Results 1 to 7 of 7

Thread: Request: NTP

  1. #1
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default Request: NTP

    Let's stipulate that this is not a mission critical request for Untangle, so that we don't have to revisit why a single NTP source on a network doesn't make sense.

    That said, since NTP is already running on Untangle, would it be possible to do one of two things:
    • Expose enough NTP settings on Unangle and include by default an Input Filter Rule to allow those interested to use Untangle as a single time source on their networks and to use the reference servers of their choice.
    • Expose enough NTP settings on Untangle to allow those interested to synchronize Untangle with a separate local NTP server.

    There would be several possible motivations for this, but from a forensics point of view it might make sense to make it easier to establish uniform time on a network, especially between the UTM and the rest of the network.

    Thank you for considering the idea.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    I read today, that along with some forms of authentication (Kerberos), correct system time is required for DNScrypt.

    I wish I had the time to write a module.

  3. #3
    Untangler
    Join Date
    May 2008
    Posts
    605

    Default

    If untangle is syncing to external time server and internal server or work station is syncing to external time server, they should be close enough to not cause problems. If you are having problems something is wrong, the workstation or server need to sync more often. Or figure out why it is drifting so bad.

    That said, it would be a nice feature. There have been hacks to do it in earlier versions. It should work now also.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    There are some work loads that require time sources to be local. Being able to make Untangle a central time source isn't a bad idea. It's an edge case, but a significant one.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    May 2008
    Posts
    605

    Default

    Quote Originally Posted by sky-knight View Post
    There are some work loads that require time sources to be local. Being able to make Untangle a central time source isn't a bad idea. It's an edge case, but a significant one.
    In that case they would have an internal time server. Internal server syncs to external server, atomic clock or what ever. Does untangle need to be synced to that internal server?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    That's the entire purpose for letting Untangle do it. It removes the need for that internal time source, and it aids network security to have devices synchronized to Untangle. There are also several point of sale applications I can think of that would need this sort of thing because you don't want to or cannot deploy a local time server. Think fast food kiosks at a mall, why have more there? Where would you put it?

    You could do all of this with a port forward rule too... I'm still personally on the fence on the idea. The more Untangle does the less secure it is. But the time software is among the oldest, most stable and secure software available.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    NGFW actually syncs time it for itself, of course. I am not impressed with the hard-coded time servers it uses. At one time, it may have given UT a heartbeat of installed instances. From what I can tell, they have become significantly more sophisticated at that.

    I work at a major University, and they provide public access to a good stratum 2 source. I would prefer to use that, even though for most of my networks, it is not particularly close from the standpoint of router hops.

    Untangle is good at extended uptime, something that most home networks lack. This is a good place for ntpd.

    Besides the use cases, some of us are just OCD w/ regard to the time!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2