use a high port (>1023) as the source IIRC.
Hi patrick
Thanks for this information : it explains why my manual try have failed but i have no clues about the results in the Network Time Status windows :
Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter
Unreach/Pending fr.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Unreach/Pending 0.fr.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Unreach/Pending 1.fr.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
The logs stays on 'Soliciting...'
Date Severity Process Line
2024-03-10T20:23:47 Informational ntpd Soliciting pool server 51.195.104.188
2024-03-10T20:23:42 Informational ntpd Soliciting pool server 185.123.84.51
2024-03-10T20:23:37 Informational ntpd Soliciting pool server 51.210.104.72
2024-03-10T20:22:43 Informational ntpd Soliciting pool server 82.64.42.185
Ping
I can not tell why the statuses are what they are but if you put the defaults back and say only one preferred like an opsnese one, there will eventually be a peer. I'm in the UK, so you might need to check your locale (assuming France). These are mine:
After a few minutes when I go back to status, it shows a peer.
Hi,
Thanks for your help.
I have edited my configuration to accordingly yours. I have transposed the server name to use fr ones.
Can you please post a screen of your ntp status screen ?
Thanks
Mins
sure, as of now:
Thanks for the screen, it has helped.
All the servers from the pool ntp.org are 'unreach/pending' as for me.
But for me, there is no other server in the status list.
I think i have to check my firewall rules to verify if ntp queries are allowed
Have a good day
Mins