From 9c8aa19acaa643319b9dc32d798d3ae2384db3e3 Mon Sep 17 00:00:00 2001 From: VA2XJM Jean-Michel Date: Sun, 11 Aug 2024 17:33:47 -0400 Subject: [PATCH] Wireguard - Time Sync (#379) * Update basic_setup.rst Added a note for NTP server when using WG tunnels. * Update advanced_config.rst Added a note about time sync * Update advanced_config.rst renamed the note * ensure callout box will be displayed correctly * tweak wording/spelling --------- Co-authored-by: Steve <69524416+ab7pa@users.noreply.github.com> --- arednGettingStarted/advanced_config.rst | 2 ++ arednGettingStarted/basic_setup.rst | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arednGettingStarted/advanced_config.rst b/arednGettingStarted/advanced_config.rst index 34ebdab..58e53ca 100755 --- a/arednGettingStarted/advanced_config.rst +++ b/arednGettingStarted/advanced_config.rst @@ -337,6 +337,8 @@ Wireguard Tunneling Protocol On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``5525``, which will provide for one wireguard tunnel connection. If you want to allow up to 10 wireguard tunnel links (for example), you would permit UDP traffic on the range of ports between ``5525-5534``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface. + .. attention:: Wireguard will not establish tunnels if the clocks on the client and server nodes are out of sync. Ensure that all nodes configured to use Wireguard have a reachable NTP server when they are booted. It is recommended to use the default ``pool.ntp.org`` value. If you have mesh based NTP servers, advertise them as services to ensure time synchronisation across your mesh network even if the Internet is not available. + Supernode Tunneling Supernode tunneling uses the Wireguard tunneling protocol, but the port range begins with port ``6526``. On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``6526``, which will provide for one supernode tunnel connection. If you want to allow up to 10 supernode tunnel links (for example), then you would permit UDP traffic on the range of ports between ``6526-6535``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface. diff --git a/arednGettingStarted/basic_setup.rst b/arednGettingStarted/basic_setup.rst index 640c882..ed1dbab 100644 --- a/arednGettingStarted/basic_setup.rst +++ b/arednGettingStarted/basic_setup.rst @@ -95,6 +95,8 @@ There are several options for setting your node's location: Timezone and NTP Server Here you select the timezone for your node's system clock, and the default value is ``UTC``. You can also enter the hostname for a `Network Time Protocol (NTP) `_ source if your node is connected to a network which has a network time server. In the *NTP Server* field you should enter a valid hostname for the network time source, for example ``us.pool.ntp.org`` or ``AD5BC-ntp.local.mesh``. You may also choose how often NTP will update the node's clock by selecting a value from the dropdown list. The default is once per day [``daily``] but you may also select once per hour [``hourly``]. + If you plan to use Wireguard tunneling, make sure that an NTP server is reachable when the nodes are booted so that the key exchange between the client and server will happen. Without proper time syncronization, Wireguard will not establish tunnels. Use an Internet based NTP server or use a local NTP server when the Internet is not available. Follow the instructions below to advertise an NTP service on your local mesh network. + .. image:: _images/basic-time.png :alt: Optional Settings - Time :align: center