Menu
What's new

Camera time doesn't stay consistent

N

nhs128

Young grasshopper
Joined
Jul 8, 2017
Messages
91
Reaction score
21
All of my cameras are setup to ping the ntp server of my router/firewall. Some of them stay somewhat close to current time, and others are way off, by hours. We do observe daylight savings time, but this isn't the only issue. For instance, it is 10:06am here now, and I have a camera that is 6:06am, another that is 9:09, a few minutes ahead of my current time like 10:10am, and other issues. It is has been this way since I first setup all of my cameras etc.. Hoping someone has seen this and it may just be a simple fix.

As far as the firewall, I do allow ntp access from my camera subnet directly to the router/firewall on port 123. It does look like the BI overlay is closer to the actual time than the camera overlay, but isn't perfect. Should I be using the overlay time? Are there other issues I may be having here?

Any and all help is greatly appreciated.
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
Something's not right. They should pull the right time from the NTP server (obviously).

What are you using for an NTP server? Can you see logs for requests from the cams? What are you using as an update frequency for the time requests? When you go into a cam to set the NTP server can you see it update to the correct time?
 
TonyR

TonyR

IPCT Contributor
IPCT+ Member
Joined
Jul 15, 2014
Messages
16,850
Reaction score
39,205
Location
Alabama
nhs128 said:
As far as the firewall, I do allow ntp access from my camera subnet directly to the router/firewall on port 123. It does look like the BI overlay is closer to the actual time than the camera overlay, but isn't perfect. Should I be using the overlay time? Are there other issues I may be having here?
Click to expand...
I have NetTime installed on my BI server, all cams' time overlay pointed to BI server's LAN IP, port 123, BI's time overlay turned off.

I've come to understand it's best from a legal standpoint to use the cam's time overlay and not BI, as it could be argued by a good lawyer (oxymoron?) that the image was "modified" by the BI overlay.

EDIT 5/5/23 @ 1446 CT: added link to download NetTime
 
N

nhs128

Young grasshopper
Joined
Jul 8, 2017
Messages
91
Reaction score
21
Mike A. said:
Something's not right. They should pull the right time from the NTP server (obviously).

What are you using for an NTP server? Can you see logs for requests from the cams? What are you using as an update frequency for the time requests? When you go into a cam to set the NTP server can you see it update to the correct time?
Click to expand...
I see requests in the logs that are being denied from the firewall (pfsense). I do not see any requests being made to the ntp server which is also pfsense, so that is odd to me and probably the issue if I had to guess. However, I did go through and double check all of the ntp settings in the cams and save/refresh, and did a manual restart of all cams. At this very moment, things look ok. I am giving it time to see if that changes though.
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
Yeah, if you can see that they're being denied for whatever reason then that would be it. More likely something related to pfSense than the cams. Sounds like they aren't able to get there. Do you have the cams blocked from accessing things within the net?

I had another NTP server running before I went to pfSense but keep thinking that I'll move things over to it. I'll try to point one to the NTP server there later and see if I run into any problem.
 
N

nhs128

Young grasshopper
Joined
Jul 8, 2017
Messages
91
Reaction score
21
Mike A. said:
Yeah, if you can see that they're being denied for whatever reason then that would be it. More likely something related to pfSense than the cams. Sounds like they aren't able to get there. Do you have the cams blocked from accessing things within the net?

I had another NTP server running before I went to pfSense but keep thinking that I'll move things over to it. I'll try to point one to the NTP server there later and see if I run into any problem.
Click to expand...
I’ve got an allow rule for the cams to reach only the pfSense port 123. All other access is blocked. So you have ntp setup on pfSense also? If so, could I see your rules?
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
I have NTP running on pfSense but I'm not using it for my cams. I already had all of them pointing to another NTP server that I was running prior to using pfSense and haven't bothered to move them over yet. I was saying that I'll try to point one of my cams there and see what it does when I get a chance. I need to change things around some to let it get there. I've been meaning to try it anyway.

Are you allowing UDP vs TCP?
 
saltwater

saltwater

Getting comfortable
Joined
Oct 6, 2019
Messages
488
Reaction score
633
Location
Melbourne, Australia
I'm with Tony, have your cameras get their time from the BI computer; I have mine set to update every 10 minutes (I think, it's been a while since I last checked). Check your firewall rule ordering. I have my cameras blocked from going outbound EXCEPT to get to my BI computer, obviously to check & update the time. From a rule ordering point of view, I allow access to the BI computer first, and then block all outbound traffic. It seemed to me, initially, to be counter-intuitive as I thought blocking all outbound traffic would cancel or override the allow rule just prior, but it doesn't.

EDIT: I'm in the Ubiquity eco-system but I'm sure the rule ordering is the same regardless.
 
Last edited:
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
Hmmm... On a quick test mine doesn't seem to update from the NTP server on pfSense either. I have a rule blocking Internet access from the cam but it should have full access to my pfSense server inside my network. Have to look at it more.
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
OK mine seems to work now.

Ahead of my blocks I allowed UDP from any port on that cam's IP to port 123 on pfSense IP.
 
N

nhs128

Young grasshopper
Joined
Jul 8, 2017
Messages
91
Reaction score
21
Mike A. said:
OK mine seems to work now.

Ahead of my blocks I allowed UDP from any port on that cam's IP to port 123 on pfSense IP.
Click to expand...
Something strange is going on with my setup then. I've removed all of my blocks and only added the allow port from the cam net to port 123 on the pfsense IP. Not a damn thing seems to go through. I keep getting default denies. Guess I will spend tomorrow troubleshooting.
 
Mike A.

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,837
Reaction score
6,412
Maybe try working through it step-wise. Start with */any to */any and work back from that.

I don't recall doing anything unusual when I set up the rule. I did use the IP of the pfSense server vs using "this firewall" or however that's also shown when making the rule.

One thing that I saw on a quick search was that the pfSense NTP server had problems passing time along to clients if it isn't properly accessing the upstream NTP servers. Maybe double check that.
 
You must log in or register to reply here.
Top