NTP Daemon for ASUSWRT/Merlin

[EmeraldDeer]

# ntpq -p:

remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+mail.pushto.spa 193.67.79.202    2 u   73   32  374   23.066   -1.200   2.031
+x.ns.gin.ntt.ne 249.224.99.213   2 u  412 1024    1   11.960    0.946   0.629
*ntp1.trans-ix.n 211.207.249.90   2 u    9   32  327   13.107    0.690   0.573
-ntp1.mediamatic 30.20.35.61      2 u  442  512    1   12.273    1.039   1.664


# cat /etc/TZ:

MEZ-1DST,M3.5.0/2,M10.5.0/3


# nslookup 0.pool.ntp.org:

Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      0.pool.ntp.org
Address 1: 95.211.212.5 videolulz.com
Address 2: 94.228.220.14 mon2.hostin.cc
Address 3: 171.33.132.5 static.ip-171-33-132-005.signet.nl
Address 4: 91.148.192.49 sip.dicode.nl

I have now the killall ntp disabled.

This is strange. Everything you pasted looks fine. I am unable to reproduce the Reminder message through /opt/etc/init.d/S77ntpd or even "killall ntp" on the command line by itself.

 

[spanjap]

I Have now killall ntp enabled and I have rebooted the router just 3 minutes ago.
I will wait for 15 minutes and check if the message is gone.
(* Reminder: The system time has not been synchronized with an NTP server.)

Router is up for 15 minutes now and the message doesn't disappear.

 

[spanjap]

Maybe I have found the cause.
I followed the FAQ of :
https://www.asus.com/support/FAQ/1037370
[Administration] How to set up Network Detection to make sure your router’s time zone synchronizes with NTP server?

The message is now gone.................

 

[EmeraldDeer]

Maybe I have found the cause.
I followed the FAQ of :
https://www.asus.com/support/FAQ/1037370
[Administration] How to set up Network Detection to make sure your router’s time zone synchronizes with NTP server?

The message is now gone.................

So I infer from the convoluted Asus FAQ that you were receiving a misleading message (clock not NTP synched) because you had not configured a not necessarily related function (WAN test).

I have been using a ping of my ISP's first hop router for WAN test.

 

[Jack Yaz]

REQUIRES Entware? Just to clarify - github says otherwise...or have you been so busy writing code to update the github?

(and looking at the timestamps of your posts, clarify this for me too, please: you DO sleep occasionally, right?)

Enjoy it while it lasts! Due to a landlord, my time for scripting is going to dry up rapidly

 

[heysoundude]

Is this the kvic github page? Technically the original implementation required entware since it uses rrdtool and also relied on /opt existing

no sir, your github, for ntpdmerlin

 

[Jack Yaz]

no sir, your github, for ntpdmerlin

Sorry, I'm being a bit thick, where do I need to change what?

 

[heysoundude]

Sorry, I'm being a bit thick, where do I need to change what?

on https://github.com/jackyaz/ntpdMerlin I would just remove the section under Usage in the readme that gives the path for non-entware users to start the script....and I could (should) probably be telling you this at that location to keep the signal-to-noise ratio higher here...

 

[Jack Yaz]

on https://github.com/jackyaz/ntpdMerlin I would just remove the section under Usage in the readme that gives the path for non-entware users to start the script....and I could (should) probably be telling you this at that location to keep the signal-to-noise ratio higher here...

Ah i see. I'd argue it's useful to know the path should the shortcut fail for whatever reason

 

[Marin]

Ah i see. I'd argue it's useful to know the path should the shortcut fail for whatever reason

@Jack Yaz,

Do you plan on adding support for AX88U? I thought I read somewhere that @spanjap may have already installed it on this router.

Thanks!

 

[EmeraldDeer]

@Jack Yaz,

Do you plan on adding support for AX88U? I thought I read somewhere that @spanjap may have already installed it on this router.

Thanks!

I have been running it as well on an RT-AX88U with no issue, using pool instead of four servers.

# cat /jffs/configs/ntp.conf
#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
disable auth
#
server 192.168.50.200 iburst minpoll 4 maxpoll 4
#
pool pool.ntp.org
#
enable stats
statsdir /opt/var/spool/ntp
statistics loopstats protostats sysstats
filegen loopstats file loopstats type week enable
filegen protostats file protostats type week enable
filegen sysstats file sysstats type week enable
#

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LaptopPuget     .GPS.            1 u   10   16  377    0.977    0.074   0.210
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-marla.ludost.ne 130.149.17.8     2 u   35   64  377  128.414    6.690   2.127
-185.184.223.224 66.125.246.65    2 u   32   64  377  149.667   -7.676   0.852
-ntp2.wtnet.de   10.129.40.211    2 u   31   64  377  120.211   -6.517   0.579
-213.251.52.217  193.0.0.229      2 u   35   64  377  105.256    3.993   1.812
-web1.sys.ccs-ba 192.53.103.104   2 u    5   64  377  111.058   -4.151   1.624
+time2.mediainve 131.130.251.107  2 u   22   64  377  104.033    1.785   1.211
-ntp1.mediamatic 30.20.35.61      2 u    5   64  377   88.872    4.059   1.663
+69-165-173-93.d 132.246.11.229   3 u   17   64  377   45.406   -1.447   4.702

 

[Marin]

I have been running it as well on an RT-AX88U with no issue, using pool instead of four servers.

# cat /jffs/configs/ntp.conf
#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
disable auth
#
server 192.168.50.200 iburst minpoll 4 maxpoll 4
#
pool pool.ntp.org
#
enable stats
statsdir /opt/var/spool/ntp
statistics loopstats protostats sysstats
filegen loopstats file loopstats type week enable
filegen protostats file protostats type week enable
filegen sysstats file sysstats type week enable
#

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LaptopPuget     .GPS.            1 u   10   16  377    0.977    0.074   0.210
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-marla.ludost.ne 130.149.17.8     2 u   35   64  377  128.414    6.690   2.127
-185.184.223.224 66.125.246.65    2 u   32   64  377  149.667   -7.676   0.852
-ntp2.wtnet.de   10.129.40.211    2 u   31   64  377  120.211   -6.517   0.579
-213.251.52.217  193.0.0.229      2 u   35   64  377  105.256    3.993   1.812
-web1.sys.ccs-ba 192.53.103.104   2 u    5   64  377  111.058   -4.151   1.624
+time2.mediainve 131.130.251.107  2 u   22   64  377  104.033    1.785   1.211
-ntp1.mediamatic 30.20.35.61      2 u    5   64  377   88.872    4.059   1.663
+69-165-173-93.d 132.246.11.229   3 u   17   64  377   45.406   -1.447   4.702

Good to know! Thanks much!

 

[Jack Yaz]

Good to know! Thanks much!

I'll update the readme. It should work on all, the list is of those that are confirmed to work by users.

 

[Marin]

I'll update the readme. It should work on all, the list is of those that are confirmed to work by users.

Thank you! I will give it a try!


Sent from my iPhone using Tapatalk

 

[heysoundude]

Ah i see. I'd argue it's useful to know the path should the shortcut fail for whatever reason

I hadn't considered that, and it's a very good point. you're right.

 

[TonyK132]

I have been running it as well on an RT-AX88U with no issue, using pool instead of four servers.

# cat /jffs/configs/ntp.conf
#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
disable auth
#
server 192.168.50.200 iburst minpoll 4 maxpoll 4
#
pool pool.ntp.org
#
enable stats
statsdir /opt/var/spool/ntp
statistics loopstats protostats sysstats
filegen loopstats file loopstats type week enable
filegen protostats file protostats type week enable
filegen sysstats file sysstats type week enable
#

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LaptopPuget     .GPS.            1 u   10   16  377    0.977    0.074   0.210
 pool.ntp.org    .POOL.          16 p    -   64    0    0.000    0.000   0.000
-marla.ludost.ne 130.149.17.8     2 u   35   64  377  128.414    6.690   2.127
-185.184.223.224 66.125.246.65    2 u   32   64  377  149.667   -7.676   0.852
-ntp2.wtnet.de   10.129.40.211    2 u   31   64  377  120.211   -6.517   0.579
-213.251.52.217  193.0.0.229      2 u   35   64  377  105.256    3.993   1.812
-web1.sys.ccs-ba 192.53.103.104   2 u    5   64  377  111.058   -4.151   1.624
+time2.mediainve 131.130.251.107  2 u   22   64  377  104.033    1.785   1.211
-ntp1.mediamatic 30.20.35.61      2 u    5   64  377   88.872    4.059   1.663
+69-165-173-93.d 132.246.11.229   3 u   17   64  377   45.406   -1.447   4.702

Hello - Sorry for the NOOB questions, but to use an ntp pool, would I use your script file as is, or do I need to customize it for my network? For instance, I do not know about your use of 192.168.50.200 or the listen on br0. Also, how do you use the stats lines at the bottom of your script?

BTW, thanks Jack for an easy script. I just installed ntpdMerlin and it went without a hitch.

Thanks.

 

[EmeraldDeer]

Hello - Sorry for the NOOB questions, but to use an ntp pool, would I use your script file as is, or do I need to customize it for my network? For instance, I do not know about your use of 192.168.50.200 or the listen on br0. Also, how do you use the stats lines at the bottom of your script?

BTW, thanks Jack for an easy script. I just installed ntpdMerlin and it went without a hitch.

Thanks.

Short answer: Use this instead

#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
disable auth
#
pool pool.ntp.org iburst
#

Long answer:

• The ntp.conf that ntpdMerlin provides if fine. This is a slightly different alternative.
• Using "pool" instead of "server" only requires the slightly relaxed permissions of the "restrict source" line above
• The iburst argument is generally recommend. It allows for quicker time synchronization at startup.
• Using pool instead of server enables extra algorithms in NTPD which are considered to be good but I do not know the details
• The DNS for pool.ntp.org is configured to return geographically close NTP servers. However, I have noticed that I sometimes get servers as far as 120 msec of delay away.
• The default restrict permissions are intended to come into play if you provide NTP to the public, but will be in effect on your LAN as well
• The localhost restrict permissions enable you to run all of the NTP commands without restriction
• You may notice that, since I have a "server" at 192.168.50.200, it is on my LAN. I have another computer with an NTP daemon which has a GPS connected to it in order to provide better time. This ntp.conf line allows my router to take advantage of this as an NTP client. You would not include this line in your ntp.conf
• The interface commands determine which networks you can provide NTP time to. The first line sets a default to not provide NTP time. The second line enables your router to provide NTP time on the LAN interface. Do you need "interface listen br0" for the router to have NTP time? No, it is only necessary if you want to provide NTP time to the computers on your LAN.
• You do not need the stats. The router GUI graph data is collected another way. But if you are troubleshooting, it is nice for them to be available even if looking back and forth at the refererence documentation to decode is frustrating.
• In order to validate NTP daemon startup, you need to first look at /tmp/syslog.log and then /opt/var/spool/ntp/ntp.log because it switches over
• The leapfile can be considered esoteric but when they do happen it is nice to avoid the clock being instantaneously wrong by a second. You can wget the file at the URL in the comment.
• Do not use minpoll or maxpoll below 6 (64 seconds) unless the target is your computer. If not your computer, do not set them at all.

 

[Jack Yaz]

Short answer: Use this instead

#
logfile /opt/var/spool/ntp/ntp.log
driftfile /opt/var/spool/ntp/ntp.drift
leapfile /opt/var/spool/ntp/leap-seconds.list # https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
#
restrict default limited kod nomodify notrap nopeer noquery # restrictive default IPv4
restrict -6 default limited kod nomodify notrap nopeer noquery # restrictive default IPv6
restrict source nomodify notrap noquery # required for pool directive if using restrictive default permissions
restrict 127.0.0.1 # permissive localhost IPv4
restrict -6 ::1 # permissive localhost IPv6
#
interface ignore wildcard
interface listen br0
#
disable auth
#
pool pool.ntp.org iburst
#

Long answer:

• Using "pool" instead of "server" only requires the slightly relaxed permissions of the "restrict source" line above
• The iburst argument is generally recommend. It allows for quicker time synchronization at startup.
• The default restrict permissions are intended to come into play if you provide NTP to the public, but will be in effect on your LAN as well
• The localhost restrict permissions enable you to run all of the NTP commands without restriction
• You may notice that, since I have a "server" at 192.168.50.200, it is on my LAN. I have another computer with an NTP daemon which has a GPS connected to it in order to provide better time. This ntp.conf line allows my router to take advantage of this as an NTP client. You would not include this line in your ntp.conf
• The interface commands determine which networks you can provide NTP time to. The first line sets a default to not provide NTP time. The second line enables your router to provide NTP time on the LAN interface. Do you need "interface listen br0" for the router to have NTP time? No, it is only necessary if you want to provide NTP time to the computers on your LAN.
• You do not need the stats. The router GUI graph data is collected another way. But if you are troubleshooting, it is nice for them to be available even if looking back and forth at the refererence documentation to decode is frustrating.
• In order to validate NTP daemon startup, you need to first look at /tmp/syslog.log and then /opt/var/spool/ntp/ntp.log because it switches over
• The leapfile can be considered esoteric but when they do happen it is nice to avoid the clock being instantaneously wrong by a second. You can wget the file at the URL in the comment.

disable stats surely disables the stats, so leaving it out implies stats still run?

ntpd service calls are still printed to syslog, ntp.log seems to only be related to ntp query/lookups made by ntpd

 

[EmeraldDeer]

disable stats surely disables the stats, so leaving it out implies stats still run?

ntpd service calls are still printed to syslog, ntp.log seems to only be related to ntp query/lookups made by ntpd

Usually enabling stats is about writing them out to files or not. I can only assume that explicitly disabling stats in ntp.conf by @kvic was for the purpose of minimizing memory use, which would imply that stats would not run internally. I have not been able to find an answer to this in the reference documentation http://doc.ntp.org/current-stable/

 

[EmeraldDeer]

The Asus ntpclient just woke up and knocked my time off by 25 msec. I do not suppose anyone has a simple and robust way to disable it?