VyOS as NTP server in local network.


#1

Hello everyone.
Is it possible to use VyOS as a NTP server in local network?
I have NTP servers defined in my config (without any firewall rules):

set system ntp server 0.pool.ntp.org ‘prefer’
set system ntp server ‘1.pl.pool.ntp.org

But NTP server doesn’t work…
This is due to /etc/ntp.conf file:

This configuration file is automatically generated by the Vyatta

configuration subsystem. Please do not manually edit it.

The first section of this file consists of static parameters

that can not be changed via the Vyatta configuration subsystem.

driftfile /var/lib/ntp/ntp.drift

By default, exchange time with everybody, but don’t allow configuration.

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

Local users may interrogate the ntp server more closely.

restrict 127.0.0.1
restrict ::1

How can I add my local subnet to that config?


#2

It is not functionality built-in to VyOS, but if you really want to do it you can edit /etc/ntp.conf

restrict 10.10.10.0 mask 255.255.255.0 nomodify

allows you to set up 10.10.10.0/24 as an allowed subnet using the VyOS machine as an NTP server.

Be warned, however, that as this is not built-in functionality, it will not survive configuration changes, reboots or upgrades.


#3

I am looking for the same thing. A way to make VyOS the NTP server for a local subnet.

Where do the defaults come from ? Is there a file we can edit that allows the changes in ntp.conf to persist through a reboot ? Or a way to inject the commands into the ntp.conf file before the ntp deamon is started ?


I am replying to my own post.

I know it is not the supported way to do things at all but I could probably edit the /opt/vyatta/etc/ntp.conf file to include the required commands to make it server the local network as an NTP server.

Right ?


#4

I edited /opt/vyatta/etc/ntp.conf so it looks like this:

[code]restrict 172.0.0.0
restrict 127.0.0.1
restrict ::1

interface listen 10.0.0.86
interface listen 172.22.22.254
[/code]

I only defined that second interface because I had a lot of device in my lab already pointing towards that address (used to be pfsense).

Rebooted a few times, and things are synchronizing nicely. So far the only clients have been a few Cisco devices and some Linux servers. Hopefully they just add this to the main branch soon, not sure why they’d restrict such a useful core-router feature. At work we point NTP to network cores all the time.

This is on VyOS Version: VyOS 1.1.7


#5

Well…I never messed with ntp settings , besides the obvious:
“set system ntp server europe.pool.ntp.org
On another Linux appliance (edgerouter X) , I can just query ntp fine to VyOS:

(vyos=10.30.68.254)
admin@ERX:~$ sudo ntpdate 10.30.68.254
1 Apr 08:42:51 ntpdate[25266]: adjust time server 10.30.68.254 offset 0.002994 sec

What am I missing? Obvious , udp123 should be allowed on LAN_LOCAL firewall rulesets