ntp: no update anymore

[mossi2000]

Hi,

today I stumbled over the fact that my opnsense did no longer provide the ntp time.
(Configuration of Raspberry Pi OS on a Pi4 fails due to missing synchronized time)

I checked some logs and tried all I could find for 21.1.7....finally upgraded to 22.1, without change.

The last sync seems to have occured on July 31 2021 according to the ntpstats logfile.
Very strange I can ping all the ntp servers, but it seems that any request sent out just doesn't get an answer.

My configuration:
Fibre Router from ISP (CALIX 854-G2), IPv4 and IPv6 enabled (I cannot disable v6), Firewall active, blocking a bunch of incoming traffic.  NTP request to my address are blocked, but outgoing traffic is allowed)
Fixed address an LAN side 192.168.10.10


OpnSense 22.1:  2 Interfaces WAN and LAN.   WAN address 192.168.10.3, LAN address 192.168.100.3
Unbound DNS, DNS over TLS, IPv6 disabled.

NTP server config: 0/1/2.de.pool.ntp.org, Listening on LAN and WAN

Status:

Network Time Protocol Status
Status    Server    Ref ID    Stratum    Type    When    Poll    Reach    Delay    Offset    Jitter
Unreach/Pending    185.242.112.53    .INIT.    16    u    -    512    0    0.000    +0.000    0.000
Unreach/Pending    144.76.81.222    .INIT.    16    u    -    512    0    0.000    +0.000    0.000
Unreach/Pending    193.141.27.1    .INIT.    16    u    -    512    0    0.000    +0.000    0.000





root@OPNsense:~ # ntpdate -d 1.de.pool.ntp.org
 6 Feb 17:38:41 ntpdate[25933]: ntpdate 4.2.8p15@1.3728-o Mon Jan 24 04:11:49 UT                              C 2022 (1)
arp: 00:08:9b:f1:71:16 attempts to modify permanent entry for 192.168.100.42 on                               igb0
transmit(136.243.66.91)
receive(136.243.66.91)
receive: server not found
transmit(65.21.190.104)
receive(65.21.190.104)
receive: server not found
transmit(94.16.114.254)
receive(94.16.114.254)
receive: server not found
transmit(176.9.157.155)
receive(176.9.157.155)
receive: server not found
transmit(136.243.66.91)
transmit(65.21.190.104)
transmit(94.16.114.254)
transmit(176.9.157.155)
transmit(136.243.66.91)
transmit(65.21.190.104)
transmit(94.16.114.254)
transmit(176.9.157.155)
transmit(136.243.66.91)
transmit(65.21.190.104)
transmit(94.16.114.254)
transmit(176.9.157.155)
136.243.66.91: Server dropped: no data
65.21.190.104: Server dropped: no data
94.16.114.254: Server dropped: no data
176.9.157.155: Server dropped: no data

 6 Feb 17:38:50 ntpdate[25933]: no server suitable for synchronization found


ntptime
ntp_gettime() returns code 5 (ERROR)
  time e5aa7875.88488000  Sun, Feb  6 2022 17:40:21.532, (.258532356),
  maximum error 16871500 us, estimated error 16000000 us, TAI offset 0
ntp_adjtime() returns code 5 (ERROR)
  modes 0x0 (),
  offset 0.000 us, frequency 41.412 ppm, interval 4 s,
  maximum error 16871500 us, estimated error 16000000 us,
  status 0x41 (PLL,UNSYNC),
  time constant 3, precision 0.000 us, tolerance 496 ppm,
  pps frequency 41.412 ppm, stability 0.000 ppm, jitter 0.000 us,
  intervals 0, jitter exceeded 0, stability exceeded 0, errors 0.



Firewalls rule: floating
IPv4 TCP/UDP    This Firewall    *    *    123 (NTP)    *    *    NTP traffic for local NTP server
Allowed

PING 0.de.pool.ntp.org (173.249.33.207): 56 data bytes
64 bytes from 173.249.33.207: icmp_seq=0 ttl=54 time=27.121 ms
64 bytes from 173.249.33.207: icmp_seq=1 ttl=54 time=20.731 ms
64 bytes from 173.249.33.207: icmp_seq=2 ttl=54 time=20.546 ms
64 bytes from 173.249.33.207: icmp_seq=3 ttl=54 time=20.928 ms


Mir gehen jetzt die Ideen aus, kennt jemand sowas Blödes?
Und viel wichtiger: eine LÖSUNG. :-)


 

[mossi2000]

Hi,

today after having read
https://forum.opnsense.org/index.php?topic=24124.msg115384#msg115384


I checked the gateway for my WAN interface.
See picture (WAN_GW.JPG)

If it is set like this I have internet access, but NTP service is unable to communicate with any NTP server in internet.

Since I do not have a Multi-WAN config, I switched back to "Automatic".
Good. Services NTP shows connection to time servers and offset and..and....
But - BAD - No more http(s) access to the internet - www.google.com times out...

And vice versa:   Specific GW specified - Internet access works, but ntp service not!

Then I update the Firewall Rule that allowed outgoing ntp traffic from the firewall with
gateway to be the WAN_ROUTER it worked!

Uff. Still do not understand this, but at least it seems to work now!

Axel