Zum Inhalt

Raspberry Pi in DMZ not updating date and time

A Raspberry Pi located in the DMZ was not able to update its system date and time. The time was several minutes behind the real time.

This caused several issues starting with the login to a Nextcloud via two-factor-authentication, updates, etc.

All articles of the OpenWrt blog series

The Raspberry Pi uses timedatectl for its time management.

The configuration file is /etc/systemd/timesyncd.conf. The configuration looks fine. The time-server for DMZ network is my OpenWRT device

[Time]
NTP=192.168.200.1
FallbackNTP=ptbtime2.ptb.de,ptbtime3.ptb.de
RootDistanceMaxSec=30
PollIntervalMinSec=32
PollIntervalMaxSec=2048

Despite the correct configuration the time was not in sync with the time-server

Stop time sync

~ $ sudo timedatectl set-ntp false

Start time sync

~ $ sudo timedatectl set-ntp true

Check timedatectl

~ $ timedatectl
               Local time: Di 2023-01-24 19:40:14 CET
           Universal time: Di 2023-01-24 18:40:14 UTC
                 RTC time: Di 2023-01-24 18:40:14
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no

The crucial line is System clock synchronized which still says no

The check of the sync status showed that the Poll interval was increasing

~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
 Packet count: 0
~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 8min 32s (min: 32s; max 34min 8s)
 Packet count: 0

The conclusion was that the Pi has no configuration problem. The real problem was the firewall configuration on the OpenWRT device which blocked the time requests from the Pi.

Therefor I added a new rule just for the NTP service.

The time service uses UDP port 123.

OpenWRT - Firewall rule - NTP on Port 123

OpenWRT - Firewall rule - NTP on Port 123

OpenWRT - Firewall rule - NTP on Port 123

After the rule got activated the Raspberry Pi gets the correct date and time.

~ $ timedatectl
               Local time: Di 2023-01-24 19:53:56 CET
           Universal time: Di 2023-01-24 18:53:56 UTC
                 RTC time: Di 2023-01-24 18:53:57
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

On the OpenWRT device you must enable the NTP Server

OpenWRT - Enable NTP Server

Gib mir gerne einen Kaffee ☕ aus ❗️

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕️ ausgeben.

Donation via PayPalDonation via LiberaPay

Donation via Bitcoin
Bitcoin Address: bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj

Source

Foto von Lucian Alexe auf Unsplash