Menu
What's new
By:
Filters Better Search

NTP Intercept causes Eufy Doorbell camera not to work

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

O

odiovidio

Occasional Visitor
I have a Eufy doorbell on Guest Network 1 (GT-AX6000 388.1_0_rog). If I have NTP intercept ON, the doorbell keeps trying different NTP servers every few seconds, which means it's probably not getting the response it's waiting for.

1670599049850.png


Come to think of it, this issue started around the time I updated the firmware to 388.1.
As soon as I shut off NTP intercept, the camera starts working again and stops pinging different NTP servers.

Is this a bug in 388.1?
 
I don't have 388.1 but do you also have the router set to be an NTP server? Maybe that got lost/changed in the upgrade?
 
Yes, "Enable Local NTP Server" is set to "Yes". I have tried setting it to "No", then Apply, then back to "Yes" then apply. But still the same problem.
 
Is the device connected to a Guest Network or one of the regular Wifi networks?

If you have access to a Linux machine, you can test ntp this way, using your router's IP address as the server:

Code: 
sudo ntpdate 192.168.50.1

Then, try again using a remote server like time.nrc.ca to ensure that the redirection is also working.

Otherwise, maybe it's using some form of authentication to prevent hijacking/redirections, although I thought that required using a different port than the default 123 port.
 
Yes, the doorbell is on the 2.4 guest network

Here is the ntpdate output from my NAS: (not the doorbell)
1670604407711.png
 
Last edited:
odiovidio said:
Guest Network 1. Access Intranet disabled.
Click to expand...
That might be why. I fixed an issue in 388.1 related to NTP redirection on Guest Network 1, but I don't know if it would still work if Intranet access was disabled.

You could try switching to Guest Network 2 instead, which is generally less problematic since it's not customized to interface with AiMesh networks.
 
Switching to Guest Network 2 seems to have fixed it.

However, new question: I see that Guest Network 2 uses the same subnet as the normal network 192.168.50.0/24. How does it now block the guest network devices from accessing Intranet?
 
odiovidio said:
Switching to Guest Network 2 seems to have fixed it.

However, new question: I see that Guest Network 2 uses the same subnet as the normal network 192.168.50.0/24. How does it now block the guest network devices from accessing Intranet?
Click to expand...
I believe It uses ebtable rules to block at the L2 level (which is actually more reliable than just relying on a different subnet, as this can be bypassed). My memory can be wrong tho, I haven`t looked at that part of the code in years.

I'll still have a look to see if I can make it work even with Intranet isolation on GN1, but I have my doubts.
 
This is kind of a hack I do on my private OpenWRT builds...

Code: 
# Redirect NTP requests to go through router
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 123 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br-guest -p udp --dport 123 -j DNAT --to 192.168.1.1
 
sfx2000 said:
This is kind of a hack I do on my private OpenWRT builds...

Code: 
# Redirect NTP requests to go through router
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 123 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br-guest -p udp --dport 123 -j DNAT --to 192.168.1.1
Click to expand...
That`s pretty much what Asuswrt-Merlin does, and which works for regular clients, but there might be an issue with Guest Network 1 as it does not use the same bridge as the rest of the LAN.

Code: 
 2300  175K REDIRECT   udp  --  br0    *       0.0.0.0/0            0.0.0.0/0            udp dpt:123 redir ports 123
 
I see the problem. Wireless Guest Network 1 uses a different network interface, and the firewall rules (which allows DNS and DHCP) for that interface are created in the closed source portion of AiMesh. I will need to figure out how they generate these rules, and insert my own rules to handle NTP traffic.
 
Properly implementing this for Guest Network 1 would require starting a separate ntpd for each of the bands... Not worth it, so I'll just remove the ntp redirection that's implemented for Guest Network 1 to ensure that clients will at least still be able to connect to their intended ntp server.
 
Why is it connected to the guest network? Just connect it to the main and be done with it.
 
You must log in or register to reply here.

Similar threads

S
Internet access inconsistency and a repeatable crash with GT-AX6000 and GT-AX11000 vs my RT-AC class routers
Replies
8
Views
3K
seabass
S
W
My RT-AC87U experience
Replies
17
Views
8K
W4RH34D
W4RH34D
Similar threads
Thread starter Title Forum Replies Date
Chuckles67 Fixed: Reminder: The system time has not been synchronized with an NTP server. Asuswrt-Merlin 0
N (Solved - Bad router) RT-AX88U node causes network instability (3004.388.7) Asuswrt-Merlin 2
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
W X88u Merlin dual wan over ethernet causes soft brick Asuswrt-Merlin 4
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
A possible DCD tainted causes? Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 716 (members: 28, guests: 688)
Top