Things I'd do if I ever have time

• Scratch
• Catch-up on Star Trek
• Figure out what's on my network
• Go flying
• Learn to draw correctly

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.

• Cisco PIX 515e
• Nomadix AG 5500
• AirPCap Ex

OpenBSD Time Services

Published: 09/07/2009

Every network has a number of nodes which should be time-synchronized together. Access points, router logs, RADIUS servers, Windows clients, Active Directory, the blinking VCR clock... Troubleshooting various systems and network issues often requires timing correlation of logs from different nodes and if the internal clocks of each device is off, it makes life difficult when narrowing down problems. This becomes especially critical if low-level forensics work is involved.

Enter Network Time Protocol (NTP). NTP has been around, like, forever. And OpenBSD, of course, has it built in. Setting it up is fast, easy, and should be one of the first things any good IT admin does when creating a new environment. You could install OpenBSD on a machine with only 64 Megs of memory and it'll get the job done for simple time services.

NTP works over UDP 123. Having a single authoritative NTP server in your network reduces the amount of NTP sync requests to a public NTP server from your corporate LAN because every node sends their requests to the same place inside their home network, which also means there's much better assurance that the clocks on all systems will be in complete sync.

Once your base OpenBSD server is up and running, edit /etc/ntpd.conf and uncomment:

listen on *
servers pool.ntp.org

Ensure that the server can resolve pool.ntp.org via DNS. Then edit /etc/rc.conf.local and add the line:

ntpd_flags=""

Reboot the box. When it's back up, verify that ntpd is doing its job:

$ ps aux |grep ntp
    root     32259  0.0  1.2   372   744 ??  Is     8Mar09    0:00.67 ntpd: [priv] (ntpd)
    _ntp     21808  0.0  1.2   352   748 ??  I      8Mar09    2:11.57 ntpd: ntp engine (ntpd)

$ netstat -an
    Active Internet connections (including servers)
    Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
    udp        0      0  10.1.1.50.123          *.*

$ sudo tcpdump -nttvi vic0 port 123
    tcpdump: listening on vic0, link-type EN10MB
    1252306728.992841 10.1.1.231 > 10.1.1.50.123: [udp sum ok] v1 client strat 0 poll 0 prec 0 dist 0.000000 disp 0.000000 ref (unspec)@0.000000000 orig 0.000000000 rec -0.000000000 xmt -833671766.978163003 (ttl 255, id 20002, len 76)
    1252306728.992971 10.1.1.50.123 > 10.1.1.231.123: [udp sum ok] v1 server strat 3 poll 0 prec -6 dist 0.014633 disp 0.000000 ref 72.254.0.254@3461293903.949660778 orig 3461295529.021837012 rec -0.028905171 xmt -0.028885144 [tos 0x10] (ttl 64, id 9667, len 76)

Sync your network with the local NTP server

net stop W32Time
net start W32Time

or 

net stop "Windows Time"
net start "Windows Time"

clock timezone Pacific -8
clock summer-time PDT recurring
ntp server 10.1.1.50 source inside

clock timezone Pacific -8
clock summer-time PDT recurring
ntp server 10.1.1.50

server 10.1.1.50

$ sudo yum -y ntp
$ sudo /sbin/chkconfig ntpd on

server 10.1.1.50

Go back to the main articles list.