whenever I reboot router, or switch off router and then switch on router
the local time changes itself to incorrect value which I did not set
what to do?
i am using openwrt as wireguard client also as a result wireguard is unable to connect to internet.
then only solution is I have to login to router > system properties > local time > sync with browser.
depending on what device you use, there will be no RTC in it, and the date/time will (always) be off.
wait until the time is synced, and delay the start of your wireguard tunnel.
Wireguard problems due to incorrect time is a common problem. I'm sure you will find some helpful information when you use the forum search.
This is more of a common crypto dilemma that will fail if the clocks on both endpoints of the VPN tunnel is out of sync.
When position A make a crypto key based on the time on position A and sends that to the friend on position B that tries to decrypt the key. But if position B time is before the position A encryption time then there is a problem since time travel isn’t invented yet. So therefore the data is seen as compromised and the decrypt will fail.
But if position B is only little ahead of time from Position A, well then the data has just been delayed on the big internet thing. “Better late than sorry”.
You either wait for the ntp servers to update time or have your own time server locally serving the router at boot.
i am using tplink archer c7 v5
i have also configured firewall as no internet access without wireguard
i tried some solutions including running a bash script on start
did not work
nicely written. now i understood the impact of ntp
is running a ntp server locally the only solution??
The problem for your ntp server is to get time without internet connection. You have a catch-22 there.
I have tried to use a RTC on a Raspberry. But ntp daemon doesn’t give out rtc time.
There is a package called crony that are supposed to be able to hand out offline rtc time. But I haven’t tried my self.
Or use a GPS USB adapter is what the NTP servers want to feel happy!? Haven’t tried that either.
i could not find crony in openwrt packages
Try chrony
If you have some other device running 24/7 in your network, you could use it to host the ntpd.
Not sure it is for openwrt, but for debian based system it is available.
crony on HA requires Internet.
All ntp servers need internet to be able to sync (as a client) to an upstream ntp/authority server. However, if a device is running 24/7 and/or has a built-in rtc, it would be able to keep time that is reasonably* accurate even without internet connectivity. Once connectivity is reestablished, it can sync to fix any drift.
*defining “reasonably” here as within a few seconds or even a few minutes of drift relative to an authoritative time source. This compares to what may be days or weeks (or more) off by a device like a router without an rtc that has just rebooted.
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ntpd -d -n -q -N -I eth0 -p 162.159.200.123 -p 203.114.74.17
exit 0
i have used chrony
i can see the wireguard handshake was successfully received, so chrony might be the solution. I can confirm as solution after testing for a week or so.
i also modified cat /etc/config/chrony as such , 192.168.1.216 is a local ntp server I am running but in a different router. the logs from chrony shows it did not attempt to connect to my ntp server 192.168.1.216 nor time.cloudflare.com but to ntp.org time server
cat /etc/config/chrony
config pool
option hostname '192.168.1.216'
option hostname 'time.cloudflare.com'
option hostname '2.openwrt.pool.ntp.org'
option maxpoll '12'
option iburst 'yes'
#restart after installing chrony
Wed Jul 6 13:27:26 2022 daemon.info chronyd[1349]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK -RTC +PRIVDROP -SCFILTER -SIGND +ASYNCDNS -NTS -SECHASH +IPV6 -DEBUG)
Wed Jul 6 13:04:44 2022 daemon.info chronyd[1348]: Selected source 144.126.242.176 (2.openwrt.pool.ntp.org)
Wed Jul 6 13:04:44 2022 daemon.warn chronyd[1348]: System clock wrong by 56.079086 seconds
Wed Jul 6 13:04:44 2022 daemon.warn chronyd[1348]: System clock was stepped by 56.079086 seconds
#another restart of router
Wed Jul 6 13:28:43 2022 daemon.warn chronyd[1349]: Forward time jump detected!
Wed Jul 6 13:28:48 2022 daemon.info chronyd[1349]: Selected source 167.71.195.165 (2.openwrt.pool.ntp.org)
Wed Jul 6 13:29:52 2022 daemon.info chronyd[1349]: Source 23.106.249.200 replaced with 5.189.141.35 (2.openwrt.pool.ntp.org)
chrony seems not working
any alternative option??
Other kind of hack for you:
Without a real battery powered real-time clock there is no simple solution. The router has no way to get real time without internet connection.
OpenWrt tries to tackle that by setting the initial time at boot to the time-stamp of the latest file in /etc
You could touch a file there, e.g. /etc/banner, before any planned reboot, so that they router would then boot to that time, and be maybe just just 1-2 minutes off.
Against non-planned reboots, you could use a cron job to touch a file in /etc every 12 hours of so. That would ensure that the time is not more than 12 hours off. But that would slowly decrease the lifetime of the flash. 
See advice/discussion in https://openwrt.org/docs/guide-user/base-system/cron#periodic_reboot
I am not sure about the acceptable accuracy for wireguard, but 12 hours difference might be accepted, unlike the 1000 hour difference that the screenshot above shows.
Having had this issue, and following the links: Race Condition to the Forum
I used @sammo suggestion w/ @lleachii's IP suggestion and made a rc.local scheduled task. On top of that I added ntpdate package.
The picture demonstrates (in my case), that the last edited file on my system was quite dated (Fri Jun 1 time). Yet, the wg0 interface came online (sswg), time was restored, time was checked again by ntpd and what is not see thereafter is not important because I'm running online, VPN WireGuard default route.
The actual suggest fix, dated every file on my router making it unfixable.
cat << "EOF" >> /etc/crontabs/root
* * * * * date -s 2030-01-01; /etc/init.d/sysntpd restart
EOF
uci set system.@system[0].cronloglevel="9"
uci commit system
/etc/init.d/cron restart```