NTP service not starting

Started by hushcoden, April 13, 2025, 10:38:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 13, 2025, 10:38:24 AM
I've just updated to 25.1.5_4 and after the reboot the NTP service doesn't start, anybody's seeing a similar behaviour?

I've attached some errors from the log, if it can help.

Tia.
April 15, 2025, 03:09:22 PM #1
For me this looks like something is broken in the ntpd.conf. Did you add own configuration in Advanced, which had been changed but not loaded prior to the update?

Maybe login with ssh or trough console to the system and have a look into /var/etc/ntpd.conf file to see for anything wrong.
April 15, 2025, 05:22:28 PM #2
Not sure, do you see something wrong?

Code Select
root@hush:/var/etc # cat ntpd.conf

#
# Autogenerated configuration file
#

tinker panic 0
# Orphan mode stratum
tos orphan 12
# Max number of associations
tos maxclock 10


# Upstream Servers
pool 0.opnsense.pool.ntp.org maxpoll 9
pool 1.opnsense.pool.ntp.org maxpoll 9
pool 2.opnsense.pool.ntp.org maxpoll 9
pool 3.opnsense.pool.ntp.org maxpoll 9


statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict source  kod limited nomodify noquery notrap
restrict default  kod limited nomodify noquery notrap nopeer
restrict -6 default  kod limited nomodify noquery notrap nopeer
restrict 127.0.0.1  kod limited nomodify notrap nopeer
restrict ::1  kod limited nomodify notrap nopeer
April 26, 2025, 08:57:33 AM #3 Last Edit: April 26, 2025, 09:02:30 AM by OPNenthu
I'm seeing this also on 25.1.5_5. 

NTPd is consistently failing to start after rebooting OPNsense.  There is a bind error specifically on the IPv6 WAN GUA:

Services -> Network Time -> Log File:

Code Select
2025-04-26T02:42:13-04:00 Error ntpd daemon child died with signal 11
2025-04-26T02:42:13-04:00 Error ntpd unable to create socket on igc1 (4) for [26xx:xx:xxxx:1710:xxxx:xxxx:xxxx:xxxx]:123
2025-04-26T02:42:13-04:00 Error ntpd bind(24) AF_INET6 [26xx:xx:xxxx:1710:xxxx:xxxx:xxxx:xxxx]:123 flags 0x11 failed: Can't assign requested address
2025-04-26T02:42:13-04:00 Notice ntpd ----------------------------------------------------


System -> Log Files -> General:

Code Select
2025-04-26T02:42:14-04:00 Notice kernel <6>pid 67623 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
2025-04-26T02:42:13-04:00 Error opnsense /usr/local/sbin/pluginctl: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'

If I change the service settings to listen only on internal interfaces instead of "All" (in other words, excluding WAN) then it starts.



"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 26, 2025, 03:07:32 PM #4
Quote from: hushcoden on April 15, 2025, 05:22:28 PMNot sure, do you see something wrong?

Looks good, mine are the same.

Could it be, that e.g. the link is not up (and has an IP) until ntpd is starting?

Do you have static IP address on the WAN and configured on the interface? Or are they dynamic or assigned from ISP when the WAN gets initialized?

I am thinking along the line that this could be a timing issue during startup and interfaces may not yet have IP addresses assigned.
April 26, 2025, 04:11:18 PM #5
Problems like these often arise when you explicitly specify an interface or its address. There is a difference between "ALL" interfaces (i.e. explictly listing them all) and "ALL (recommended", which means specifying no interfaces at all, binding to 0.0.0.0 or ::, which even extends to interfaces created after the binding.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
April 27, 2025, 07:43:40 PM #6
Quote from: meyergru on April 26, 2025, 04:11:18 PMThere is a difference between "ALL" interfaces (i.e. explictly listing them all) and "ALL (recommended", which means specifying no interfaces at all, binding to 0.0.0.0 or ::, which even extends to interfaces created after the binding.

Problem is, the issue started happening with the OPNsense defaults "All (recommended)".  I had never changed this value until now, for testing this issue.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 28, 2025, 01:04:11 PM #7 Last Edit: April 28, 2025, 01:05:49 PM by hushcoden
And like OPNenthu, I never changed the default settings... anyways, it's now fixed, but frankly I don't know if it's because of the few times I did reboot the appliance or the crowdsec plugin which I had to remove and to reinstall or something else, thanks.
April 28, 2025, 02:36:55 PM #8
Something's still broken on my end.  Without restarting OPNsense, I just set the NTPd listen interfaces back to the default "All (recommended)" and it crashed the service.

Code Select
2025-04-28T08:11:08-04:00    Notice    kernel    <6>pid 37698 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)   
2025-04-28T08:11:08-04:00    Error    config    /services_ntpd.php: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '70', the output was 'daemon control: got EOF'

Code Select
2025-04-28T08:11:08-04:00    Error    ntpd    daemon child died with signal 11   
2025-04-28T08:11:08-04:00    Error    ntpd    unable to create socket on igc1 (4) for [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123   
2025-04-28T08:11:08-04:00    Error    ntpd    bind(24) AF_INET6 [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123 flags 0x11 failed: Can't assign requested address   
2025-04-28T08:11:08-04:00    Notice    ntpd    ----------------------------------------------------   
2025-04-28T08:11:08-04:00    Notice    ntpd    available at https://www.nwtime.org/support   
2025-04-28T08:11:08-04:00    Notice    ntpd    corporation. Support and training for ntp-4 are   
2025-04-28T08:11:08-04:00    Notice    ntpd    Inc. (NTF), a non-profit 501(c)(3) public-benefit   
2025-04-28T08:11:08-04:00    Notice    ntpd    ntp-4 is maintained by Network Time Foundation,   
2025-04-28T08:11:08-04:00    Notice    ntpd    ----------------------------------------------------   
2025-04-28T08:11:08-04:00    Notice    ntpd    Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf   
2025-04-28T08:11:08-04:00    Notice    ntpd    ntpd 4.2.8p18@1.4062-o Tue Feb 25 03:59:23 UTC 2025 (1): Starting   
2025-04-28T08:11:08-04:00    Notice    ntpd    ntpd exiting on signal 15 (Terminated)

That is indeed my WAN GUA that it's trying to bind to.

/var/etc/ntpd.conf:

Code Select
#
# Autogenerated configuration file
#

tinker panic 0
# Orphan mode stratum
tos orphan 12
# Max number of associations
tos maxclock 10


# Upstream Servers
pool 0.opnsense.pool.ntp.org maxpoll 9 prefer
pool 1.opnsense.pool.ntp.org maxpoll 9
pool 2.opnsense.pool.ntp.org maxpoll 9
pool 3.opnsense.pool.ntp.org maxpoll 9


statsdir /var/log/ntp
logconfig =syncall +clockall
driftfile /var/db/ntpd.drift
restrict source  kod limited nomodify noquery notrap
restrict default  kod limited nomodify noquery notrap nopeer
restrict -6 default  kod limited nomodify noquery notrap nopeer
restrict 127.0.0.1  kod limited nomodify notrap nopeer
restrict ::1  kod limited nomodify notrap nopeer

I don't see anything holding onto port :123 in 'sockstat':

Code Select
root@firewall:~ # sockstat -4
USER     COMMAND    PID   FD  PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
xxxx     sshd-sessi 27651 4   tcp4   192.168.1.1:22        192.168.30.2:56190
root     sshd-sessi 27102 4   tcp4   192.168.1.1:22        192.168.30.2:56190
www      caddy      94797 6   tcp46  *:8443                *:*
www      caddy      94797 7   tcp4   127.0.0.1:25957       127.0.0.1:57487
www      caddy      94797 8   tcp46  *:8080                *:*
_flowd   flowd      68860 3   udp4   127.0.0.1:2056        *:*
root     mdns-repea 64656 3   udp4   *:5353                *:*
root     mdns-repea 64656 4   udp4   192.168.20.1:5353     *:*
root     mdns-repea 64656 6   udp4   192.168.30.1:5353     *:*
root     mdns-repea 64656 7   udp4   192.168.40.1:5353     *:*
nobody   samplicate 78399 3   udp4   127.0.0.1:2055        *:*
nobody   samplicate 78399 4   udp4   *:47759               *:*
unbound  unbound    82773 7   udp4   *:53                  *:*
unbound  unbound    82773 8   tcp4   *:53                  *:*
unbound  unbound    82773 11  udp4   *:53                  *:*
unbound  unbound    82773 12  tcp4   *:53                  *:*
unbound  unbound    82773 15  udp4   *:53                  *:*
unbound  unbound    82773 16  tcp4   *:53                  *:*
unbound  unbound    82773 19  udp4   *:53                  *:*
unbound  unbound    82773 20  tcp4   *:53                  *:*
unbound  unbound    82773 21  tcp4   127.0.0.1:953         *:*
dhcpd    dhcpd      15017 15  udp4   *:67                  *:*
root     lighttpd   93421 7   tcp4   *:443                 *:*
root     sshd       90847 8   tcp4   *:22                  *:*
?        ?          ?     ?   udp4   127.0.0.1:9449        127.0.0.1:2055
?        ?          ?     ?   tcp4   127.0.0.1:57487       127.0.0.1:25957
?        ?          ?     ?   udp4   127.0.0.1:2019        127.0.0.1:2055
?        ?          ?     ?   udp4   127.0.0.1:62266       127.0.0.1:2055
?        ?          ?     ?   udp4   127.0.0.1:12223       127.0.0.1:2055
?        ?          ?     ?   udp4   127.0.0.1:29479       127.0.0.1:2055
?        ?          ?     ?   udp4   127.0.0.1:60190       127.0.0.1:2055
?        ?          ?     ?   udp4   *:51820               *:*
?        ?          ?     ?   udp4   127.0.0.1:56168       127.0.0.1:2055

Code Select
root@firewall:~ # sockstat -6
USER     COMMAND    PID   FD  PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      caddy      94797 6   tcp46  *:8443                *:*
www      caddy      94797 8   tcp46  *:8080                *:*
unbound  unbound    82773 5   udp6   *:53                  *:*
unbound  unbound    82773 6   tcp6   *:53                  *:*
unbound  unbound    82773 9   udp6   *:53                  *:*
unbound  unbound    82773 10  tcp6   *:53                  *:*
unbound  unbound    82773 13  udp6   *:53                  *:*
unbound  unbound    82773 14  tcp6   *:53                  *:*
unbound  unbound    82773 17  udp6   *:53                  *:*
unbound  unbound    82773 18  tcp6   *:53                  *:*
root     lighttpd   93421 8   tcp6   *:443                 *:*
root     sshd       90847 7   tcp6   *:22                  *:*
root     dhcp6c     77259 6   udp6   *:546                 *:*
?        ?          ?     ?   udp6   *:51820               *:*
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 28, 2025, 03:26:23 PM #9
Code Select
<6>pid 37698 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)   
What is your Memory utilization and SWAP utilization?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
April 28, 2025, 03:45:03 PM #10
Quote from: Seimus on April 28, 2025, 03:26:23 PMWhat is your Memory utilization and SWAP utilization?

Code Select
root@firewall:~ # dmesg | grep memory
pci0: <memory, RAM> at device 20.2 (no driver attached)
nvme0: Allocated 64MB host memory buffer
real memory  = 8589934592 (8192 MB)
avail memory = 8103890944 (7728 MB)

from 'top':

Code Select
last pid: 44027;  load averages:  0.39,  0.25,  0.19                                                                                                                                                                                                                                                 up 1+00:55:13  09:38:59
92 processes:  1 running, 91 sleeping
CPU:  5.3% user,  0.0% nice,  2.8% system,  0.0% interrupt, 91.9% idle
Mem: 263M Active, 1006M Inact, 2244M Wired, 56K Buf, 4231M Free
ARC: 1376M Total, 226M MFU, 954M MRU, 15M Anon, 23M Header, 155M Other
     1067M Compressed, 2666M Uncompressed, 2.50:1 Ratio
Swap: 8192M Total, 8192M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
35886 root          1  20    0    62M    38M accept   0   0:00   2.04% php-cgi
  351 root          1  68    0   126M    61M accept   0   3:11   1.58% python3.11
55533 root          1  20    0    61M    37M accept   0   0:01   0.66% php-cgi
25671 root          1  20    0    60M    36M accept   2   0:01   0.47% php-cgi
92499 root          1  20    0    60M    37M accept   3   0:01   0.46% php-cgi
59950 root          1  20    0    61M    37M accept   2   0:01   0.41% php-cgi
52422 root          1  20    0    75M    49M nanslp   0   7:51   0.35% php
38035 root          1  20    0    15M  3792K CPU1     1   0:00   0.32% top
14148 root          4  20    0    49M    15M kqread   3   0:39   0.15% syslog-ng
93421 root          1  20    0    23M    10M kqread   0   0:23   0.10% lighttpd
...
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 28, 2025, 03:51:06 PM #11 Last Edit: April 28, 2025, 03:53:01 PM by OPNenthu
I recently received a replacement from my router manufacturer (same exact model/spec).  I just transplanted the NVMe boot disk to the replacement system.  Is that an OK thing to do?

I figure it's functionally the same as installing from scratch & then importing the config.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 28, 2025, 03:56:10 PM #12
That looks okay,

You are using NTP as well with IPv6?

This message says that the daemon is not able top bind a socket to that IPv6 IP on the igc1 interface, is this directly from the log or you did replace it with xxxx?
Does the IPv6 Exists on the OPN? And on that specific interface?

Code Select
2025-04-28T08:11:08-04:00    Error    ntpd    unable to create socket on igc1 (4) for [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123   
2025-04-28T08:11:08-04:00    Error    ntpd    bind(24) AF_INET6 [2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:21fb]:123 flags 0x11 failed: Can't assign requested address
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
April 28, 2025, 04:04:50 PM #13
Quote from: Seimus on April 28, 2025, 03:56:10 PMYou are using NTP as well with IPv6?

I think OPNsense does by default?  I don't recall trying to change that.

QuoteDoes the IPv6 Exists on the OPN? And on that specific interface?

Yeah it's there.  igc1 is my WAN interface.  I replaced with x's to mask my IP.

You cannot view this attachment.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
April 28, 2025, 10:16:04 PM #14
A fresh install with config re-import did the trick.  Back in business.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE i226-v
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE i210
Print
Go Up Pages1
User actions