My time is about 9 minutes off -- compared to two other professionally (more than me at least) managed networks.
The default opnsense pool reported in the logs DNS resolution failure
Error ntpd error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (8)
so I added pool.ntp.org ans us.pool.ntp.org and I'm still seeing status like below.
I do see this and many more servers in the list -- is the "Unreach/Pending" just a side effect of not being in sync?
Although the offset column shows I'm not as far off as it really is ...
I'd really like my gateway to sync up and provide NTP for the local networks ...
Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter
Unreach/Pending us.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Unreach/Pending opnsense.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Unreach/Pending 134.215.155.177 216.239.35.0 2 u 14 64 7 48.304 +1.936 0.174
Unreach/Pending 158.51.99.19 17.253.26.125 3 u 16 64 7 42.716 +0.857 0.319
Unreach/Pending 72.14.183.239 45.79.1.70 3 u 13 64 7 16.266 +0.373 0.067
Unreach/Pending 74.208.25.46 198.46.254.130 3 u 13 64 7 36.483 +5.648 2.497
It takes 'em a bit to sync.
An additional option: time.cloudflare.com. Pool server quality varies, so I like to have a potentially unrelated carrier option.
There's definitely a DNS issue to look into because the default pools do resolve.
C:\>nslookup 1.opnsense.pool.ntp.org
Server: UnKnown
Address: 192.168.30.1
Non-authoritative answer:
Name: 1.opnsense.pool.ntp.org
Addresses: 198.137.202.56
212.227.240.160
167.248.62.201
23.186.168.127
As pfry said it takes some time, but you should eventually get some peers.
How long does it take to sync up? Still almost 10 minutes out from local cell tower service time and internal time service from where I work.
Network Time Protocol Status
Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter
Unreach/Pending us.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Unreach/Pending opnsense.pool.ntp.org .POOL. 16 p - 64 0 0.000 +0.000 0.000
Outlier 134.215.155.177 216.239.35.0 2 u 410 512 377 47.497 +3.974 1.502
Outlier 158.51.99.19 17.253.26.125 3 u 302 512 377 41.426 +1.647 1.390
Outlier 72.14.183.239 127.67.113.92 2 u 42 512 377 16.133 +2.344 2.951
Candidate 108.61.215.221 162.159.200.1 4 u 511 512 377 22.939 +3.755 0.809
Candidate 192.155.94.72 132.163.96.2 2 u 33 512 377 24.175 +4.978 1.317
Outlier 62.72.0.70 209.151.225.100 3 u 163 512 377 50.970 -0.212 4.214
Active Peer 45.79.111.114 127.67.113.92 2 u 258 512 377 56.906 +2.950 1.572
Candidate 72.14.183.39 80.72.67.48 3 u 413 512 377 16.710 +3.197 2.877
Candidate 162.159.200.1 10.162.8.47 3 u 168 512 377 10.624 +2.746 5.546
If you mean that your OPNsense box itself is out of sync, then I'm out of ideas. It looks like it should be syncing based on your log. Check for any additional errors under Services->Network Time->Log File.
If you mean that your network clients are out of sync, then one thing to keep in mind is that they don't automatically take their time from OPNsense. You have to manually configure each client to use your OPNsense IP as the time server if that's your goal. You can also configure your DHCP options to offer your OPNsense IP as the time server, but clients are not required to use that, IIRC. Most operating systems are pre-configured to use some public time server. For example Windows clients use 'time.windows.com' unless you explicitly change it. (BTW, it's possible that whatever your clients are using could be failing to resolve in DNS or getting blocked by firewall rules.)
I know from my experience that if the clock drift is too far out (say >5 minutes) the system will not sync. In that instance you will need to manually set the time; then allow the NTP system to keep itself in-sync with the Stratum server(s) of choice.
I'd say that you should set the time to within a minute, and then see if sync is happening and it corrects.
You could also resolve one of those time sources and sync via it's IP address. All my stuff syncs to a local GNSS server that I have, makes life easier.