Re: [pfSense] Internal Clock Broke
On 8/23/15 10:44 PM, Volker Kuhlmann wrote: On Mon 24 Aug 2015 16:22:04 NZST +1200, Brady, Mike wrote: It is not ticked on any (three) of the machines that I have just looked at. This is not something that I would have ever changed. Perhaps my memory is wrong and I did change mine. Why have an advanced option that stops the whole thing from working? Perhaps it's for locally connected clock sources. Sorry, I meant ntpq -n -c ass. ind assid status conf reach auth condition last_event cnt === 1 40532 8011 yesno nonerejectmobilize 1 2 40533 8011 yesno nonerejectmobilize 1 Yes, thanks muchly. If you're running a new enough NTP installation, additionally see the output of: ntpq -c apeers H ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On Fri 26 Jun 2015 14:54:38 NZST +1200, Brian Caouette wrote: Anyone else notice the clock is broke on 2.2.3? Anything time related is seriously off. Agreed. It's broken in 2.2.4 too. At least the upgrade to 2.2.4 did not change the time zone (Pacific/Auckland) for me. I can no longer tell for the upgrade to 2.2.3. Time synchronisation does not happen. I configured 2 time servers, both reachable, and the system time is wrong. pfsense # ntpdate -qu 0.pfsense.pool.ntp.org time.paradise.net.nz server 130.217.226.50, stratum 1, offset -11.124288, delay 0.05031 server 103.239.8.22, stratum 1, offset -11.124315, delay 0.03931 server 203.96.152.12, stratum 3, offset -11.120111, delay 0.04111 24 Aug 12:13:24 ntpdate[95005]: step time server 103.239.8.22 offset -11.124315 sec 11 seconds difference does not happen if NTP is working. uptime 23 days. Hardware is PCEngines APU1. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On 2015-08-24 11:33, Volker Kuhlmann wrote: On Fri 26 Jun 2015 14:54:38 NZST +1200, Brian Caouette wrote: Anyone else notice the clock is broke on 2.2.3? Anything time related is seriously off. Agreed. It's broken in 2.2.4 too. At least the upgrade to 2.2.4 did not change the time zone (Pacific/Auckland) for me. I can no longer tell for the upgrade to 2.2.3. Time synchronisation does not happen. I configured 2 time servers, both reachable, and the system time is wrong. pfsense # ntpdate -qu 0.pfsense.pool.ntp.org time.paradise.net.nz server 130.217.226.50, stratum 1, offset -11.124288, delay 0.05031 server 103.239.8.22, stratum 1, offset -11.124315, delay 0.03931 server 203.96.152.12, stratum 3, offset -11.120111, delay 0.04111 24 Aug 12:13:24 ntpdate[95005]: step time server 103.239.8.22 offset -11.124315 sec 11 seconds difference does not happen if NTP is working. uptime 23 days. Hardware is PCEngines APU1. Volker No issues here (also Pacific/Auckland) with any 2.2 release. I have about a dozen 2.2.x systems (plus some older ones that I really must get upgraded) that are a mixture of physical and virtual, none of which have any time problems that I am aware of. I have just logged into all of them and checked to make sure. The physical ones are mostly current model pfSense store hardware. All the virtuals are KVM. This is off a 2.2.4 that is a KVM guest and the one with the largest offset. # ntpdate -qu 0.pfsense.pool.ntp.org time.paradise.net.nz server 103.242.68.68, stratum 2, offset -0.003817, delay 0.05771 server 103.242.68.69, stratum 2, offset -0.003988, delay 0.05685 server 203.96.152.12, stratum 0, offset 0.00, delay 0.0 24 Aug 11:53:45 ntpdate[9217]: adjust time server 103.242.68.69 offset -0.003988 sec Regards Mike ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
Hello, Le 2015-08-24 10:33, Volker Kuhlmann a écrit : On Fri 26 Jun 2015 14:54:38 NZST +1200, Brian Caouette wrote: Time synchronisation does not happen. I configured 2 time servers, both reachable, and the system time is wrong. pfsense # ntpdate -qu 0.pfsense.pool.ntp.org time.paradise.net.nz server 130.217.226.50, stratum 1, offset -11.124288, delay 0.05031 server 103.239.8.22, stratum 1, offset -11.124315, delay 0.03931 server 203.96.152.12, stratum 3, offset -11.120111, delay 0.04111 24 Aug 12:13:24 ntpdate[95005]: step time server 103.239.8.22 offset -11.124315 sec 11 seconds difference does not happen if NTP is working. Here NTP works only on the master. Doesn't work on the slave. pfSense 2.1.5 on amd64. bye -- Jérôme Alet - jerome.a...@univ-nc.nc - Direction du Système d'Information Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX Tél : +687 290081 Fax : +687 254829 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On 2015-08-24 13:32, Volker Kuhlmann wrote: On Mon 24 Aug 2015 12:16:28 NZST +1200, Brady, Mike wrote: No issues here (also Pacific/Auckland) with any 2.2 release. Well, mine is a stock 2.2.x install, about 12 months old, upgraded a few times to minor point releases. I hacked the php of squid, squidguard and ssh (out of necessity, no BUI support), which doesn't affect ntp. There is nothing unusual in the log, except maybe this warning: Aug 24 ...: restrict: 'monitor' cannot be disabled while 'limited' is enabled After enabling ntpq queries under advanced, ntpd does not sync within a minute: # ntpq -c peer -n remote refid st t when poll reach delay offset jitter == 103.242.70.5.INIT. 16 u- 6400.0000.000 0.000 203.96.152.12 .INIT. 16 u- 6400.0000.000 0.000 On Linux, restarting (stop, start) ntpd gives the stratum info immediately, and syncs to these servers in under 5 minutes. pfsense has done nothing after 15 minutes. There is a problem here. What could it be? Thanks, Volker Volker I think that the INIT states indicate that you are not in fact synced. What does ntpq -n -c peers show? I would also suggest that you have at least 3 servers configured to sync against. Regards Mike ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On Mon 24 Aug 2015 14:11:22 NZST +1200, Brady, Mike wrote: I think that the INIT states indicate that you are not in fact synced. Yes, I took that for granted. But why? ntpdate to the same servers connects fine. Default pfsense config - well I added one time server and enabled ntpq. It looks like ntpd can't talk to the servers, but why, when ntpdate works fine? Both running on pfsense. OK found it. Under access restrictions, the option Disable all except ntpq and ntpdc queries (default: disabled). must NOT be ticked! The default is ticked. This seems to prevent ntpd altogether from talking to the time servers. That looks like a bug. Could you compare your config, please? What does ntpq -n -c peers show? Same. You can shorten peers all the way to pe. I would also suggest that you have at least 3 servers configured to sync against. Point taken, but it depends on how important it is (have another time server), and it's not the issue here. Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On Mon 24 Aug 2015 16:22:04 NZST +1200, Brady, Mike wrote: It is not ticked on any (three) of the machines that I have just looked at. This is not something that I would have ever changed. Perhaps my memory is wrong and I did change mine. Why have an advanced option that stops the whole thing from working? Perhaps it's for locally connected clock sources. Sorry, I meant ntpq -n -c ass. ind assid status conf reach auth condition last_event cnt === 1 40532 8011 yesno nonerejectmobilize 1 2 40533 8011 yesno nonerejectmobilize 1 Yes, thanks muchly. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On 2015-08-24 15:25, Volker Kuhlmann wrote: OK found it. Under access restrictions, the option Disable all except ntpq and ntpdc queries (default: disabled). must NOT be ticked! The default is ticked. This seems to prevent ntpd altogether from talking to the time servers. That looks like a bug. Could you compare your config, please? It is not ticked on any (three) of the machines that I have just looked at. This is not something that I would have ever changed. Two of the machines are upgrades from releases prior to 2.2 but the third was a clean 2.2 install. What does ntpq -n -c peers show? Same. You can shorten peers all the way to pe. Sorry, I meant ntpq -n -c ass. The condition column will tell you if they are talking or not. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On Sat, Jun 27, 2015 at 7:27 PM, Ryan Clough ryan.clo...@dsic.com wrote: Check your Timezone on the System::General Settings page. After I upgraded it had been reset to Africa/Abidjan. 2.2.3 got updated tz data. That's what would happen if you were using a timezone that's no longer included in the tz data. The system would likely be on GMT in that circumstance. When browsing to that page, it'd just show you the first in the list as there wouldn't be a matching one to get selected. Do you know what zone you were on previously? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
Not sure exactly which zone was configured prior to the update but we are in the Pacific time zone. ___ ¯\_(ツ)_/¯ Ryan Clough Information Systems Decision Sciences International Corporation http://www.decisionsciencescorp.com/ http://www.decisionsciencescorp.com/ On Mon, Jun 29, 2015 at 11:41 AM, Chris Buechler c...@pfsense.com wrote: On Sat, Jun 27, 2015 at 7:27 PM, Ryan Clough ryan.clo...@dsic.com wrote: Check your Timezone on the System::General Settings page. After I upgraded it had been reset to Africa/Abidjan. 2.2.3 got updated tz data. That's what would happen if you were using a timezone that's no longer included in the tz data. The system would likely be on GMT in that circumstance. When browsing to that page, it'd just show you the first in the list as there wouldn't be a matching one to get selected. Do you know what zone you were on previously? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- This email and its contents are confidential. If you are not the intended recipient, please do not disclose or use the information within this email or its attachments. If you have received this email in error, please report the error to the sender by return email and delete this communication from your records. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold