pfSense

Duplicate of #1398. Clicked too fast.

Jimp, I've applied your commits and I see the service is now running fine at startup and is able to stop and restart normally.

Problem is hitting save on an OpenVPN config stops ntp cold and the service not only shows as stopped but doesnt restart at all.

Also, I still cant get my clients to sync. Running ps -ax | grep ntp at startup shows

ntpd: ntp engine (ntpd)
ntpd: [priv] (ntpd)

If I save an openvpn config and then ntp service stops, grep ntp shows

ntpdate -s -t 5 0.pfsense.pool.ntp.org
/bin/sh /usr/local/sbin/ntpdate_sync_once.sh

Running the grep ntp at startup should show the ntpdate 0.pfsense.pool.ntp.org and the shell script entry as well but it missing and not allowing clients to sync even though the service is running.

The ntp issue would be separate (it has its own ticket), but I didn't test with openvpn. I suspect that's because OpenVPN connections end up calling rc.newwanip which calls the ntp sync script. That should be working, as long as the system has working dns at the time.

Anyhow, ntpdate is probably going away in favor of just starting ntpd with -s, Ermal pointed it out to me earlier today, and it seems to be the favored way to do things these days.

Hi Jim P,

I've also applied your commits, but it didn't resolve the issue. Once I applied them and started the disabled ntp service through the web interface. All seemed to be working, so I rebooted. Upon rebooting, I found that the ntp service was stopped and could not be started. Here's the processes running that were ntp-related.

root 7562 0.0 0.1 3504 1364 ?? SN 7:36PM 0:00.01 ntpdate -s -t 5 0.pool.ntp.org
root 36380 0.0 0.1 3656 1312 ?? SN 7:35PM 0:00.03 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh
root 44595 0.0 0.1 3656 1368 ?? SN 7:35PM 0:00.03 /bin/sh /usr/local/sbin/ntpdate_sync_once.sh
root 8144 0.0 0.1 3524 1240 0 S+ 7:36PM 0:00.01 grep -i ntp

Same issue as before. The pfSense box keeps querying my name server for 0.pool.ntp.org.

Now, if I kill ntpdate, and the two ntpdate_sync_once.sh processes and start ntp through the web interface, all is good.

_ntp 44414 0.0 0.1 3316 1336 ?? S 7:40PM 0:00.00 ntpd: ntp engine (ntpd)
root 44661 0.0 0.1 3316 1348 ?? Ss 7:40PM 0:00.00 ntpd: [priv] (ntpd)

Contents of my /usr/local/sbin/ntpdate_sync_once.sh are as follows:

#!/bin/sh

NOTSYNCED="true"
SERVER=`cat /cf/conf/config.xml | grep timeservers | cut -d">" -f2 | cut -d"<" -f1`
pfkill -f ntpdate_sync_once.sh

while [ "$NOTSYNCED" = "true" ]; do # Ensure that ntpd and ntpdate are not running so that the socket we want will be free.
killall ntpd 2>/dev/null
killall ntpdate
sleep 1
ntpdate -s -t 5 $SERVER
if [ "$?" = "0" ]; then
NOTSYNCED="false"
fi
sleep 5
done

/usr/local/sbin/ntpd -s -f /var/etc/ntpd.conf

Any ideas?

I updated this again with cd11a14

ntpdate sync is completely gone, since simply starting ntpd with -s will have the same effect. This makes that separate syncing step and script obsolete.

Hi Jim P,

That change seemed to do the trick. NTP is running just perfectly after making those changes and rebooting. Thanks!