Raspberry Pi in DMZ not updating date and time

A Raspberry Pi located in the DMZ was not able to update its system date and time. The time was several minutes behind the real time.

This caused several issues starting with the login to a Nextcloud via two-factor-authentication, updates, etc.

Go to all articles of this series and the description of the test setup:

➡ OpenWRT – Overview

The Raspberry Pi uses timedatectl for its time management.

The configuration file is /etc/systemd/timesyncd.conf. The configuration looks fine. The time server for DMZ network is my OpenWRT device

[Time]
NTP=192.168.200.1
FallbackNTP=ptbtime2.ptb.de,ptbtime3.ptb.de
RootDistanceMaxSec=30
PollIntervalMinSec=32
PollIntervalMaxSec=2048

Despite the correct configuration the time was not in sync with the time server

Stop time sync

~ $ sudo timedatectl set-ntp false

Start time sync

~ $ sudo timedatectl set-ntp true

Check timedatectl

~ $ timedatectl
               Local time: Di 2023-01-24 19:40:14 CET
           Universal time: Di 2023-01-24 18:40:14 UTC
                 RTC time: Di 2023-01-24 18:40:14
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no

The crucial line is System clock synchronized which still says no

The check of the sync status showed that the Poll interval was increasing

~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
 Packet count: 0
~ $ timedatectl timesync-status
       Server: 192.168.200.1 (192.168.200.1)
Poll interval: 8min 32s (min: 32s; max 34min 8s)
 Packet count: 0

The conclusion was that the Pi has no configuration problem. The real problem was the firewall configuration on the OpenWRT device which blocked the time requests from the Pi.

Therefor I added a new rule just for the NTP service.

The time service uses UDP port 123.
➡ https://en.wikipedia.org/wiki/Network_Time_Protocol

OpenWRT - Firewall rule - NTP on Port 123 — OpenWRT – Firewall rule – NTP on Port 123

After the rule got activated the Raspberry Pi gets the correct date and time.

~ $ timedatectl
               Local time: Di 2023-01-24 19:53:56 CET
           Universal time: Di 2023-01-24 18:53:56 UTC
                 RTC time: Di 2023-01-24 18:53:57
                Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

On the OpenWRT device you must enable the NTP Server

OpenWRT - Enable NTP Server — OpenWRT – Enable NTP Server

Gib mir gerne einen Kaffee ☕ aus!

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕ ausgeben.

Kaffee via Bitcoin

bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj

Foto von Lucian Alexe auf Unsplash

Stefan

ist absolut technik-begeistert und großer Fan von Linux und Open Source. Raspberry Pi Bastler der ersten Stunde und nach wie vor begeistert von dem kleinen Stück Hardware, auf dem er tolle Projekte umsetzt. Teilt hier seine Erfahrungen mit Nextcloud, Pi-hole, YubiKey, Synology und openmediavault und anderen spannenden IT-Themen. Nutzt Markdown und LaTeX zum Dokumentieren seiner Projekte und Gitea zum Versionieren. Sitzt vor einem 49“ Monitor, nutzt Windows und MacOS zum Arbeiten, Linux auf seinen Servern und virtuellen Maschinen und hört dabei Spotify und MP3s und Radio-Streams über seinen RadioPi.

Trinkt gerne fairen Kaffee und freut sich deshalb sehr über jede Spende.

• • bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj