What's new

NTP blocked; Alternatives to ntpd for updating time?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
date -s `curl -I 'https://google.com/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`

the curl command is almost perfect, and allows for time retrieval from a near infinite source of urls in a manner that cannot be detected or censored... without the presence of potentially vulnerable ntp servers or clients revealed; however the date received from the url is for example

Code:
Sat, 12 May 2018 18:49:18 GMT"

and date -s requires something more like

Code:
2018-05-12 2018 18:49:18

so a simple script or code embedded in the above example that translates and properly orders the dates, and names into numbers would totally void any need for third party software, local servers, ported software, and extra ports being opened. Its also able to pull code from https / tls links so you can optionally get similar encrypted results as tlsdate.

Other than that imo tlsdate looks favorable. http://www.timesynctool.com/ looks really awesome too! A very well made piece of software! And works like twiglets said, even if there is no internet. (The primary issue being, you need the computer/server up in order for it to sync) Thank you Twiglets! I'll give it a try as well.
 
Last edited:
Using timesynctool I am able to successfully sync router time locally whereas outgoing connections were blocked, for whatever reason. If it were not of any importance I'm sure it wouldn't have happened, so this is a viable alternative that nullifies any attempts at censoring timesync; though it does open up unlikely vectors for potential exploitation should the lan or router become compromised.

timesynctool
Its very easy to set up! Enable Allow other computers to sync to this computer; Leaving the rest as default works just fine. I tested enabling all protocols (tcp 37, udp 37 & sntp 123) Wireshark showed 123 as the only one used, along with ntp protocol which uses UDP exclusively. As for your firewall, allow port 123 UDP incoming for nettimeservice.exe; allow all for remote ports (AsusWRT ntp uses 39611 as one example); and allow incoming on remote 192.168.50.1 or whatever you've defined as your router IP.

You should see the following in NetTime logviewer:
5/13/2018 11:16:36 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:16:43 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:18:45 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:18:51 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:20:53 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:21:33 AM Configuration Updated
5/13/2018 11:23:21 AM Sent NTP Response to: 192.168.50.1
5/13/2018 11:37:18 AM Configuration Updated
5/13/2018 11:41:41 AM Configuration Updated
5/13/2018 11:59:57 AM Sent NTP Response to: 192.168.50.1
5/13/2018 12:12:33 PM Sent NTP Response to: 192.168.50.1
 
Last edited:
@dugaduga I didn't realise that you actually had this problem (NTP being blocked), I thought it was just for academic interest.:D

If you are suffering from the "AT&T issue" have you tried the solution in the original thread on the subject? To me it makes more sense to fix NTP for the entire network with a single firewall rule, rather than a convoluted solution involving internal servers.
 
Glad it solved your problem.
I found 'NetTime.exe' a few years ago when I was in need of something to sync time on a PC when the ususal 'Windows Services' were inaccurate/flaky :)
 
@ColinTaylor; I tried creating /jffs/scripts/init-nat
with
Code:
#!/bin/sh
iptables -t nat -I POSTROUTING -o $(nvram get wan0_ifname) -p udp --sport 123 -j MASQUERADE --to-ports 49152-65535 --random

No luck. Disabled all my mods again. No luck either. It will eventually connect randomly without user intervention, sometimes after 20-30 minutes.
 
the curl command ... allows for time retrieval from a near infinite source of urls in a manner that cannot be detected or censored... without the presence of potentially vulnerable ntp servers or clients revealed ...
Don't need to bother with DNS lookups either. This way is my favorite.

date -s `curl -I 'https://1.1.1.1/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`
 
Don't need to bother with DNS lookups either. This way is my favorite.

date -s `curl -I 'https://1.1.1.1/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`
Does not work as the Date format returned by the curl is not accepted by the 'date' command.

Curl returns date format of the form "Sun, 13 May 2018 21:33:16 GMT" ===> this is not valid with the date command !!!

[Tried it on a RT-AC56U running 384.4_2 RMerlin Firmware]
 
Here is another code, the results are cleaner than the rest; but result is still invalid
Code:
date -s "$(wget -qSO- --max-redirect=0 startpage.com 2>&1 | grep Date: | cut -d' ' -f5-8)"
Results in the following:

date: invalid date '13 May 2018 22:46:44'

I was told this is "Very likely a limitation in the busybox date implementation - in which case you'd have to do your own parsing. sed (amongst others) would work using capture groups."

We'll we're getting closer. Great work fitz, thank you SO much.
 
Last edited by a moderator:
Here is an alternative that DOES set the date !!! [-s option].
Prints out 'Date' it retrieves & the 'Date' that is set for comparison.

Only thing that is odd is that the date retrieved is ".... GMT" and the date utility sets the correct time but changes it to "... DST"
Environment has TZ set to "GMT"

datetext=$(curl -I 'https://1.1.1.1/' 2>/dev/null | grep "Date:" |sed 's/Date: [A-Z][a-z][a-z], //g'| sed 's/\r//') ; echo "Date Retrieved = $datetext" ; echo -n "Date set = " ; date -s "$datetext" -D'%d %b %Y %T %Z'
 
Last edited:
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top