NTP Configuration in pfSense

NTP Explained


The Services list shows the NTP service is running.

The Network Time Protocol daemon (NTPD) is an operating system daemon that maintains the system time with time servers, using the Network Time Protocol. It is a complete implementation of the Network Time Protocol version 4, but retains compatibility with previous versions of NTP. NTPD performs most computations in 64-bit floating point arithmetic and uses 64-bit fixed point operations only when necessary to preserve the ultimate precision. The Network Time Protocol needs some reference clock that defines the true time to operate. All clocks are set towards that true time. NTP is a fault-tolerant protocol that will automatically select the best of several available time sources to synchronize to. Multiple candidates can be combined to minimize the accumulated error. Temporarily or permanently bad time sources will be detected and avoided. Having available several time sources (there are at least 175,000 hosts running NTP servers), NTP can select the best candidates to build its estimate of the current time. The protocol is highly accurate, using a resolution of less than a nanosecond. And even when a network connection is temporarily unavailable, NTP can use measurements from the past to estimate current time and error.

The official specification of NTP version 3 is RFC 1305. According to the NTP Version 4 Release Notes, the new features of version four are:

  • Use of floating-point arithmetic instead of fixed-point arithmetic.
  • Redesigned clock discipline algorithm that improves accuracy, handling of network jitter, and polling intervals.
  • Support of the nanokernel kernel implementation that provides nanosecond precision as well as improved algorithms.
  • Public Key cryptography known as autokey that avoids having common secret keys.
  • Automatic server discovery (manycast mode)
  • Fast synchronization at startup and after network failures (burst mode)
  • New and revised drivers for reference clocks
  • Support for new platforms and operating systems

Enabling Network Time Protocol in pfSense 

Network Time Protocol

You can edit the NTP server settings at System -> General Setup.

Enabling OpenNTP in pfSense is relatively easy. First, make sure the pfSense system’s clock is set and is reasonably accurate. If not, synchronization may fail because if there is a substantial difference between the system time and the time reported by the NTP server, the daemon will assume the server is wrong and not the other way around. Then navigate to Services -> NTP. At “Interface“, select the interface(s) the NTP daemon service will listen on (hold down CTRL while clicking to select multiple interfaces). Then press the “Save” button to save the changes. Now, NTP synchronization will be enabled on your pfSense box, but client machines can take up to a few hours (doc.pfsense.org reports 1-2 hours) to become fully synchronized with the OpenNTPD service.

If you want to edit the list of NTP time servers, navigate to System -> General Setup. Under the “System” heading, the last option is “NTP time server“. Here you can specify one or more time servers (use a space to specify multiple hosts). Then press the “Save” button to save the settings.

External Links:

Network Time Protocol on Wikipedia

ntp.org – home of the Network Time Protocol project

The Network Time Protocol  Distribution NTP Server at doc.pfsense.org

Use pfSense as an NTP Server – another post from the excellent iceflatline blog.

How to Set Up an NTP Server for Your Network

Using pfSense and OpenNTPD – a how-to guide from HubPages.

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy