Jump to content
Not connected, Your IP: 3.139.98.10
ptolemyiv

Problem access ntp servers

Recommended Posts

Hi,

 

Setup is router with dd-wrt connecting to airvpn through openvpn.

 

Any devices on my local lan such as nas or raspberrypi that wish to update their time through ntp are getting connection errors - I have tried various  ntp servers all to no avail although I am able to ping them directly (which suggests its not just a dns server issue but instead perhaps port related).

 

If I turn off the vpn service then these devices have no problem resolving their time.

 

Can someone please advise whether something has changed and airvpn is perhaps blocking ntp requests? 

 

Thanks,

 

Roger

Share this post


Link to post

Hello!

 

We do not block NTP, absolutely not.

 

Additionally, connection to NTP servers from the router, when booting, should be performed before a connection to a VPN server, to allow the router to set the correct date and time, otherwise authentication will fail.

 

Kind regards

Share this post


Link to post

Ahh. Also been having this issue. Thanks for the reply, and thanks for asking the question ptolemyiv.

 

May I extend the question further?

I have two NAS/servers on my network. One is at 192.168.1.11, and this one connects directly through a hardware IDS, firewall, etc., but NOT over a VPN and therefore receives correct NTP updates.

I have a second server that connects to AirVPN continuously (192.168.1.12), but the NTP requests are directed to the Time-Server at the IP address at 192.168.1.11, and not over the VPN.

Even though the Time-Server is at 192.168.1.11 and is a local private address (instead of pool.ntp.org, or whatever), NTP setting fails when the VPN is connected. Is this normal?

I ask as I can browse the local network from the web page of the server when the VPN is connected. I can't quite get my head around how to sort this problem without either manually setting the time, or disconnecting the VPN every few hours. The latter would cause issues for my customers.

Any suggestions?

Share this post


Link to post

To be clear the router is not the issue - it is any device which is behind the router that is unable to access ntp servers when (and only when) the router is connected to airvpn... that seems like too much of a coincidence!

 

Anyone with any thoughts on this since can't believe it such a rare issue.

 

thanks a lot

Share this post


Link to post

Are the ports open for it? I'm guessing you're running a different firewall setup on the openvpn connection and its blocking it. I think its port 123 but I don't use ntp, nor do I leave a port open for it. So you may want to verify that port 123 is all that's required.

 

Long ago we used ip's for connecting to npt servers. That may still be possible depending on the ntp server you're using. It would bypass the need for a dns lookup.

Share this post


Link to post

I noticed today that NTP requests were blocked when connected to Nashira (GB), but not from Furud (FR).

Maybe the ISP in Nashira is blocking NTP requests ? They tend to do this without advice to prevent DDoS.

Share this post


Link to post

I noticed today that NTP requests were blocked when connected to Nashira (GB), but not from Furud (FR).

Maybe the ISP in Nashira is blocking NTP requests ? They tend to do this without advice to prevent DDoS.

 

 

Hi - I think you are right. I finally spent some time switching my server from Nashira to another one. This seems to have fixed two issues - firstly, google actually takes me to .co.uk results pages rather than .be (even though both servers are UK-based). Secondly, ntp requests seem to be working now without any further modifications to dd-wrt on my router firewall script...

 

I was also regularly getting those verification pages on websites so let's hope they have gone too.

 

Not sure quite what AirVPN themselves can do to fix these issues on Nashira other than better police abusers using the VPN resulting in the exit IP address getting red-flagged.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...