For reliability I'd recommend setting up 4 NTP servers this way. If you use one, and it goes down, then you can't get back up. With 4 it's unlikely they'll all be down at once.
Another option is to set up one of your LAN machines as an NTP server. particularly one like a desktop or media PC that has an RTC clock. Then you can get time from your local network without needing the WAN.
Another option is to use the firewall to tag all UDP packets on the NTP port with a firewall mark... then use a route rule to select a separate routing table for routing those packets... this will work with all NTP servers on the internet.
3 Likes
sammo
February 27, 2020, 8:45pm
7
You can also use a one shot sync bound to interface
ntpd -n -q -N -I wan -p 0.uk.pool.ntp.org -p 1.uk.pool.ntp.org
5 Likes
Ooh, I like that even better, because you can easily set it up in /etc/rc.local and it doesn't require any monkey business with routing or firewall.
1 Like
Thank you. where should I store this on my ?
Thank you.
is this what you mean? I need to save this in /etc/rc.local
ntpd -n -q -N -I wan -p 0.uk.pool.ntp.org -p 1.uk.pool.ntp.org
There would be no name resolution without an Up tunnel (if the OP's DNS servers are up the tunnel too). Use IP addresses.
The OP said:
Predators:
I had to sync the time
Also be sure to use a NTP server that advises using its IP is OK.
Will this not work if I try on my router?
ntpd -n -q -N -I wan -p 203.114.225.252 -p 203.114.224.31
yes using the IPs should work. However you probably need to replace the word "wan" with the OS interface name like eth1 or eth0.2 or something... also I'd add 2 or 3 more ip addresses.
i am using wwan interfaces is this correct?
ntpd -n -q -N -I wwan -p 162.159.200.123 -p 203.114.74.17
do i have to wear this?
ntpd -n -q -N -I wlan0 -p 162.159.200.123 -p 203.114.74.17
sammo
February 28, 2020, 5:10am
15
Perhaps you can run it manually with debug and see what you get first. Replace eth9 with your interface
root@repeater:~# ntpd -d -n -q -N -I eth9 -p 162.159.200.123 -p 203.114.74.17
ntpd: sending query to 203.114.74.17
ntpd: sending query to 162.159.200.123
ntpd: reply from 162.159.200.123: offset:-0.007698 delay:0.009258 status:0x24 strat:3 refid:0x0a1508fb rootdelay:0.011612 reach:0x01
ntpd: reply from 203.114.74.17: offset:+0.057861 delay:0.261745 status:0x24 strat:2 refid:0xdfffb902 rootdelay:0.049363 reach:0x01
ntpd: sending query to 203.114.74.17
ntpd: sending query to 162.159.200.123
ntpd: reply from 162.159.200.123: offset:-0.007763 delay:0.008862 status:0x24 strat:3 refid:0x0a1508fb rootdelay:0.011597 reach:0x03
root@repeater:~#
I followed your direction I opened Putty following this command but there was no response in Putty
ntpd -d -n -q -N -I eth9 -p 162.159.200.123 -p 203.114.74.17
sammo
February 28, 2020, 6:15am
17
You need to replace eth9 with your interface
ntpd -d -n -q -N -I wlan0 -p 162.159.200.123 -p 203.114.74.17
I have tried to replace it with wlan0 but there was no response in my putty using openwrt 19.07.1
sammo
February 28, 2020, 6:24am
19
Do you get a response from
ping -I wlan0 8.8.8.8
No respon ping -I wlan0 8.8.8.8
sammo
February 28, 2020, 6:40am
21
wlan0 is not your internet interface. Are you connecting outside your home where there is a captive portal? Can you post your output
ip route
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdec:ee01:fa70::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'a0:f3:c1:e4:ab:b5'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'wwan'
option proto 'dhcp'
config interface 'Wireguard'
option proto 'wireguard'
list addresses '10.9.0.224/16'
option private_key 'CO9HweImjzcRUNiQMIUz3gDHGkNa4USEjF
option mtu '1420'
config wireguard_Wireguard
option public_key 'Z2eoZCkB9+a37VXTa7wkdISuw4DSyRGOoTj
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option route_allowed_ips '1'
option endpoint_host 'xxxxxxxxxxxxxx
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wwan Wireguard'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'shadowsocks'
option type 'script'
option path '/var/etc/shadowsocks.include'
option reload '1'
sammo
February 28, 2020, 7:50am
23
You wan interface is eth0.2
my internet source from wifi