How to configure NTP server on pfSense

Posted on by Thiago Crepaldi

Last Updated on August 12, 2022 by Thiago Crepaldi

Enabling NTP server can be a good idea to help keeping synchronized all clocks on your network! pfSense already includes a NTP daemon, so we need minimal configuration to get started!

Verify your timezone

Our first step should be double check our pfSense is set to the correct timezone. Go to System >> General setup, scroll to section Localization and select your timezone. Once your are done, click Save.

Setup time servers

Now that the timezone is out of the way, navigate to Services >> NTP >> Settings. Select all Interfaces you wish to serve time, including localhost, LAN and possibly your VPN Server interfaces.

Next, add as many IPs/hostnames of Time Servers as you want, but a minimum of 3 is recommended:

Hostname: 0.pfsense.pool.ntp.org
Prefer: If you select more than one, the first one is used
No select: When selected, this time server will not be used
Is a pool: Select this when this entry is a pool (set) of more than one server

Hostname: 1.pfsense.pool.ntp.org
Prefer:If you select more than one, the first one is used
No select:When selected, this time server will not be used
Is a pool: Select this when this entry is a pool (set) of more than one server

Hostname: 2.pfsense.pool.ntp.org
Prefer:If you select more than one, the first one is used
No select:When selected, this time server will not be used
Is a pool: Select this when this entry is a pool (set) of more than one server

Hostname: 3.pfsense.pool.ntp.org
Prefer:If you select more than one, the first one is used
No select:When selected, this time server will not be used
Is a pool: Select this when this entry is a pool (set) of more than one server

When you are done, click on Save and navigate to the ACLs tab, and do as follow:

  • Default Access Restrictions
    • Kiss-o’-death: Checked
    • Modifications: Checked
    • Queries: Unchecked
    • Service: Unchecked
    • Peer association: Checked
    • Trap service: Checked
  • Custom Access Restrictions
    • Networks: 10.0.0.0/24
      • Add as many networks you need to serve

Press Save to finish the configuration. You can go to Status >> NTP to verify your time servers working for you!

Leave a Reply