OPNsense NTP Not Syncing — Servers Reach 0, ntpdate fails

Started by mb19, July 21, 2025, 11:05:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 21, 2025, 11:05:56 AM
Hi everyone,

I'm running into an issue where my OPNsense firewall isn't synchronizing time via NTP, and I can't figure out why.

1. My setup:
- OPNsense version:  25.1.11
- Outbound firewall rules allow UDP/123.
- WAN and LAN traffic is visible for NTP in packet captures.
- DNS works fine and NTP server IPs resolve correctly.

From the shell, I can ping NTP servers:

PING 92.113.12.77 (92.113.12.77): 56 data bytes
64 bytes from 92.113.12.77: icmp_seq=0 ttl=56 time=17.904 ms
64 bytes from 92.113.12.77: icmp_seq=1 ttl=56 time=18.382 ms
--- 92.113.12.77 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss

2. DNS resolution works:

host 0.opnsense.pool.ntp.org

0.opnsense.pool.ntp.org has address 195.95.153.59
0.opnsense.pool.ntp.org has address 212.227.232.46
0.opnsense.pool.ntp.org has address 162.159.200.123
0.opnsense.pool.ntp.org has address 185.134.42.7


3. But ntpdate fails with:

ntpdate -u 92.113.12.77
no server suitable for synchronization found

4. ntpq -pn shows all servers stuck in .INIT. state:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 92.113.12.77    .INIT.          16 u    -  256    0    0.000   +0.000   0.000
 130.206.3.166   .INIT.          16 u    -  256    0    0.000   +0.000   0.000

5. Packet captures on igb0 (LAN) and WAN interfaces show NTP requests and responses coming back from the server, e.g.:

192.168.10.2.58914 > 178.255.228.77.123: NTPv4, Client, length 48
178.255.228.77.123 > 192.168.10.2.58914: NTPv4, Server, length 48

Even though packets are flowing in both directions, OPNsense never syncs time. All NTP servers remain in unreachable (reach = 0) state.

I've already:

- Restarted the NTP daemon (service ntpd restart)
- Tried ntpdate -b, -u, -t, etc.
- Different NTP servers (using their IP addresses directly in case it was a DNS issue)
- Contacted my ISP to ask whether they might be blocking NTP traffic, but I'm still waiting for a response

What else could I check or try? Any help would be greatly appreciated!

I'm still fairly new to all of this, so it's entirely possible I've missed something or misconfigured a step along the way while trying to troubleshoot.

July 21, 2025, 11:52:28 AM #1
The pool addresses and the two servers in your other output do not match. Are you sure you are trying to use public servers?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 21, 2025, 12:22:26 PM #2
Oh you are right, sorry, the post and the examples are a bit confusing.

I've simplified everything now.

With this IP --> 178.215.228.24, which is from 0.es.pool.ntp.org, these are the results:


--> ntpq -pn

 remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 178.215.228.24  .INIT.          16 u    -   64    0    0.000   +0.000   0.000

--> ping 0.es.pool.ntp.org
PING 0.es.pool.ntp.org (178.215.228.24): 56 data bytes
64 bytes from 178.215.228.24: icmp_seq=0 ttl=53 time=33.199 ms
64 bytes from 178.215.228.24: icmp_seq=1 ttl=53 time=33.755 ms



July 21, 2025, 05:42:07 PM #3
Are there any filters upstream (toward the Internet) of your OPNsense machine? Can you sync machines connected in parallel to (if feasible) or through your OPNsense machine?
Print
Go Up Pages1
User actions