How set ntp location in AI Mesh Node

TonyK132

Senior Member
Hello - I have an AI Mesh node running stock Asus firmware that is hard-wire connected to a Merlin AC86U. If I try to access the node using its IP address, I get redirected to the router, so I cannot access any networking settings in the node, including changing its ntp address to point at the router. How can I access the settings of the node?
 

bbunge

Part of the Furniture
Hello - I have an AI Mesh node running stock Asus firmware that is hard-wire connected to a Merlin AC86U. If I try to access the node using its IP address, I get redirected to the router, so I cannot access any networking settings in the node, including changing its ntp address to point at the router. How can I access the settings of the node?
Node settings mirror the AiMesh router settings. If you have SSH enabled on the router you can SSH log into the node with its IP address. There is no need to do GUI access of nodes.
 

TonyK132

Senior Member
I'm not sure the mirroring is totally working. I'm using ntpMerlin with a config of:

server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

But I can see that the node is going beyond just those servers:

2021-12-26 12:521.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:523.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52time.google.com192.168.2.104AAllowed
2021-12-26 12:52pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:520.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:522.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52time.nist.gov192.168.2.104AAllowed
2021-12-26 12:52time.nist.gov192.168.2.104AAllowed
2021-12-26 12:52time.google.com192.168.2.104AAllowed
2021-12-26 12:522.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:520.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:523.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:521.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52pool.ntp.org192.168.2.104AAllowed

I currently have no clients attached to the node, so all this activity is from the node itself.
 

TonyK132

Senior Member
I also have the setting in ntpMerlin to redirect all ntp traffic to ntpMerlin, but I cannot be sure that is working. The list above is from Diversion. I do not know if that display is what is actually going on the wire, or if that is before ntpMerlin gets it and redirects it.
 

bbunge

Part of the Furniture
The main router controls time and DHCP. Think of the node as a fancy access point that lets the router control it.
 

TonyK132

Senior Member
The main router controls time and DHCP. Think of the node as a fancy access point that lets the router control it.
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?
 

sfx2000

Part of the Furniture
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?

Quick tip - don't mix Google Public NTP with other NTP pools - one might consider Cloudflare's NTP hosts, but generally one can just use the appropriate NTP pools...

one can use Google time alone...

server time1.google.com iburst
server time2.google.com iburst
server time3.google.com iburst
server time4.google.com iburst

And if one uses Google's DNS, one gets good regional diversity just in case something goes wrong...

(and if google NTP is offline, then the world is truly in a bad spot - but NTP can deal with this if a server goes down for a bit, it will recover)
 

Tech9

Part of the Furniture
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?

What difference does it make for you?
 

Jack Yaz

Part of the Furniture
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?
It's trying, but the redirect will be pushing the packets to the router itself. The node thinks its sending the requests to time.google.com but its not.
You can use the below to see if the redirect rule is working, by looking at the counters in the left 2 columns
Code:
iptables -t nat -nvL | grep 123
 

TonyK132

Senior Member
Looks like all the 123s are going to the router.


0 0 DNAT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123 to:192.168.2.1
10336 786K DNAT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 to:192.168.2.1

So, in spite of Diversion to the contrary, all ntp inquiries are going to the router?
 

Tech9

Part of the Furniture
all ntp inquiries are going to the router?

I would guess so, if you have intercept NTP in Asuswrt-Merlin enabled. It's easy to redirect single port.
 

Jack Yaz

Part of the Furniture
Looks like all the 123s are going to the router.


0 0 DNAT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123 to:192.168.2.1
10336 786K DNAT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 to:192.168.2.1

So, in spite of Diversion to the contrary, all ntp inquiries are going to the router?
Diversion shows the DNS lookups made by the client, which is correct. When the client tries to reach time.google.com (for example) the router intercepts and redirects the packets to itself. The client thinks its talking to time.google.com as it is unaware of the redirect.

Note that this sort of simple redirect works for a protocol like NTP and DNS (DNS Filter), but can't be used for something like redirecting secure web traffic - the client would error.
 

TonyK132

Senior Member
I think I got it now, thanks for helping me understand what's going on.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top