Problematic system

For reliability I'd recommend setting up 4 NTP servers this way. If you use one, and it goes down, then you can't get back up. With 4 it's unlikely they'll all be down at once.

Another option is to set up one of your LAN machines as an NTP server. particularly one like a desktop or media PC that has an RTC clock. Then you can get time from your local network without needing the WAN.

Another option is to use the firewall to tag all UDP packets on the NTP port with a firewall mark... then use a route rule to select a separate routing table for routing those packets... this will work with all NTP servers on the internet.

3 Likes

You can also use a one shot sync bound to interface

ntpd -n -q -N -I wan -p 0.uk.pool.ntp.org -p 1.uk.pool.ntp.org

5 Likes

Ooh, I like that even better, because you can easily set it up in /etc/rc.local and it doesn't require any monkey business with routing or firewall.

1 Like

Thank you. where should I store this on my ?

Thank you.
is this what you mean? I need to save this in /etc/rc.local
ntpd -n -q -N -I wan -p 0.uk.pool.ntp.org -p 1.uk.pool.ntp.org

There would be no name resolution without an Up tunnel (if the OP's DNS servers are up the tunnel too). Use IP addresses.

:thinking:

The OP said:

Also be sure to use a NTP server that advises using its IP is OK.

Will this not work if I try on my router?

ntpd -n -q -N -I wan -p 203.114.225.252 -p 203.114.224.31

yes using the IPs should work. However you probably need to replace the word "wan" with the OS interface name like eth1 or eth0.2 or something... also I'd add 2 or 3 more ip addresses.

i am using wwan interfaces is this correct?

ntpd -n -q -N -I wwan -p 162.159.200.123 -p 203.114.74.17

do i have to wear this?


ntpd -n -q -N -I wlan0 -p 162.159.200.123 -p 203.114.74.17

Perhaps you can run it manually with debug and see what you get first. Replace eth9 with your interface

root@repeater:~# ntpd -d -n -q -N -I eth9 -p 162.159.200.123 -p 203.114.74.17
ntpd: sending query to 203.114.74.17
ntpd: sending query to 162.159.200.123
ntpd: reply from 162.159.200.123: offset:-0.007698 delay:0.009258 status:0x24 strat:3 refid:0x0a1508fb rootdelay:0.011612 reach:0x01
ntpd: reply from 203.114.74.17: offset:+0.057861 delay:0.261745 status:0x24 strat:2 refid:0xdfffb902 rootdelay:0.049363 reach:0x01
ntpd: sending query to 203.114.74.17
ntpd: sending query to 162.159.200.123
ntpd: reply from 162.159.200.123: offset:-0.007763 delay:0.008862 status:0x24 strat:3 refid:0x0a1508fb rootdelay:0.011597 reach:0x03
root@repeater:~#

I followed your direction I opened Putty following this command but there was no response in Putty

ntpd -d -n -q -N -I eth9 -p 162.159.200.123 -p 203.114.74.17

You need to replace eth9 with your interface
ntpd -d -n -q -N -I wlan0 -p 162.159.200.123 -p 203.114.74.17

I have tried to replace it with wlan0 but there was no response in my putty using openwrt 19.07.1

Do you get a response from

ping -I wlan0 8.8.8.8

No respon ping -I wlan0 8.8.8.8

wlan0 is not your internet interface. Are you connecting outside your home where there is a captive portal? Can you post your output

ip route

/etc/config/network
                                                       
                                                              
config interface 'loopback'                                   
        option ifname 'lo'                                    
        option proto 'static'                                 
        option ipaddr '127.0.0.1'                             
        option netmask '255.0.0.0'                            
                                                              
config globals 'globals'                                      
        option ula_prefix 'fdec:ee01:fa70::/48'               
                                                              
config interface 'lan'                                        
        option type 'bridge'                                  
        option ifname 'eth0.1'                                
        option proto 'static'                                 
        option ipaddr '192.168.1.1'                           
        option netmask '255.255.255.0'                        
        option ip6assign '60'                                 
                                                              
config interface 'wan'                                        
        option ifname 'eth0.2'                                
        option proto 'dhcp'                                   
                                                              
config device 'wan_eth0_2_dev'                                
        option name 'eth0.2'                                  
        option macaddr 'a0:f3:c1:e4:ab:b5'                    
                                                              
config interface 'wan6'                                       
        option ifname 'eth0.2'                                
        option proto 'dhcpv6'                                 
                                                              
config switch                                                 
        option name 'switch0'                                 
        option reset '1'                                      
        option enable_vlan '1'                                
                                                              
config switch_vlan                                            
        option device 'switch0'                               
        option vlan '1'                                       
        option ports '2 3 4 5 0t'                             
                                                              
config switch_vlan                                            
        option device 'switch0'                               
        option vlan '2'                                       
        option ports '1 0t'                                   
                                                              
config interface 'wwan'                                       
        option proto 'dhcp'                                   
                                                              
config interface 'Wireguard'                                  
        option proto 'wireguard'                              
        list addresses '10.9.0.224/16'                        
        option private_key 'CO9HweImjzcRUNiQMIUz3gDHGkNa4USEjF
        option mtu '1420'                                     
                                                              
config wireguard_Wireguard                                    
        option public_key 'Z2eoZCkB9+a37VXTa7wkdISuw4DSyRGOoTj
        option persistent_keepalive '25'                      
        option endpoint_port '51820'                          
        list allowed_ips '0.0.0.0/0'                          
        list allowed_ips '::/0'                               
        option route_allowed_ips '1'                          
        option endpoint_host 'xxxxxxxxxxxxxx
        
        
        
        
        
        
 /etc/config/firewall
      
      
                                                                    
config defaults                                               
        option syn_flood '1'                                  
        option input 'ACCEPT'                                 
        option output 'ACCEPT'                                
        option forward 'REJECT'                               
                                                              
config zone                                                   
        option name 'lan'                                     
        option input 'ACCEPT'                                 
        option output 'ACCEPT'                                
        option forward 'ACCEPT'                               
        option network 'lan'                                  
                                                              
config zone                                                   
        option name 'wan'                                     
        option input 'REJECT'                                 
        option output 'ACCEPT'                                
        option forward 'REJECT'                               
        option masq '1'                                       
        option mtu_fix '1'                                    
        option network 'wan wan6 wwan Wireguard'              
                                                              
config forwarding                                             
        option src 'lan'                                      
        option dest 'wan'                                     
                                                              
config rule                                                   
        option name 'Allow-DHCP-Renew'                        
        option src 'wan'                                      
        option proto 'udp'                                    
        option dest_port '68'                                 
        option target 'ACCEPT'                                
        option family 'ipv4'                                  
                                                              
config rule                                                   
        option name 'Allow-Ping'                              
        option src 'wan'                                      
        option proto 'icmp'                                   
        option icmp_type 'echo-request'                       
        option family 'ipv4'                                  
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-IGMP'                              
        option src 'wan'                                      
        option proto 'igmp'                                   
        option family 'ipv4'                                  
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-DHCPv6'                            
        option src 'wan'                                      
        option proto 'udp'                                    
        option src_ip 'fc00::/6'                              
        option dest_ip 'fc00::/6'                             
        option dest_port '546'                                
        option family 'ipv6'                                  
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-MLD'                               
        option src 'wan'                                      
        option proto 'icmp'                                   
        option src_ip 'fe80::/10'                             
        list icmp_type '130/0'                                
        list icmp_type '131/0'                                
        list icmp_type '132/0'                                
        list icmp_type '143/0'                                
        option family 'ipv6'                                  
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-ICMPv6-Input'                      
        option src 'wan'                                      
        option proto 'icmp'                                   
        list icmp_type 'echo-request'                         
        list icmp_type 'echo-reply'                           
        list icmp_type 'destination-unreachable'              
        list icmp_type 'packet-too-big'                       
        list icmp_type 'time-exceeded'                        
        list icmp_type 'bad-header'                           
        list icmp_type 'unknown-header-type'                  
        list icmp_type 'router-solicitation'                  
        list icmp_type 'neighbour-solicitation'               
        list icmp_type 'router-advertisement'                 
        list icmp_type 'neighbour-advertisement'              
        option limit '1000/sec'                               
        option family 'ipv6'                                  
        option target 'ACCEPT'                                

config rule                                                   
        option name 'Allow-ICMPv6-Forward'                    
        option src 'wan'                                      
        option dest '*'                                       
        option proto 'icmp'                                   
        list icmp_type 'echo-request'                         
        list icmp_type 'echo-reply'                           
        list icmp_type 'destination-unreachable'              
        list icmp_type 'packet-too-big'                       
        list icmp_type 'time-exceeded'                        
        list icmp_type 'bad-header'                           
        list icmp_type 'unknown-header-type'                  
        option limit '1000/sec'                               
        option family 'ipv6'                                  
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-IPSec-ESP'                         
        option src 'wan'                                      
        option dest 'lan'                                     
        option proto 'esp'                                    
        option target 'ACCEPT'                                
                                                              
config rule                                                   
        option name 'Allow-ISAKMP'                            
        option src 'wan'                                      
        option dest 'lan'                                     
        option dest_port '500'                                
        option proto 'udp'                                    
        option target 'ACCEPT'                                
                                                              
config include                                                
        option path '/etc/firewall.user'                      
                                                              
config include 'shadowsocks'                                  
        option type 'script'                                  
        option path '/var/etc/shadowsocks.include'            
        option reload '1'

You wan interface is eth0.2

wwan/ wlan0

my internet source from wifi