The OpenBSD project is renowned for its high security standards and has historically stood the test of time as a very secure free UNIX-like operating system. One of the most well-known OpenBSD daemons is OpenNTPD. As part of OpenBSD, OpenNTPD can be run on almost any operating system.
OpenNTPD is a daemon that implements the SNTP version 4 and NTP version 3 protocols to synchronize the local system time with a remote NTP server or a local time deviation sensor. The OpenNTPD daemon can act as an NTP server for clients compatible with these protocols.
The OpenNTPD application was developed by Henning Brauer as part of the OpenBSD project. The main goal of this project is to create a secure, easy to configure, reasonably accurate, and freely distributed (open source) time management server.
A. Initial Setup
OpenBSD assumes that your hardware clock is set to UTC (Universal Coordinated Time), not local time. This can cause problems with multi-booting. Most other operating systems can be configured in the same way as OpenBSD to avoid this problem.
If using UTC causes problems, you can always change the settings in the sysctl.conf file. For example, add the following script to the "/etc/sysctl.conf" file, which will configure OpenBSD to use the hardware clock set to local time or another region's time.
kern.utc_offset=-300
Please note that the clock on the OpenBSD server must be running with the above configuration and the required offset before booting OpenBSD, otherwise the system time will be set incorrectly at boot time.
Normally the time zone is set during installation. If you need to change the time zone, you can create a new symbolic link to the appropriate time zone file in "/usr/share/zoneinfo". For example, to configure the machine to use the western Indonesia time zone, as the new local time zone on your OpenBSD server.
Create localtime Symlink
ns2# ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime
B. OpenNTPD Configuration
Because OpenNTP is one of the daemons made by OpenBSD developers, so you don't need to install it. OpenNTPD is directly installed on the OpenBSD system. So you only need to configure it.
On the OpenBSD system, the main OpenNTPD configuration file is in /etc/ntpd.conf. The first line in your /etc/ntpd.conf file defines the interface that is connected to the internet. When talking about interfaces, it is definitely inseparable from the IP address.
Then after that, you define the servers you want to synchronize with. NTP uses a hierarchical system of "clock levels". Level 1 is synchronized with a high-precision clock, such as GPS, GLONASS or atomic time standard. Level 2 is synchronized with one of the level 1 machines, and so on.
However, keep in mind that level is not always an indicator of accuracy. Typically, third-level servers are used to synchronize user machines. If you do not know the NTP server in your area, use pool.ntp.org and select a server in your area.
Below is an example of a "/etc/ntpd.conf" file script that you can try.
# $OpenBSD: ntpd.conf,v 1.5 2019/11/11 16:44:37 deraadt Exp $
# sample ntpd configuration file, see ntpd.conf(5)
# Addresses to listen on (ntpd does not listen by default)
listen on 192.168.5.3
# sync to a single server
#server ntp.example.org
# use a random selection of NTP Pool Time Servers
# see http://support.ntp.org/bin/view/Servers/NTPPoolServers
servers pool.ntp.org
# time server with excellent global adjacency
server time.cloudflare.com
servers pool.ntp.org
server time.cloudflare.com
server time.windows.com
server time.nist.gov
# use a specific local timedelta sensor (radio clock, etc)
sensor *
# use all detected timedelta sensors
#sensor *
# get the time constraint from a well-known HTTPS site
constraint from "9.9.9.9" # quad9 v4 without DNS
constraint from "2620:fe::fe" # quad9 v6 without DNS
constraints from "www.google.com" # intentionally not 8.8.8.8
You can replace the IP address 192.168.5.3 with the IP address of the OpenBSD server you are currently using.
C. Activating OpenNTPD
Although the OpenNTPD daemon is installed by default on the OpenBSD system, it is not directly active. In this section we will activate OpenNTPD every time the server reboots.
To activate OpenNTPD you can open the file "/etc/rc.conf", in the file you add a script like the example below.
ntpd_flags="-s"
ntpctl_flags="-s"
After that, run the command below to restart OpenNTPD.
ns2# rcctl restart ntpd
Also run the following command, to ensure the OpenNTPD daemon is active.
ns2# ntpd -dnv
configuration OK
ns2# ntpd -f /etc/ntpd.conf
ntpd: ntpd already running
D. Monitoring OpenNTPD
Once the OpenNTPD daemon has been synchronized and is running normally, you can monitor the time server activity with the following command.
ns2# ntpctl -s all
ns2# ntpctl -s peers
ns2# ntpctl -s Sensors
ns2# ntpctl -s status
If your Windows computer is an hour or two behind when syncing, make sure it takes Daylight Savings Time into account. In Control Panel, double-click Date and Time, and then click the Time Zone tab. Make sure "Automatically adjust clock for daylight savings changes" is checked.
In the image above, Windows will automatically set the time according to the time zone you specify.
To get a fairly accurate current time reading from the US Naval Observatory, see: "http://tycho.usno.navy.mil/cgi-bin/timer.pl".