Kitz Forum

Computers & Hardware => Other Technologies & Hardware => Topic started by: Weaver on January 05, 2018, 11:20:22 PM

Title: NTP
Post by: Weaver on January 05, 2018, 11:20:22 PM
I have never ever managed to get my pi to keep time at all. NTP just fails when I start up, ni matter what I try. I know that there are no communication problems with the path to the servers as I can get NTP to sync up to them by hand using manual commands and trace routes to them, are all good. I even added in the ntp servers at my own ISP, Andrews and Arnold, so they would be really close. Also i'm not using the pi's wireless st all, that's turned off, so can't blame that.

I was getting to the stage where I was thinking abuout starting to hunt around for a hardware clock, but then I thought that someone somewhere must have solved this. It was at this point, with all the stupid and thoughtless fiddling around that I was doing that I managed to make the pi non-booting, well not headless, so now I'm dead.

Does anyone have a reliable NTP time boot config + runes + setup recipe whatever that I could just steal?
Title: Re: NTP
Post by: Westie on January 19, 2018, 11:41:55 AM
Don't know if this helps or not:

I'm running Raspbian stretch, with the config set up to wait for network at boot. I've so far not had a problem with keeping time...but it's only been a week or two.
Title: Re: NTP
Post by: tiffy on January 19, 2018, 01:51:22 PM
Don't know if this may be relevant to your issue:

http://forum.kitz.co.uk/index.php/topic,20525.msg358273.html#msg358273

I have had clock issues in the past with my RPi's and this procedure has always cured, give it a try.
Title: Re: NTP
Post by: Weaver on January 19, 2018, 02:25:11 PM
I'll definitely do that. Much appreciated. I tried so many different kinds of hacks assuming that my problem was due to the local time being far too far out, I can't remember whether I tried _exactly_ that particular technique.
Title: Re: NTP
Post by: Weaver on January 26, 2018, 02:55:41 AM
I'm soon to get the pi back up and running so i would appreciate any advice as to a known good recipe for getting ntp up and running.

I may have mentioned earlier -I managed to find the magic incantation to force the time to get set correctly even if the clock is miles off. After that it didn't maintain time properly for more than an hour or so.

But using the afore said magic incantation during the boot process didn't work, so wondering if it failed because of dependencies or network readiness state, I even set it to automatically execute again 1 min and 2 minutes after boot, out of sheer desperation, and that didn't work either.

I have ipv6 working on the pi, tested. Somehow got it up by fiddling about, that is the only thing I can think of. The ntp servers are available on iov6 and iov4 networks both. I included the aa.net.uk one as it is the nearest and also the usual pool ones for the uk. Did much fiddling around with those and all to no avail. I wonder if there is some odd bug where it doesn't like ipv6 being present. The docs show that the ntp associated components do speak ipv6 albeit with some awkward design quirks. I haven't tried things in an ipv6-only or ipv4-only network.
Title: Re: NTP
Post by: Westie on January 26, 2018, 03:34:24 PM
I am a complete newbie regarding linux / routers / hands-on-beyond-a-gui, so whilst I can say what works for me, I am aware that this might be a grandmother/eggs situation. Feel free to ignore whatever isn't relevant.

In my setup I have a router/modem picking up the internet, connected by Ethernet to a Pepwave Surf SOHO router which handles the household LAN(s) on separate sub-networks.

A Pi Zero W is on a household wireless LAN, which monitors the modem/router with DSLstats and uploads to MDWS. The Pi runs Raspbian Stretch, which apparently doesn't have ntp installed, although it is in the repository (have I said that right?)

When I first set the Pi up I installed (I think) the ntp daemon by using
Code: [Select]
sudo apt-get update
sudo apt-get -y install ntp

Using the Pi's GUI I have also set the preferences to the correct locale, and to wait for the network before completing the boot sequence. It seems to have no trouble in picking up a ntp server, or in keeping accurate time (within the minute, anyway).

Am I being too simplistic?
Title: Re: NTP
Post by: Weaver on January 26, 2018, 05:35:53 PM
Westie does your pi speak ipv6 to the internet?
Title: Re: NTP
Post by: Westie on January 26, 2018, 09:05:12 PM
No, mine doesn't :( although I know it's capable of it :)

My current ISP doesn't do IPv6, so I haven't felt the urge to get to grips with it. Maybe when I migrate next week?....
Title: Re: NTP
Post by: skyeci on January 27, 2018, 06:55:09 AM
I found my pi3 would lose time when used over wireless which in turn would mess up mdws uploads. Using the ethernet port did not cause any issues.
mine also worked fine with ipv6 via my isp
Title: Re: NTP
Post by: Weaver on January 27, 2018, 06:12:35 PM
The command
   
Code: [Select]
ntpdate -b -u ntp1.aa.net.ukworks, but the time doesn't stay correct for many minutes even.

I'm getting help from my heroic neighbour who is doing a fresh installation. Will see how long it takes it to go wrong, if I retest after each step.
Title: Re: NTP
Post by: Deathstar on January 27, 2018, 06:14:53 PM
Mine keeps time fine, running the latest Raspbian on a Pi3.


Sent from my SM-G930F using Tapatalk

Title: Re: NTP
Post by: Weaver on January 27, 2018, 06:20:57 PM
AA does of course have an ntp server on the ipv6 internet btw, so it isn't a problem with ipv6 per se. But it could be due to the disparity between commands or something.

I was watching a lecture recently where the speaker was talking about problems not with ipv6 but with dual-stack, because in one example case firewall rules were not in sync between iov4 and iov6-related things as a staff member had forgotten to keep the two lots of runes in step. The speaker said that was why their org was desperate to go ipv6-only asap - to get rid of the cost of having to do everything twice and test twice, that and the huge cost of buying ipv4 space now as they were talking about spending US$950k on buying an IPv4 /16 (don't know if they meant a contiguous actual one or just that many loose addresses). On UKNOF videos website, speaker from Microsoft’s internal corporate IT dept.
Title: Re: NTP
Post by: Westie on January 27, 2018, 09:19:16 PM
the time doesn't stay correct for many minutes

I do not have ntpdate installed on my Pi, but I do have ntp, and it keeps time OK.

Maybe you could try that.
Title: Re: NTP
Post by: Westie on January 27, 2018, 09:46:54 PM
This is from my Pi
Code: [Select]
Pi@Pi-Router:~ $ timedatectl
      Local time: Sat 2018-01-27 21:45:17 UTC
  Universal time: Sat 2018-01-27 21:45:17 UTC
        RTC time: n/a
       Time zone: Etc/UTC (UTC, +0000)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no
pi@Pi-Router:~ $

It took me over a minute to copy & paste (I'm slow); hence the slight discrepancy between reported time and posting time.
Title: Re: NTP
Post by: Weaver on January 28, 2018, 12:10:55 AM
I tried both
Title: Re: NTP
Post by: Westie on January 28, 2018, 09:53:23 AM
Don't know if this helps, but  this person (https://raspberrypi.stackexchange.com/questions/15712/ntpd-is-not-updating-time) had a similar problem, and solved it by using openntpd instead.

In his case it was to do with ntp requiring to use UDP on port 23. Maybe a firewall issue with the Firebrick?

This NTP document (http://doc.ntp.org/current-stable/debug.html) confirms:
Quote
Verify the /etc/services file host machine is configured to accept UDP packets on the NTP port 123. NTP is specifically designed to use UDP and does not respond to TCP.
Title: Re: NTP
Post by: Weaver on January 28, 2018, 07:43:35 PM
So perhaps I would have had to open a hole in the firewall for inbound udp on that port for those servers? If so, then that would explain it.

I never had any idea about such a requirement.

I don't understand why it works for some people then.
Title: Re: NTP
Post by: Westie on January 28, 2018, 07:52:04 PM
I'm sorry, but I don't know the answer to that question.  :(

Does this old forum topic (https://forum.linode.com/viewtopic.php?t=5751#p30533) shed any further light?

Quote
I don't understand why it works for some people then.

Neither do I. Maybe the Firebrick operates a "more secure" firewall?
Title: Re: NTP
Post by: Weaver on January 28, 2018, 07:53:53 PM
I don't use NAT, I have real IPv4 and IPv6 addresses for the pi. So NAT isn't the issue. That is going to be interesting with NAT translators for some people perhaps. (Shudders.)
Title: Re: NTP
Post by: Westie on January 28, 2018, 08:31:21 PM
Maybe NAT is why it does work for some people?

As I understand it, UDP is essentially a one-way protocol, so there will be less delays incurred and therefore more accurate timing, whereas TCP establishes a two way session. It could be that a NAT translator "holds on" to the outbound UDP request and thus recognises the return packet when it arrives, whereas a "proper" firewall doesn't do that unless specifically instructed to do so.

If so, maybe poking a hole in the firewall is a solution...

This is purely conjecture on my part, and I would welcome correction from anyone who really knows!

Edit: Page 11 of the IETF document RFC 4787 (https://tools.ietf.org/html/rfc4787#section-4.1) appears to support that theory:
Quote
REQ-5:  A NAT UDP mapping timer MUST NOT expire in less than two minutes, unless REQ-5a applies...
Title: Re: NTP
Post by: Weaver on January 29, 2018, 08:24:03 AM
A very good point - helps the firewall accidentally do the ‘right thing’ with UDP.

I have set up other devices that use NTP - perhaps I need to check whether they are even working.
Title: Re: NTP
Post by: Westie on February 05, 2018, 08:11:58 AM
@Weaver

Sorry for the bump, but did you get your Pi timing sorted?
Title: Re: NTP
Post by: Weaver on March 31, 2018, 12:49:12 AM
No I never did. The next thing to do was to investigate firewalling problems given what I had learned in this thread. But stupidly I managed to brick them pi and now can't use it at all.

I will get some help at some point to get the machine up and running again.

More recently though I spotted something excellent, a hosted Raspberry Pi 3 at Mythic Beasts. `i can ssh into it, and I can remotely reboot it and remotely wipe it and reinstall an o/s image automatically within a minute or so. So when I make a mess if things I am always safe, which means that I can try ignorant experiments with confidence.

That machine has a choice of three different o/s versions, I tried one version of Raspian 32-bit and now I am also on a very stripped-down Ubuntu 32-bit. (Not so easy to get proper AArch64 builds yet perhaps.)

On this machine, NTP just works. Probably due to the fact that there is no firewalling at all.

The machine is all set up to use IPv6 properly. I think it doesn't come with any global public IPv4 address, and I am just using IPv6 for everything.
Title: Re: NTP
Post by: tickmike on April 20, 2018, 05:27:49 PM
My hardware firewall blocks NTP unless I open ports for it.
Have you checked your firewall logs ?.
Title: Re: NTP
Post by: Weaver on April 21, 2018, 02:53:55 AM
@Tickmike I ended up completely killing the machine and have no way of getting it back up again until Incan come up with sufficient resolve to overcome the humiliation of having to go and beg my long-suffering neighbour down the hill to rescue me again. I also bought a storage card to pu the o/s on which I am told is unsuitable for the pi, so will,have to remedy that before a future attempt.