NTP update not working well

softfoot1 · 3 October 2020 22:31

Hi, I have setup Ipfire to automatically update the time settings each day from 0.ipfire.pool.ntp.org or 1.ipfire.pool.ntp.org and to act as the NTP time server to all green systems.

The local machines can all get the time from the firewall but it would seem that the firewall is not updating correctly and since the systems have different NTP update periods (that I have no control of) they are sometimes different causing “make” to complain.

Any suggestions ?
Regards,
Dave

pike_it · 4 October 2020 00:52

I’ve encountered during last few days (thursday, friday) some NTP data issues (updating from NTP server caused wrong time on the Virtualizer, OS, or appliance), using NTP servers in Europe, and only on a couple of system
Maybe it’s unrelated…

decibel · 4 October 2020 04:07

In my case, (v149), NTP has never worked as a proper NTP client, only as a SNTP client which updates hourly. Is Ipfire meant to do full NTP?

pike_it · 4 October 2020 08:37

NTP depends on what your configuration asks to IpFire…

softfoot1 · 4 October 2020 08:50

Interesting …

I should have added that if I update the time manually (while still
configured to update automatically) it always seems to update OK.

Dave

jon · 4 October 2020 20:56

you may want to add your NTP configuration (menu Services > Time Server) and your NTP messages (menu Logs > System Logs >> Section NTP) to this thread to help debug.

decibel · 5 October 2020 03:50

All done as above but Ipfire is still not a true NTP client. (it is a Simple NTP client - SNTP)
Once an hour (the shortest interval allowed) my firewall does a hard time synch to the chosen upstream server and then proceeds to drift off frequency for an hour until the next update.

A true NTP client will want to see multiple upstream servers and then will start off synching to them at 64 second intervals and as the internal clock adjusts itself, will slow to about every 17 minutes.

jon · 5 October 2020 05:08

This might help:

It adds a few lines to ntp.conf to make it act as you expected.

softfoot1 · 5 October 2020 09:14

(Attachment log.dat is missing)

softfoot1 · 5 October 2020 10:34

log.zip (1.24 KB)

jon · 5 October 2020 18:43

Did this help?

softfoot1 · 5 October 2020 19:30

Sadly - No
Dave

jon · 5 October 2020 23:50

Ha! You’re going to need to give better hints on what is happening on your side. This is hard to fix otherwise…

Try:

ls -al /etc/ntp

and post the results.

juha · 22 March 2021 09:33

Hmm. I had similar problem after installation. I added manually some time servers into /etc/ntp.conf, and restarted ntpd. Now ntpq -p -n gives reasonable output. Maybe this could be documented on the Services → NTP Configuration page?

jon · 22 March 2021 19:06

Hi Juha - Thank you for your post. Please take a moment to update and improve the NTP IPFire Wiki page. It is open to you (and everyone else) to improve and make better. You would login using the same ID and password as this Community.

If you have issues or questions, feel free to post a question. I’d be happy to help!

Thanks again!
Jon

juha · 23 March 2021 14:10

Well… What I would really want, is that the Services → Time Server cgi-script would install those Primary and Secondary NTP servers into /etc/ntp.conf. This is also what I think users expect. If this were done, there would be no need for manual editing. And we could get rid of the Synchronization dialog, because synchronization is just what real NTP is for .

For the purpose of verification, it would be useful to let ntpd produce statistics. It takes a few more lines in /etc/ntp.conf. Here is a nice picture of how it works after I made these changes i my system:

-juha

stinga · 29 April 2021 04:06

You need to alter /etc/ntp.conf and turn off the 1 hour sync.
Mine looks like

[root@wr-fw ~]# cat /etc/ntp.conf
disable monitor
restrict default nomodify
pool 0.au.pool.ntp.org
pool 1.au.pool.ntp.org
pool 2.au.pool.ntp.org
pool 3.au.pool.ntp.org
fudge 127.127.1.0 stratum 10