What's new

Delayed startup of NTP causes Wireguard to be delayed starting

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Einarorama

New Around Here
Hi gurus:)

I am totally new to this and a novice when it comes to communication, so please bear with me if I am asking a simple question.
And if you feel for answer, please keep it simple!

I have two setups, in two different homes. One setup with a single Asus RT-AX86U and one setup with two Asus RT-AX86U...one of these as AiMesh. All three routers are running Asuswrt-Merlin ver. 388.1.

I have used OpenVPN on these so far, a rule for each of the set vpnservers to only channel my android formuler box (with ip 192.168.50.83 as you can see in the log below here) through VPN.
I don`t need VPN on my other units.
Have worked well, and could be trusted, the killswitch has proved to worked!

Now - finally - my vpnprovider has opened up for Wireguard, and I have disabled my Openvpn-setups and done a setup for Wireguard...with the same rule to only let the Formuler connect through WG.
All works well and the improvement in speed is amazing!
But, by accident, I noted that if I rebooted the router without stopping the Formuler...Analiti on the formuler reported two public IP`s, the VPNserver and my ISP`s :eek:
When the router was fully started, I could see the traffic started to go through WG...even though Analiti still showed me the same two public ip`s.
Below here you can see what I found in the routers log....the WG fail to start when it should start due to some `NTP not synced`...resulting in a delay of more then a minute before WG actually starts.
I belive that my Formuler is up and going open and unencrypted for more then a minute without going through the vpnchannel then? Am I right?
The NTP-server was set to pool.ntp.org by default, I tried to change this so now I have time.google.com and also pool.ntp.org as a secondary. Problem persisted. Both these poolservers answers ping very well (logged into the router with putty (yes, I have learned a LOT here:D) and pinged from inside the router that way).
The poolserver time.google.com is a result of me googling...I really don`t have a clue what a poolserver is!

Do anyone have an idea how to fix this? Please...keep answers easy to understand :)

Copy/paste from my routerlog....
******
May 5 07:05:18 WAN_Connection: WAN was restored.
May 5 07:05:19 ntpd: Started ntpd
May 5 07:05:20 BONDING: option disabled
May 5 07:05:21 roamast: ROAMING Start...
May 5 07:05:24 WireGuard: Unable to start clients as NTP not synced yet, retrying later
May 5 07:05:27 httpd: Succeed to init SSL certificate...80
May 5 07:05:27 httpd: Succeed to init SSL certificate...8443
Jan 19 15:56:58 ntpd: Initial clock set
.......
....Other things happening for a minute...and the WG is finally started...
.......
Jan 19 15:58:01 vpndirector: Routing Formuler - Wireguard - Madrid from 192.168.50.83 to any through wgc1
Jan 19 15:58:01 wireguard: Forcing 192.168.50.83 to use DNS server 162.252.172.57 for WGC1
Jan 19 15:58:01 wireguard: Forcing 192.168.50.83 to use DNS server 149.154.159.92 for WGC1
Jan 19 15:58:01 WireGuard: Starting client 1.
Jan 19 15:58:01 WireGuard: Other interface use 10.14.0.2 too.
Jan 19 15:58:01 vpndirector: Routing Formuler - Wireguard - Barcelona from 192.168.50.83 to any through wgc2
Jan 19 15:58:01 wireguard: Forcing 192.168.50.83 to use DNS server 162.252.172.57 for WGC2
Jan 19 15:58:01 wireguard: Forcing 192.168.50.83 to use DNS server 149.154.159.92 for WGC2
Jan 19 15:58:01 WireGuard: Starting client 2.
 
The Asuswrt firmware still delays loading NTP to this day, I don't know why. But you can drastically improve this with this script. Just adjust the time in the script, I adjusted it to 5 seconds.

 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top