Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: LorneMalvo on October 24, 2025, 12:52:40 PM

Title: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on October 24, 2025, 12:52:40 PM
Hi,
I didn't notice, but for a long time ago my devices can't communicate with NTP servers.

I've checked OPNSense NTP service status and is working fine with multiple external NTP servers.

I've tried to config my OPNSense as main NTP Servers on my network device but again, can't communicate with NTP Server.

I've checked 123 traffic on Firewall live log but i can't see nothing. What I'm missing?

My Firewall does have NTP connection outside my net, but my network not. Clearly is firewall rules issue, how to address it with safe aproach in mind?

Thank you very much.

Title: Re: Unable to syncronize NTP hour on network devices.
Post by: pfry on October 24, 2025, 03:49:39 PM
The firewall itself has an automatic outbound rule that (unless masked) allows it to communicate... on any port, actually. For inbound, you need an appropriate inbound pass rule that covers NTP.

To check logs, logging must be enabled for the rules you wish to observe. Logging for the automatic rules is located in "Firewall: Settings: Advanced" -> "Logging".
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on October 24, 2025, 04:59:51 PM
These are my autom. LAN rules:

(https://i.imgur.com/BFNqJ2m.png)

These are my autom. WAN rules:

(https://i.imgur.com/hqUm6G7.png)

Is there anything suspicius?

Thanks.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: Patrick M. Hausen on October 24, 2025, 06:06:22 PM
You need a manual LAN rule:

Source: LAN net
Destination LAN address or This Firewall
UDP/123
Allow
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on December 01, 2025, 06:27:23 PM
Hi Patrick.
Thank you very much for your answer.

I've tried the following rule in LAN, but isn't working:

(https://i.imgur.com/NeRk5zz.png)

What I'm doing wrong? I've checked live logs and I can see WAN NTP logs working, but nothing about LAN.. Enable Logging on rule is marked.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: Patrick M. Hausen on December 01, 2025, 06:35:51 PM
I cannot see anything. If you posted a picture please attach to the forum post. I block so called image hosting sites.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on December 01, 2025, 06:48:08 PM
Here you have.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: Patrick M. Hausen on December 01, 2025, 06:50:06 PM
Change the source port to any/* for client devices. 123 is for ntpd to ntpd communication.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on December 02, 2025, 12:44:10 PM
Hello,
Changes done. But problem persist, opnsense itself is getting NTP hour, but not LAN clients.

See attached rule, I think it's OK.



Title: Re: Unable to syncronize NTP hour on network devices.
Post by: Patrick M. Hausen on December 02, 2025, 12:49:53 PM
What OS are your clients? Do you have a Linux system? If yes, try

Code Select
ntpdate -q <ip of opnsense>
please.
Title: Re: Unable to syncronize NTP hour on network devices.
Post by: LorneMalvo on December 02, 2025, 01:19:14 PM
My OS are Windows 11. Network time services running, checked on 2 different computers. Checked logs, and they say problems related to network connection.

For trying something different, just downloaded open source NTP client compatible with windows and boom, working fine.. With non native Windows NTP client everything is working perfectly. Even with Firewall rule disabled. It must be a Windows 11 bug.

I'll use this open source client for now. Trully don't trust Windwos 11 stability.

Thank you very much for your kind assistance and all your advice. I'm sorry you lost time on this.
Text only | Text with Images