Wireguard - Time Sync (#379)

* Update basic_setup.rst

Added a note for NTP server when using WG tunnels.

* Update advanced_config.rst

Added a note about time sync

* Update advanced_config.rst

renamed the note

* ensure callout box will be displayed correctly

* tweak wording/spelling

---------

Co-authored-by: Steve <69524416+ab7pa@users.noreply.github.com>
This commit is contained in:
VA2XJM Jean-Michel 2024-08-11 17:33:47 -04:00 committed by GitHub
parent 7c4f5786a2
commit 9c8aa19aca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 0 deletions

View File

@ -337,6 +337,8 @@ Wireguard Tunneling Protocol
On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``5525``, which will provide for one wireguard tunnel connection. If you want to allow up to 10 wireguard tunnel links (for example), you would permit UDP traffic on the range of ports between ``5525-5534``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface. On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``5525``, which will provide for one wireguard tunnel connection. If you want to allow up to 10 wireguard tunnel links (for example), you would permit UDP traffic on the range of ports between ``5525-5534``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface.
.. attention:: Wireguard will not establish tunnels if the clocks on the client and server nodes are out of sync. Ensure that all nodes configured to use Wireguard have a reachable NTP server when they are booted. It is recommended to use the default ``pool.ntp.org`` value. If you have mesh based NTP servers, advertise them as services to ensure time synchronisation across your mesh network even if the Internet is not available.
Supernode Tunneling Supernode Tunneling
Supernode tunneling uses the Wireguard tunneling protocol, but the port range begins with port ``6526``. On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``6526``, which will provide for one supernode tunnel connection. If you want to allow up to 10 supernode tunnel links (for example), then you would permit UDP traffic on the range of ports between ``6526-6535``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface. Supernode tunneling uses the Wireguard tunneling protocol, but the port range begins with port ``6526``. On your Internet-connected router/firewall set the firewall rules to permit UDP traffic from the Internet on an appropriate range of ports. The starting port should be ``6526``, which will provide for one supernode tunnel connection. If you want to allow up to 10 supernode tunnel links (for example), then you would permit UDP traffic on the range of ports between ``6526-6535``. Then configure a port forwarding rule to send any traffic from the Internet on your range of ports to the IP address of your node's WAN interface.

View File

@ -95,6 +95,8 @@ There are several options for setting your node's location:
Timezone and NTP Server Timezone and NTP Server
Here you select the timezone for your node's system clock, and the default value is ``UTC``. You can also enter the hostname for a `Network Time Protocol (NTP) <https://en.wikipedia.org/wiki/Network_Time_Protocol>`_ source if your node is connected to a network which has a network time server. In the *NTP Server* field you should enter a valid hostname for the network time source, for example ``us.pool.ntp.org`` or ``AD5BC-ntp.local.mesh``. You may also choose how often NTP will update the node's clock by selecting a value from the dropdown list. The default is once per day [``daily``] but you may also select once per hour [``hourly``]. Here you select the timezone for your node's system clock, and the default value is ``UTC``. You can also enter the hostname for a `Network Time Protocol (NTP) <https://en.wikipedia.org/wiki/Network_Time_Protocol>`_ source if your node is connected to a network which has a network time server. In the *NTP Server* field you should enter a valid hostname for the network time source, for example ``us.pool.ntp.org`` or ``AD5BC-ntp.local.mesh``. You may also choose how often NTP will update the node's clock by selecting a value from the dropdown list. The default is once per day [``daily``] but you may also select once per hour [``hourly``].
If you plan to use Wireguard tunneling, make sure that an NTP server is reachable when the nodes are booted so that the key exchange between the client and server will happen. Without proper time syncronization, Wireguard will not establish tunnels. Use an Internet based NTP server or use a local NTP server when the Internet is not available. Follow the instructions below to advertise an NTP service on your local mesh network.
.. image:: _images/basic-time.png .. image:: _images/basic-time.png
:alt: Optional Settings - Time :alt: Optional Settings - Time
:align: center :align: center