Joseph Choe

Provisioning an NTP Server

One of the first things I did upon receiving my new Framework laptop was to provision a personal NTP server.

The Network Time Protocol allows for networked systems to synchronize their clocks between themselves. However, I would rather not have my devices connect to Google or Cloudflare, so instead I decided to provision an NTP server on my home network and have my machines connect to that.

Virtual Machine

First, I provisioned a new virtual machine with OpenBSD 7.0 installed.

Then, I configured /etc/ntpd.conf to connect to the servers I wanted:

listen on 10.10.10.10

servers pool.ntp.example.org
sensor *

constraint from "ntp.example1.org"
constraint from "ntp.example2.org"

Make sure the listen keyword is there or your server won’t be listening for any requests from your other machines.

We also need to configure the server’s packet filter configuration, or /etc/pf.conf:

if = "vio0"
set skip on lo
block return
pass in on $if inet proto icmp
pass in on $if inet proto {tcp udp} to port ntp
pass out on $if

The first three lines are pretty straightforward, while the fourth line allows me to ping the server. The fifth line allows the ntp port through, or port 123.

Local DNS

Right now I use pihole to configure local DNS, though that may change in the future. In any case, I added an entry for ntp.home.lan to point to the virtual machine’s IP address.

I could simply use the VM’s IP address directly, but I’d rather use something human readable, and this gives me the option of setting something once on all my devices and changing the configuration on the pihole if the network topology needs to change.

The Framework

All that I need to do now is point my Framework’s /etc/ntpd.conf file to the local NTP server.

server ntp.home.lan

And then restart ntpd(8) on the Framework:

rcctl restart ntpd

I can check the status of the NTP daemon through ntpctl(8):

$ ntpctl -sa
1/1 peers valid, clock synced, stratum 4

peer
   wt tl st  next  poll          offset       delay      jitter
10.10.10.10 ntp.home.lan
 *  1 10  3   28s   33s        -0.276ms     2.456ms     2.214ms

Or I can just tail(1) the logs:

$ tail -f /var/log/daemon
Nov  4 12:44:06 devbox ntpd[75687]: ntp engine ready
Nov  4 12:44:28 devbox ntpd[75687]: peer 10.10.10.10 now valid
Nov  4 12:49:03 devbox ntpd[75687]: clock is now synced

Conclusion

I have to say that I love my homelab! It allows me to easily provision new servers with a click of a button, and I can have new infrastructure and services easily configured in OpenBSD.

Next I hope to tackle a git or smtp server.