This is how I made sure my OPNsense firewall was synchronized by adding a cron job.
So, my goal is to have OPNsense synchronize time with NTS. And this is accomplished by using
I have disabled the default
Network Time daemon completely, by, as of current version, stopping the
NTPD service and remove the addresses which it syncs to (Peers).
Whatever happens on the LAN side of things, the clients will just use their default servers / and or DNS host overrides pointing to an interface which is serving time on the firwall (which is not NTS, but hey, who can you trust- if not your own firewall).
Chrony synchronizes NTP with NTS.
Chrony serves the LAN side which is manually configured in the “Allowed Networks section” (who do I have to ask if I want to have a shiny drop-down menu here?)
Clients on LAN gets time from the LAN address on port 123.
The firewall itself.
Now, how do to get the firewall to synchronize, with itself?
Well, by pointing to a Time Server which is local (in the Network Time section)? And then start
But guess what, the port :123 is already in use by
NTPD can not start.
- OPNsense 20.7.7_1-amd64
[test@opnsense ~]$ sudo ntpdate -v 192.168.1.1 10 Jan 03:16:06 ntpdate: ntpdate 4.2.8p12-a (1) 10 Jan 03:16:06 ntpdate: the NTP socket is in use, exiting
[test@opnsense ~]$ date Sun Jan 10 03:20:22 CET 2021 [test@opnsense ~]$ sudo ntpdate -v -u 192.168.1.1 10 Jan 03:20:56 ntpdate: ntpdate 4.2.8p12-a (1) 10 Jan 00:15:26 ntpdate: step time server 192.168.1.1 offset -11136.467989 sec [test@opnsense ~]$ date Sun Jan 10 00:15:29 CET 2021
-u Direct ntpdate to use an unprivileged port for outgoing packets.
This situation is currently solved by using a cron.
[test@opnsense /usr/local/opnsense/service/conf/actions.d]$ vi actions_ntpdate.conf [start] command:/usr/local/sbin/ntpdate -u 192.168.1.1 parameters: type:script message:ntpdate -u 192.168.1.1 description:ntpdate -u 192.168.1.1
configd to be able to test the script with
configctl (and to make it become available in the drop-down menu under Cron jobs in the GUI):
[test@opnsense /usr/local/opnsense/service/conf/actions.d]$ sudo service configd restart Stopping configd...done Starting configd.
[test@opnsense /usr/local/opnsense/service/conf/actions.d]$ sudo configctl ntpdate start OK