I've just updated to 25.1.5_4 and after the reboot the NTP service doesn't start, anybody's seeing a similar behaviour?
I've attached some errors from the log, if it can help.
Tia.
For me this looks like something is broken in the ntpd.conf. Did you add own configuration in Advanced, which had been changed but not loaded prior to the update?
Maybe login with ssh or trough console to the system and have a look into /var/etc/ntpd.conf file to see for anything wrong.
Not sure, do you see something wrong?
root@hush:/var/etc # cat ntpd.conf
#
# Autogenerated configuration file
#
tinker panic 0
# Orphan mode stratum
tos orphan 12
# Max number of associations
tos maxclock 10
# Upstream Servers
pool 0.opnsense.pool.ntp.org maxpoll 9
pool 1.opnsense.pool.ntp.org maxpoll 9
pool 2.opnsense.pool.ntp.org maxpoll 9
pool 3.opnsense.pool.ntp.org maxpoll 9
statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict source kod limited nomodify noquery notrap
restrict default kod limited nomodify noquery notrap nopeer
restrict -6 default kod limited nomodify noquery notrap nopeer
restrict 127.0.0.1 kod limited nomodify notrap nopeer
restrict ::1 kod limited nomodify notrap nopeer
I'm seeing this also on 25.1.5_5.
NTPd is consistently failing to start after rebooting OPNsense. There is a bind error specifically on the IPv6 WAN GUA:
Services -> Network Time -> Log File:
2025-04-26T02:42:13-04:00 Error ntpd daemon child died with signal 11
2025-04-26T02:42:13-04:00 Error ntpd unable to create socket on igc1 (4) for [26xx:xx:xxxx:1710:xxxx:xxxx:xxxx:xxxx]:123
2025-04-26T02:42:13-04:00 Error ntpd bind(24) AF_INET6 [26xx:xx:xxxx:1710:xxxx:xxxx:xxxx:xxxx]:123 flags 0x11 failed: Can't assign requested address
2025-04-26T02:42:13-04:00 Notice ntpd ----------------------------------------------------
System -> Log Files -> General:
2025-04-26T02:42:14-04:00 Notice kernel <6>pid 67623 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
2025-04-26T02:42:13-04:00 Error opnsense /usr/local/sbin/pluginctl: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'
If I change the service settings to listen only on internal interfaces instead of "All" (in other words, excluding WAN) then it starts.
Quote from: hushcoden on April 15, 2025, 05:22:28 PMNot sure, do you see something wrong?
Looks good, mine are the same.
Could it be, that e.g. the link is not up (and has an IP) until ntpd is starting?
Do you have static IP address on the WAN and configured on the interface? Or are they dynamic or assigned from ISP when the WAN gets initialized?
I am thinking along the line that this could be a timing issue during startup and interfaces may not yet have IP addresses assigned.
Problems like these often arise when you explicitly specify an interface or its address. There is a difference between "ALL" interfaces (i.e. explictly listing them all) and "ALL (recommended", which means specifying no interfaces at all, binding to 0.0.0.0 or ::, which even extends to interfaces created after the binding.
Quote from: meyergru on April 26, 2025, 04:11:18 PMThere is a difference between "ALL" interfaces (i.e. explictly listing them all) and "ALL (recommended", which means specifying no interfaces at all, binding to 0.0.0.0 or ::, which even extends to interfaces created after the binding.
Problem is, the issue started happening with the OPNsense defaults "All (recommended)". I had never changed this value until now, for testing this issue.
And like OPNenthu, I never changed the default settings... anyways, it's now fixed, but frankly I don't know if it's because of the few times I did reboot the appliance or the crowdsec plugin which I had to remove and to reinstall or something else, thanks.
Something's still broken on my end. Without restarting OPNsense, I just set the NTPd listen interfaces back to the default "All (recommended)" and it crashed the service.
2025-04-28T08:11:08-04:00 Notice kernel <6>pid 37698 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
2025-04-28T08:11:08-04:00 Error config /services_ntpd.php: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'
2025-04-28T08:11:08-04:00 Error ntpd daemon child died with signal 11
2025-04-28T08:11:08-04:00 Error ntpd unable to create socket on igc1 (4) for [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123
2025-04-28T08:11:08-04:00 Error ntpd bind(24) AF_INET6 [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123 flags 0x11 failed: Can't assign requested address
2025-04-28T08:11:08-04:00 Notice ntpd ----------------------------------------------------
2025-04-28T08:11:08-04:00 Notice ntpd available at https://www.nwtime.org/support
2025-04-28T08:11:08-04:00 Notice ntpd corporation. Support and training for ntp-4 are
2025-04-28T08:11:08-04:00 Notice ntpd Inc. (NTF), a non-profit 501(c)(3) public-benefit
2025-04-28T08:11:08-04:00 Notice ntpd ntp-4 is maintained by Network Time Foundation,
2025-04-28T08:11:08-04:00 Notice ntpd ----------------------------------------------------
2025-04-28T08:11:08-04:00 Notice ntpd Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf
2025-04-28T08:11:08-04:00 Notice ntpd ntpd 4.2.8p18@1.4062-o Tue Feb 25 03:59:23 UTC 2025 (1): Starting
2025-04-28T08:11:08-04:00 Notice ntpd ntpd exiting on signal 15 (Terminated)
That is indeed my WAN GUA that it's trying to bind to.
/var/etc/ntpd.conf:
#
# Autogenerated configuration file
#
tinker panic 0
# Orphan mode stratum
tos orphan 12
# Max number of associations
tos maxclock 10
# Upstream Servers
pool 0.opnsense.pool.ntp.org maxpoll 9 prefer
pool 1.opnsense.pool.ntp.org maxpoll 9
pool 2.opnsense.pool.ntp.org maxpoll 9
pool 3.opnsense.pool.ntp.org maxpoll 9
statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict source kod limited nomodify noquery notrap
restrict default kod limited nomodify noquery notrap nopeer
restrict -6 default kod limited nomodify noquery notrap nopeer
restrict 127.0.0.1 kod limited nomodify notrap nopeer
restrict ::1 kod limited nomodify notrap nopeer
I don't see anything holding onto port :123 in 'sockstat':
root@firewall:~ # sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
xxxx sshd-sessi 27651 4 tcp4 192.168.1.1:22 192.168.30.2:56190
root sshd-sessi 27102 4 tcp4 192.168.1.1:22 192.168.30.2:56190
www caddy 94797 6 tcp46 *:8443 *:*
www caddy 94797 7 tcp4 127.0.0.1:25957 127.0.0.1:57487
www caddy 94797 8 tcp46 *:8080 *:*
_flowd flowd 68860 3 udp4 127.0.0.1:2056 *:*
root mdns-repea 64656 3 udp4 *:5353 *:*
root mdns-repea 64656 4 udp4 192.168.20.1:5353 *:*
root mdns-repea 64656 6 udp4 192.168.30.1:5353 *:*
root mdns-repea 64656 7 udp4 192.168.40.1:5353 *:*
nobody samplicate 78399 3 udp4 127.0.0.1:2055 *:*
nobody samplicate 78399 4 udp4 *:47759 *:*
unbound unbound 82773 7 udp4 *:53 *:*
unbound unbound 82773 8 tcp4 *:53 *:*
unbound unbound 82773 11 udp4 *:53 *:*
unbound unbound 82773 12 tcp4 *:53 *:*
unbound unbound 82773 15 udp4 *:53 *:*
unbound unbound 82773 16 tcp4 *:53 *:*
unbound unbound 82773 19 udp4 *:53 *:*
unbound unbound 82773 20 tcp4 *:53 *:*
unbound unbound 82773 21 tcp4 127.0.0.1:953 *:*
dhcpd dhcpd 15017 15 udp4 *:67 *:*
root lighttpd 93421 7 tcp4 *:443 *:*
root sshd 90847 8 tcp4 *:22 *:*
? ? ? ? udp4 127.0.0.1:9449 127.0.0.1:2055
? ? ? ? tcp4 127.0.0.1:57487 127.0.0.1:25957
? ? ? ? udp4 127.0.0.1:2019 127.0.0.1:2055
? ? ? ? udp4 127.0.0.1:62266 127.0.0.1:2055
? ? ? ? udp4 127.0.0.1:12223 127.0.0.1:2055
? ? ? ? udp4 127.0.0.1:29479 127.0.0.1:2055
? ? ? ? udp4 127.0.0.1:60190 127.0.0.1:2055
? ? ? ? udp4 *:51820 *:*
? ? ? ? udp4 127.0.0.1:56168 127.0.0.1:2055
root@firewall:~ # sockstat -6
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
www caddy 94797 6 tcp46 *:8443 *:*
www caddy 94797 8 tcp46 *:8080 *:*
unbound unbound 82773 5 udp6 *:53 *:*
unbound unbound 82773 6 tcp6 *:53 *:*
unbound unbound 82773 9 udp6 *:53 *:*
unbound unbound 82773 10 tcp6 *:53 *:*
unbound unbound 82773 13 udp6 *:53 *:*
unbound unbound 82773 14 tcp6 *:53 *:*
unbound unbound 82773 17 udp6 *:53 *:*
unbound unbound 82773 18 tcp6 *:53 *:*
root lighttpd 93421 8 tcp6 *:443 *:*
root sshd 90847 7 tcp6 *:22 *:*
root dhcp6c 77259 6 udp6 *:546 *:*
? ? ? ? udp6 *:51820 *:*
<6>pid 37698 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
What is your Memory utilization and SWAP utilization?
Regards,
S.
Quote from: Seimus on April 28, 2025, 03:26:23 PMWhat is your Memory utilization and SWAP utilization?
root@firewall:~ # dmesg | grep memory
pci0: <memory, RAM> at device 20.2 (no driver attached)
nvme0: Allocated 64MB host memory buffer
real memory = 8589934592 (8192 MB)
avail memory = 8103890944 (7728 MB)
from 'top':
last pid: 44027; load averages: 0.39, 0.25, 0.19 up 1+00:55:13 09:38:59
92 processes: 1 running, 91 sleeping
CPU: 5.3% user, 0.0% nice, 2.8% system, 0.0% interrupt, 91.9% idle
Mem: 263M Active, 1006M Inact, 2244M Wired, 56K Buf, 4231M Free
ARC: 1376M Total, 226M MFU, 954M MRU, 15M Anon, 23M Header, 155M Other
1067M Compressed, 2666M Uncompressed, 2.50:1 Ratio
Swap: 8192M Total, 8192M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
35886 root 1 20 0 62M 38M accept 0 0:00 2.04% php-cgi
351 root 1 68 0 126M 61M accept 0 3:11 1.58% python3.11
55533 root 1 20 0 61M 37M accept 0 0:01 0.66% php-cgi
25671 root 1 20 0 60M 36M accept 2 0:01 0.47% php-cgi
92499 root 1 20 0 60M 37M accept 3 0:01 0.46% php-cgi
59950 root 1 20 0 61M 37M accept 2 0:01 0.41% php-cgi
52422 root 1 20 0 75M 49M nanslp 0 7:51 0.35% php
38035 root 1 20 0 15M 3792K CPU1 1 0:00 0.32% top
14148 root 4 20 0 49M 15M kqread 3 0:39 0.15% syslog-ng
93421 root 1 20 0 23M 10M kqread 0 0:23 0.10% lighttpd
...
I recently received a replacement from my router manufacturer (same exact model/spec). I just transplanted the NVMe boot disk to the replacement system. Is that an OK thing to do?
I figure it's functionally the same as installing from scratch & then importing the config.
That looks okay,
You are using NTP as well with IPv6?
This message says that the daemon is not able top bind a socket to that IPv6 IP on the igc1 interface, is this directly from the log or you did replace it with xxxx?
Does the IPv6 Exists on the OPN? And on that specific interface?
2025-04-28T08:11:08-04:00 Error ntpd unable to create socket on igc1 (4) for [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123
2025-04-28T08:11:08-04:00 Error ntpd bind(24) AF_INET6 [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123 flags 0x11 failed: Can't assign requested address
Quote from: Seimus on April 28, 2025, 03:56:10 PMYou are using NTP as well with IPv6?
I think OPNsense does by default? I don't recall trying to change that.
QuoteDoes the IPv6 Exists on the OPN? And on that specific interface?
Yeah it's there. igc1 is my WAN interface. I replaced with x's to mask my IP.
WAN.png
A fresh install with config re-import did the trick. Back in business.