I let both carped firewalls use an internal OpenBSD ntpd server.
On each firewall, /etc/ntpd.conf has
# sync to a single server
server nirvana.internal
nirvana.internal's ntpd.conf has
# Addresses to listen on (ntpd does not listen by default)
listen on *
# use a random selection of NTP Pool Time Servers
# see http://support.ntp.org/bin/view/Servers/NTPPoolServers
servers pool.ntp.org
Works like a charm!
On 12/12/13, 12:42 PM, Ted Bullock wrote:
CARP(ish) Question:
I have a /30 transit network from my ISP, where there obviously isn't
room for both routers in the carp setup to have a dedicated IP address
in addition to the IP assigned to the carp interface.
If it matters, I've assigned both routers private addresses in my
network and can talk to them just fine on the local network.
Anyway, I've noticed that the clock on the backup router is getting
slowly out of sync. I figure it cannot initiate network sessions to
the public ntp pool since it doesn't have an IP and a valid route to
the internet while it's acting as the backup.
I'd prefer to not run yet another service locally if at all possible
though.
I'm wondering what other folks do in this situation.
