MacOS sntp errors

Started by edz, March 06, 2021, 07:45:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 06, 2021, 07:45:50 AM
I'm trying to verify that my MacOS client is connecting to OPNSense for NTP requests but I'm receiving 'Exchange failed: Kiss of death and Exchange failed: Time out" errors.

Checking Apple's time servers, all seems OK:
Code Select
❯ sudo sntp -sS time.apple.com
+0.236213 +/- 0.000137 time.apple.com 17.253.116.253

Now, checking the OPNSense firewall:
Code Select
❯ sudo sntp -sS 192.168.1.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
+0.235124 +/- 0.131470 192.168.1.1 192.168.1.1

Running with the debug flag:
Code Select
sudo sntp -d opnsense.home.lan
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
delay:    00000000.00C62EC6  (bytes)
delay:           0.003024028 (fixed)
delay:           0.003024028 (float)
ipaddr:          192.168.20.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
selected:
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
delay:    00000000.00C62EC6  (bytes)
delay:           0.003024028 (fixed)
delay:           0.003024028 (float)
ipaddr:          192.168.20.1
+0.236886 +/- 0.132248 opnsense.home.lan 192.168.20.1
  gtod:  1615013059.668058
adjust:           0.236885
   set:  1615013059.904943
~

March 08, 2021, 01:55:47 AM #1
OK so the way I resolved this (and cross checking against a previous pfSense install) was to add the below to the Advanced input box to permit my VLANs to query the ntp service. 

Code Select

restrict 192.168.10.0 mask 255.255.255.0

restrict 192.168.20.0 mask 255.255.255.0
Print
Go Up Pages1
User actions