What's new

How set ntp location in AI Mesh Node

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TonyK132

Senior Member
Hello - I have an AI Mesh node running stock Asus firmware that is hard-wire connected to a Merlin AC86U. If I try to access the node using its IP address, I get redirected to the router, so I cannot access any networking settings in the node, including changing its ntp address to point at the router. How can I access the settings of the node?
 
Hello - I have an AI Mesh node running stock Asus firmware that is hard-wire connected to a Merlin AC86U. If I try to access the node using its IP address, I get redirected to the router, so I cannot access any networking settings in the node, including changing its ntp address to point at the router. How can I access the settings of the node?
Node settings mirror the AiMesh router settings. If you have SSH enabled on the router you can SSH log into the node with its IP address. There is no need to do GUI access of nodes.
 
I'm not sure the mirroring is totally working. I'm using ntpMerlin with a config of:

server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

But I can see that the node is going beyond just those servers:

2021-12-26 12:521.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:523.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52time.google.com192.168.2.104AAllowed
2021-12-26 12:52pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:520.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:522.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52time.nist.gov192.168.2.104AAllowed
2021-12-26 12:52time.nist.gov192.168.2.104AAllowed
2021-12-26 12:52time.google.com192.168.2.104AAllowed
2021-12-26 12:522.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:520.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:523.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:521.pool.ntp.org192.168.2.104AAllowed
2021-12-26 12:52pool.ntp.org192.168.2.104AAllowed

I currently have no clients attached to the node, so all this activity is from the node itself.
 
I also have the setting in ntpMerlin to redirect all ntp traffic to ntpMerlin, but I cannot be sure that is working. The list above is from Diversion. I do not know if that display is what is actually going on the wire, or if that is before ntpMerlin gets it and redirects it.
 
The main router controls time and DHCP. Think of the node as a fancy access point that lets the router control it.
 
The main router controls time and DHCP. Think of the node as a fancy access point that lets the router control it.
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?
 
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?

Quick tip - don't mix Google Public NTP with other NTP pools - one might consider Cloudflare's NTP hosts, but generally one can just use the appropriate NTP pools...

one can use Google time alone...

server time1.google.com iburst
server time2.google.com iburst
server time3.google.com iburst
server time4.google.com iburst

And if one uses Google's DNS, one gets good regional diversity just in case something goes wrong...

(and if google NTP is offline, then the world is truly in a bad spot - but NTP can deal with this if a server goes down for a bit, it will recover)
 
Then why is the node trying to get its time from time.google.com and time.nist.gov and pool.ntp.org, and not getting it from the router?
It's trying, but the redirect will be pushing the packets to the router itself. The node thinks its sending the requests to time.google.com but its not.
You can use the below to see if the redirect rule is working, by looking at the counters in the left 2 columns
Code:
iptables -t nat -nvL | grep 123
 
Looks like all the 123s are going to the router.


0 0 DNAT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123 to:192.168.2.1
10336 786K DNAT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 to:192.168.2.1

So, in spite of Diversion to the contrary, all ntp inquiries are going to the router?
 
Looks like all the 123s are going to the router.


0 0 DNAT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:123 to:192.168.2.1
10336 786K DNAT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 to:192.168.2.1

So, in spite of Diversion to the contrary, all ntp inquiries are going to the router?
Diversion shows the DNS lookups made by the client, which is correct. When the client tries to reach time.google.com (for example) the router intercepts and redirects the packets to itself. The client thinks its talking to time.google.com as it is unaware of the redirect.

Note that this sort of simple redirect works for a protocol like NTP and DNS (DNS Filter), but can't be used for something like redirecting secure web traffic - the client would error.
 
I think I got it now, thanks for helping me understand what's going on.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top