What is OpenNTPD ?

OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

OpenNTPD is primarily developed by Henning Brauer as part of the OpenBSD project. Its design goals include being secure (non-exploitable), easy to configure, accurate enough for most purposes and with source code that can be distributed under a BSD license. Its portable version, like that of OpenSSH, is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Darren Tucker.

Preparing to Install OpenNTPD

Note : we will install OpenNTPD with FreeBSD server, so of course we will using FreeBSD port to install OpenNTPD.

First, we need to upgrade FreeBSD port with portsnap
Login into the server with root access

#portsnap fetch update
#portsnap extract

Install OpenNTPD

#cd /usr/ports/net/openntpd
#make install clean

Configuration Files

1. /usr/local/sbin/ntpd OpenNTPD network server file.
2. /usr/local/etc/rc.d/openntpd - OpenNTPD startup scripts to start / stop OpenNTPD server.
3. /usr/local/etc/ntpd.conf - OpenNTPD configuration file.
4. UDP port # 123 - OpenNTPD NTP port.

Modify ntpd.conf file

#pico /usr/local/etc/ntpd.conf

# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)

listen on *
#listen on 127.0.0.1
#listen on ::1

# sync to a single server
#server ntp.example.org
#server pool.ntp.org
#server time-nw.nist.gov

server time-a.nist.gov
#server time-b.nist.gov

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
#server time-a.timefreq.bldrdoc.gov

server north-america.pool.ntp.org

## Save this file.

From this conf, i have set the ntpd services to listen to all ip address.
You can specify which ip address that you want to bind it.
Please make sure if you want to be a NTPD server, you need to bind your ip to external ip addreses.

Enable OpenNTPD services in rc.conf

#echo 'openntpd_enable="YES"' >> /etc/rc.conf

Start/Stop/Restart and Verify OpenNTPD Service

#/usr/local/etc/rc.d/openntpd start
#/usr/local/etc/rc.d/openntpd stop
#/usr/local/etc/rc.d/openntpd restart
#/usr/local/etc/rc.d/openntpd status
openntpd is running as pid 17371 17372.

Modify Firewall to allow 123 UDP IN

Example i have a pf firewall in my BSD server.
So i need to added 1 line to allow 123 UDP in for NTPD services.

#pico /usr/local/etc/ipfw.rules

### add this line below into your ipfw rules ###

ipfw add allow udp from any to any 123 in

You're Done.