A Raspberry Pi located in the DMZ was not able to update its system date and time. The time was several minutes behind the real time.
This caused several issues starting with the login to a Nextcloud via two-factor-authentication, updates, etc.
Go to all articles of this series and the description of the test setup:

The Raspberry Pi uses timedatectl for its time management.
The configuration file is /etc/systemd/timesyncd.conf. The configuration looks fine. The time server for DMZ network is my OpenWRT device
[Time]
NTP=192.168.200.1
FallbackNTP=ptbtime2.ptb.de,ptbtime3.ptb.de
RootDistanceMaxSec=30
PollIntervalMinSec=32
PollIntervalMaxSec=2048
Despite the correct configuration the time was not in sync with the time server
Stop time sync
~ $ sudo timedatectl set-ntp false
Start time sync
~ $ sudo timedatectl set-ntp true
Check timedatectl
~ $ timedatectl
Local time: Di 2023-01-24 19:40:14 CET
Universal time: Di 2023-01-24 18:40:14 UTC
RTC time: Di 2023-01-24 18:40:14
Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
The crucial line is System clock synchronized which still says no
The check of the sync status showed that the Poll interval was increasing
~ $ timedatectl timesync-status
Server: 192.168.200.1 (192.168.200.1)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
Packet count: 0
~ $ timedatectl timesync-status
Server: 192.168.200.1 (192.168.200.1)
Poll interval: 8min 32s (min: 32s; max 34min 8s)
Packet count: 0
The conclusion was that the Pi has no configuration problem. The real problem was the firewall configuration on the OpenWRT device which blocked the time requests from the Pi.
Therefor I added a new rule just for the NTP service.
The time service uses UDP port 123.
➡ https://en.wikipedia.org/wiki/Network_Time_Protocol



After the rule got activated the Raspberry Pi gets the correct date and time.
~ $ timedatectl
Local time: Di 2023-01-24 19:53:56 CET
Universal time: Di 2023-01-24 18:53:56 UTC
RTC time: Di 2023-01-24 18:53:57
Time zone: Europe/Berlin (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
On the OpenWRT device you must enable the NTP Server

Gib mir gerne einen Kaffee ☕ aus!
Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕ ausgeben.
bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj
Foto von Lucian Alexe auf Unsplash

ist absolut technik-begeistert und großer Fan von Linux und Open Source. Raspberry Pi Bastler der ersten Stunde und nach wie vor begeistert von dem kleinen Stück Hardware, auf dem er tolle Projekte umsetzt. Teilt hier seine Erfahrungen mit Nextcloud, Pi-hole, YubiKey, Synology und openmediavault und anderen spannenden IT-Themen. Nutzt Markdown und LaTeX zum Dokumentieren seiner Projekte und Gitea zum Versionieren. Sitzt vor einem 49“ Monitor, nutzt Windows und MacOS zum Arbeiten, Linux auf seinen Servern und virtuellen Maschinen und hört dabei Spotify und MP3s und Radio-Streams über seinen RadioPi.