I understand that the newest stable has a way to advertise an ntp server to the mesh. My main tunnel node receives its internet / Wan connection via a pfsense server that is already setup as a stratum 1 ntp server. I know i can use that ntp server on the local node it is connected to, but is there a way to broadcast that ntp service to the rest of the mesh? I'm solid on all of the individual concepts involved, but my knowledge breaks down when you start mixing all of these concepts together. I already have an overbuilt ntp server on my home lan.
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Name = NTP 10.9.60.82
URL = ntp://K6CCC-Router-1:123
In my case, the router is not the time server, but the router is set up to forward port 123 packets to my NTP server.
Chuck said (in part):
Regarding the first part, if people manually enter your DNS server as you screen captures shows, you don't need to do anything.
Regarding the second part, my experience is that is not the case. I had to go through several iterations in order to get my NTP server to be recognized automatically by AREDN nodes. It does have to have a link as specified in my previous response. According to the developers, the nodes is looking for advertised services with a link that starts with ntp://
BTW, I just looked and my NTP server has 186 clients within the last 7 days (it ages out anything not heard from in a week). About 20 or so are various devices at my house. The rest are AREDN nodes scattered throuout the southern California network.
I have watched in some detail what the nodes do, and how they are sending and relaying NTP packets. I can give some rather entertaining detailsif desired.
Hi, Jim:
Thanks.
I thought the NTP 'recognized automatically by AREDN nodes' was a new feature.
I am ignorant of configuring this feature.
I saw Orv's post: https://www.arednmesh.org/content/new-production-release-available but
I have not seen information on how to cobfigure this feature.
If there is public information on this configuration, please share.
Rather entertaining details are desired. ;-)
3s, Chuck
In the online docs there is a section that describes the new feature. It's always been possible to enter the URL for an existing NTP server, but the new feature allows your node to discover additional NTP servers on your mesh network if they have a defined service entry.
Later in conversation with one of the developers (Tim), he told me that it actually needed to be an advertised link with ntp:// Made that change and soon I started seeing nodes all over the southern California network getting time from my NTP server. For nodes that are on continuously, they get a time check every 24 hours, but there are several things that mess up that number (reboots, firmware update, likely others). I also find it entertaining which port (RF vs Tunnel vs DtD vs LAN) is the one or ones that request time.
Like this?
Yes, I stretched out the Name box for the NTP only - hence the other lines look screwed up.
In my case, the router is not the time server, but the router is set up to forward port 123 packets to my NTP server.
The high quality NTP server is the device connected to the WAN port of the AREDN node. Can someone help me with the commands to forward ntp traffic (port 123) through AREDN to my NTP server on the WAN side of my node? I'm guessing this is some sort of custom routing rule in the node? I'll do some testing now pinging around and seeing what I can see from my node.
Just a bit more info on what I'm seeing. From a computer over the mesh, I can connect to the ntp server at its WAN address of 192.168.11.1
That appears to work becuase I have forwarded the port 123 through on the port forwarding page, however I don't know how to advertise a service for this NTP server, because I can only advertise services that are from the DHCP Address Reservations, and this is the WAN port, so it obviously isn't in the DHCP range.
I also found in the /etc/config/system the options which appear to enable the ntp server, but I'm not quite sure what that does. Does that make the node an NTP time server? If so, it doesn't appear to be working for me:
Someone... help?
As far as the AREDN mesh is concerned, the NTP server is on the address for my router (which has an AREDN address). The mesh knows nothing beyond the router. See setup screen captures that both Glen and I posted on Friday the 15th.
May I rephrase?
"Is there a way to broadcast a service, that exists on the WAN of a node, to the local AREDN network?"
Without using a host on the LAN of the node, I do not see a way.
73, Chuck
Since I can seen the NTP server from the Mesh by directly hitting the IP address of the device on the WAN side, it seems like it is almost working already. I can see it working over the mesh already with that port open, I just need a way to advertise it out to the rest of the mesh.
Is there a way to add a static route for port 123 on that node, so that any traffic that comes to that node "localhost" on port 123 is routed to the WAN IP address? I know there are ways to do custom firewall and routing rules, but I don't have the personal experience to write them myself. But if the answer to that question is yes, then I could setup a stndard service link as if it were hosted on the local mesh node, and that node would redirect the traffic to the NTP server.
Perhaps not best practice, but I have already invested a good deal of time and money in this NTP server for my house (why you might ask? a good answer I could not provide) so I'd prefer to use it here too. I'm sure NTP over long distance mesh links is very unreliable, but it would be more reliable if you start with a good reliable sources, than if not.
If the answer truly is no, I may have another way to do it, similar to what was K9CCC proposed, but it would require a hardware device in the middle, so that would mean I'm hosting a stratum 2 NTP service on the mesh instead of a stratum 1 service, due to how NTP works.
I think you can
"see the NTP server from the Mesh node that has WAN access to your (home) LAN directly,
but no other nodes on the local AREDN network can see devices on your (home) LAN."
The AREDN node feature 'Port Forwarding" forwards from WAN to LAN, but nothing forwards
LAN to WAN of another node on the network.
Do you need Stratum 1 (or even Stratum 2) service?
... over long distance?
I use a hardware device (Raspberry Pi) with NTP service on my node's LAN,
that node can 'see' the hardware device (my home LAN server),
that home server can see the internet.
This works for me as I only want time accuracy within about a tenth of a second.
I hope this helps,
Chuck
"I can see it (the gateway on the WAN side of the aredn nide) from other devices on the mesh as well."
Hi, Casey:
This is the first use of the word 'gateway' in this thread, so
I am not understanding what 'it' or 'gateway on the WAN side' means.
I have a NTP service on a host on my home LAN with address 192.168.8.80 which is provided via DHCP from my home router.
3 of of my VLAN/DtD connected home AREDN nodes have access to the 192.168.8.x network and the rest do not.
IOW, 3 of my home nodes have a WAN address in this 192.168.8.x network,
the rest have no WAN address assigned and thus
have no access to my home 192.168.8.x network.
None of the other 50+ AREDN nodes on the local network have access to my home 192.168.8.x network.
Thus, none of the other 50+ AREDN nodes have access to the NTP service on my home network.
I do not understand how you provided access to the WAN network space of a node to other nodes.
I understand how to provide access to hosts on the LAN side of an AREDN node to all linked AREDN network hosts.
73, Chuck
http://nextcloud.caseydiers.com/index.php/s/aSaPMeSdDiP6YkY
Nice job on the diagram.
I assume that AREDN-Node-1 is a
Mikrotik hAP or GL-iNet AR150 or AR300M16 with
"Advanced WAN Access - Allow others to use my WAN" enabled ?
How close was my guess?
Mine:
PFSense<->home LAN<->VLAN-switch-> VLAN10-in-house-LocoM2, VLAN20-hAP, VLAN30-LHG-XL, VLAN40-PBE-M5-400, VLAN50-garage-LocoM2,...
My computer is on the LAN of the in-house-LocoM2.
I present VLAN1 (internet) to only 3 AREDN devices.
Chuck
AREDN-Node-2 is any of the nodes in my house. That includes a AR150, NSM5, and I think I tried another rocket M2. None of those devices have a WAN connection. The only AREDN device on the 192.168.11.0 network is the Rocket M2, so it must be the device that is providing the NTP data on 192.168.11.1
Sharing WAN is enabled. I've also forwarded port 123 on that node (without this setting, it doesn't work). And the node is in "Direct" non-nat mode. From what I understand, this should allow devices from the WAN side to access things on the Mesh, but not the other way around.
If this behavior is problematic, I'm happy to share logs and/or make a video showing this happening.
If not, I'm still looking for a way to route NTP traffic on port 123 directed to AREDN-Node-1, to the pfsense box located at ip address 192.168.11.1 on the wan connection of AREDN-Node-1.
Obviously not a high priority, but I would like to get it working.
If "Sharing WAN is enabled.":
Then the ntpd service on your PFSense router is reachable by IP address.
My router's uname -a is
pfSense.localdomain
which does not resolve at its LAN workstations, nor my shack node's workstation.
This is okay for a home network or workbench, but
maybe not good if other folks have nodes on the same network.
e.g. Someone plugs a Windows box onto a node without internet and the windows box decides to do an on-line update.
73, Chuck