NTP & VPN issues

Troubleshooting
1

TLDR: Seems running a VPN client doesn’t allow NTP to be updated.

I noticed the other day that my homeassistant wasn’t triggering the schedules when they should have done, so did some head scratching and noticed that my Dietpi was out of sync on time by a couple of hours so went into the dietpi-config option to check the NTP settings and they all seemed to be okay, but when I tried to connecting to any of them, they all timeout after the 10 tries so thought that was odd.

Transpires that when you are connected to VPN that NTP isn’t updated, because as soon as I disconnected from the VPN I could contact all the NTP servers without issue.

VPN provider is NordVPN.

Just wondering if anyone has had similar issues and what they did to over come it?

2

What NTP server you have configured?

3

I was originally on the default one of debian.pool.ntp.org, but when I disconnected from the VPN I changed it to europe.pool.ntp.org which updated fine, but as soon as I connected back to the VPN it went back timing out.

I have also tried enabling the NTP service on my router and then choose the gateway from dietpi-config, but this also times out. I have also tried using custom and to point it to my routers IP but still no joy on that unfortunately

4

this is not going to work as long as you are connected to a VPN server, because your entire traffic is routed thru VPN tunnel. Means you can’t choose a local NTP server. It would need to be a public one, reachable from internet. What DNS server you have set? Local one or a global upstream DNS? Maybe your system is not able to resolve DNS queries?? Did you tried to ping a NTP server while connected via VPN?

ping europe.pool.ntp.org

found an older reddit post for your issue https://www.reddit.com/r/nordvpn/comments/9agjri/why_is_nordvpn_blocking_ntp_protocol_i_cannot/

5

That’s what I thought about the traffic, but didn’t know if there was a local route it could break out to that :man_shrugging:

DNS server is set locally as using Pihole as DNS, then 1.1.1.1 as fail back DNS.

Pinging europe.pool.ntp.org whilst connected to VPN returns an answer:

PING europe.pool.ntp.org (62.12.167.109) 56(84) bytes of data.
64 bytes from dns.3eck.net (62.12.167.109): icmp_seq=1 ttl=53 time=23.2 ms
64 bytes from dns.3eck.net (62.12.167.109): icmp_seq=2 ttl=53 time=23.1 ms
64 bytes from dns.3eck.net (62.12.167.109): icmp_seq=3 ttl=53 time=22.9 ms

Always appreciate your help & suggestions Joulinar :slight_smile:

6

ok connection is fine, and NTP server reachable. In this case it might be with NordVPN blocking NTP request or at least they are not going thru.

Theoretically you could verify the available of an NTP server as follow

apt install ntpdate -y #to install required ntpdate tool
ntpdate -q europe.pool.ntp.org
7

Added the ntpdate and ran the command you suggested and the result is:

root@DietPi:~# ntpdate -q europe.pool.ntp.org
13 Dec 13:42:32 ntpdate[136468]: no server suitable for synchronization found
8

Yeah NTP request are not passing the VPN tunnel. Maybe you could ask NordVPN for support.

9

Thanks again @Joulinar .

Already in the process of contacting them to see if they can help. If they do, I will post up what can be done in case someone else stumbles across this :slight_smile:

1 Like