Raspberry Pi in DMZ not updating date and time

A Raspberry Pi located in the DMZ was not able to update its system date and time. The time was several minutes behind the real time.

This caused several issues starting with the login to a Nextcloud via two-factor-authentication, updates, etc.


Go to all articles of this series and the description of the test setup:

Test Setup
Test Setup

OpenWRT – Overview


The Raspberry Pi uses timedatectl for its time management.

The configuration file is /etc/systemd/timesyncd.conf. The configuration looks fine. The time server for DMZ network is my OpenWRT device

[Time]
NTP=192.168.200.1
FallbackNTP=ptbtime2.ptb.de,ptbtime3.ptb.de
RootDistanceMaxSec=30
PollIntervalMinSec=32
PollIntervalMaxSec=2048

Despite the correct configuration the time was not in sync with the time server

Stop time sync

~ $ sudo timedatectl set-ntp false

Start time sync

~ $ sudo timedatectl set-ntp true

Check timedatectl

~ $ timedatectl
               Local time: Di 2023-01-24 19:40:14 CET
           Universal time: Di 2023-01-24 18:40:14 UTC
                 RTC time: Di 2023-01-24 18:40:14
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no

The crucial line is System clock synchronized which still says no

The check of the sync status showed that the Poll interval was increasing

~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
 Packet count: 0
~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 8min 32s (min: 32s; max 34min 8s)
 Packet count: 0

The conclusion was that the Pi has no configuration problem. The real problem was the firewall configuration on the OpenWRT device which blocked the time requests from the Pi.

Therefor I added a new rule just for the NTP service.

The time service uses UDP port 123.
https://en.wikipedia.org/wiki/Network_Time_Protocol

OpenWRT - Firewall rule - NTP on Port 123
OpenWRT – Firewall rule – NTP on Port 123
OpenWRT - Firewall rule - NTP on Port 123
OpenWRT – Firewall rule – NTP on Port 123
OpenWRT - Firewall rule - NTP on Port 123
OpenWRT – Firewall rule – NTP on Port 123

After the rule got activated the Raspberry Pi gets the correct date and time.

~ $ timedatectl
               Local time: Di 2023-01-24 19:53:56 CET
           Universal time: Di 2023-01-24 18:53:56 UTC
                 RTC time: Di 2023-01-24 18:53:57
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

On the OpenWRT device you must enable the NTP Server

OpenWRT - Enable NTP Server
OpenWRT – Enable NTP Server

Gib mir gerne einen Kaffee ☕ aus!

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕ ausgeben.

PayPal Logo


liberapay.com/strobelstefan.org


Kaffee via Bitcoin

bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj


Foto von Lucian Alexe auf Unsplash

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert