I hear arguments for and against NTP (Network Time Protocol) in different spaces on the interwebz.
What are some other options you can use in OpenWrt for syncing time that are arguably more secure, better, or preferred?
chrony is a modern replacement for ntp that a lot of linux distros use by default now.
1 Like
Can you post any of those anti-ntp arguments and proposed solutions?
1 Like
I think you are mixing up wire protocol to implementation. Openwrt defaults to busybox ntpd.
2 Likes
Set a local device (laptop/desktop . . .anything with a rtc) to serve time to your network.?
1 Like
First two points are effectively parroting the existing responses...
If you don't want to get your time from a public NTP server. Set up your own.
If you don't like the unencrypted, unauthenticated servers. Set up your own and use authentication?
If you want "accurate" time or "precise" time you then need to take care in selecting your local time source.
I'd suggest a cheap USB GPS dongle and start from there.
2 Likes
GPS is one of the easiest options these days, if you have more or less clear line of sight to the sky. But classic long wave time signals can also be used for this purpose, depending on the sender also with high accuracy, hardware receiver modules for, e.g., dcf77, wwvb, msf or jjy (and probably some of the others as well) exist.
2 Likes
Wow thanks. I knew these existed but I didn't know that there were cheap ready made radio receivers for these. I thought you'd need RF and EE experience to do that! (Also from reading Australia can barely receive Japan, no local transmitter....)
I discounted it because (used) rubidium oscillator / frequency standard + GPS disciplined kit can be had for under 200AUD....
Well, it kind of depends...
There are ready-made dcf77 (I'll stick to dcf77 here, as that's what I'm familiar with, but the same probably applies to the others) receivers in PCI/ PCIe, USB form-factor and drivers, those tend not to be cheap.
However, simple dcf77 receivers (of varying quality and sensitivity) are really cheap (1-5 bucks), but those still require a small microcontroller (e.g. arduino or a member of the esp8266/ esp32 family) for decoding the signals - and software doing that task for you (there are some pitfalls (be it being fault tolerant (intermittent reception problems), sanity checking or the protocol used for syncing (it is possible to get very high accuracy from it, but barely anyone implements this highest-accuracy method).
GPS receivers start in the ~7-15 buck range and work world-wide and are almost plug-and-play, unless you're in a region with GPS spoofing going on…
1 Like
Mm. hence my recommendation =)
It's sometimes a little more expensive to get a receiver and separate antenna if you can't put stuff near a window.... Plus also sometimes you want to find one with a battery bulit in case of a power cycle.
There is also the NTPS version for “security”, the problem is to find a server.
But if you sync against let’s say 4different source stratum1 server references, I would be surprised if you get a time that is useless for your home router that only have 1second as smallest time unit anyway.
Even if one ntp source is spoofed (or more probably doesn’t work) it will not be used anyway if it deviates to much from the other sources.
5 Likes
NTP over the internet will give you precision down to the (low) millisecond range (typically, one can construct theoretical set-ups that offer better ptecision, like a high precision time server directly at your ISP's pop). For higher precision typically a local NTP server is needed, as others already mentioned GPS/Gallileo/Glonass are great in that they essentially are atomic clocks in low earth orbit that can give you decent time.
Personally I went down this rabbit hole some time ago, with a raspberry pi4 and a uputronics gps revceiver board, following this instruction.
If I would do this again, I would use a raspberry pi5 as basis, as the pi5 allows PTP with a hardware clock, but at the time the pi5 did not exist, and the pi4 can still do PTP with a software clock.
The trick then is to make sure all devices in your network (that want high precision time) actually talk to your own NTP server, but that is not insurmountable it just requires actual checking what each device does...
1 Like
I haven't been able to find a schematic to see if there's a way to input your own clock into the Raspberry pi 5? What's the clock chip on the raspberry pi 5?
A cursory reading indicates we get sub microsecond distribution by PTP? But 1ppm is 1 microsecond? So we need to know how good the clock is on the raspberry pi 5?
Well, that is where the GPS receiver comes in that with its pulse per second mechanism can keep the local time quite precise. But as I implied, I am still on a raspberry pi4 (and will not buy a pi5 just for my toy time server) and have no experience with pi5s, I just parroted what I learned about the pi5 yet have no first hand experience with it.
1 Like
Mm. I understand gps with pulse per second will keep you from drifting too much =)
A reasonably accurate host clock is crucially important. An inaccurate clock can lead to Broken internet connectivity (expired certs) and Time Attacks. NTP doesn't use authentication?
Take in mind this reasoning might be different as anonymity for a router is not valid here for me:
https://www.whonix.org/wiki/Network_Time_Synchronization#NTP
I was just wondering if there was like sdwdate for OpenWrt or some kind of time sync that does authentication?
An inaccurate clock can lead to Broken internet connectivity (expired certs) and Time Attacks
It contradicts proposed whonics intentionally-skewed clock.
You can use chrony-nts for authenticated time.
+1 for chrony-nts
Uninstall/disable ntpd and just use chrony-nts. Keep in mind that you can not mix and match NTS vs. non-NTS NTP servers. It's all or nothing. Makes sense if you think about it.
For a bootstrap list of NTS servers, go here: https://github.com/jauderho/nts-servers
Is it possible to use chrony-nts for the client to get the time and still use the ntp server to provide time for the LAN devices?
Interesting question, answer is in chrony documentation.
Cannot spoon feed entire internet to you.
Btw it is not valid to your specs, it stubbornly sends out local time.