I came across this YouTube video from Austin about using an inexpensive GPS device ($12 US) to get local GPS time services via a Raspberry Pi. I wanted to see if I can set it up for OPNSense. I'm sure that PFSense would be very similar. I had set up a robust NTP based time service for an employer in the past so time and using GPS for it fascinates me. This was extremely simple to setup actually.
For a good overview of NTP, this YouTube video by Gary explains well without going too deep.
I have wanted to have one at home but never justified the cost as NTP is so easy to come by over the internet especially with the public pool available. Having one is more about bragging and experimenting than anything really. Having a local one would be useful during long Internet outages and for local resources such as cameras though. I thought of looking for an old Garmin GPS yet this device Austin mentions makes it really reasonable. Note in my application, I did also get a more sensitive antenna ($10 US) as the included one doesn't work in my finished basement unless I had it next to a window. As I designed a homerun for server and AV equipment I didn't expect to run anything to a window. I obtained these via Amazon but there are other options out there.
For the GPS module, this is used for drones and other maker stuff so is real tiny at about an inch squared. It is a clone of the U-Blox NEO-6M. Additionally, I found a case for it on Thingiverse that I had a friend print up for me to make mounting it easy. The antenna just converts from IPEX to SMA connector and ~30db gain antenna.
I connected it up via USB to my Dell R220 running OPNsense. If you want to do this right, you really should use serial as USB is a "shared" resource vs "dedicated" that serial is. Other devices on the USB hub can skew the GPS time source. You see this in the higher jitter readings from this time source. For now, USB is fine for me as I am also using several network time sources concurrently. With NTP you should use 4-7 sources and it allows ntpd to become more precise than just using 1.
Configuring OPNSense was pretty easy as it has preset for U-Blox (and other devices such as Garmin.) I did change to 9600bps from 4800bps.
For the port, BSD uses 'cuau*' for serial and 'cuaU*' for USB.
then uncheck the two PPS checkboxes as this device does not provide PPS (Pulse Per Second) over USB, only adedicated pin via serial. This device only outputs NMEA stanzas via USB.
You can see this in the logs.
2022-01-23T19:01:34 | ntpd[59143] | kernel reports TIME_ERROR: 0x2007: PPS Frequency Sync wanted but no PPS; PPS Time Sync wanted but no PPS signal | |
2022-01-23T19:01:34 | ntpd[59143] | 0.0.0.0 042d 0d kern no PPS signal | |
2022-01-23T19:01:34 | ntpd[59143] | 0.0.0.0 041d 0d kern PPS enabled status: 2041 -> 0007 |
By default, U-blox has a Fudge Time 2 of 0.400 seconds. For this clone that was not valid. Trying a few values I landed on 0.06 for it. You can find the fudge 2 value via logs. Turn on Peer Stats, which is located on the Network Time | General page under Statistics logging
and set Fudge time 2 to nothing and let it run for several hours or so. I let it go overnight. SSH to the OPNSense and run
awk '/127.127.20.0/ { sum += $5 * 1000; cnt++; } END { print sum / cnt; }' < /var/log/ntp/peerstats
for me it output -58.6234. Just note that the output is in milliseconds and the Fudge time 2 box is asking for seconds. So output of 58.6234 gets entered into Fudge time 2 as 0.058. After that, no more False Ticker is listed under NTP Status. I was real close with 0.06 and this gets it more in alignment with the network sources and addresses the USB bus issues better. Be sure to turn peer stats logging off once you are done so you dont fill your OPNSense storage and delete the files.
I was curious why it was showing the IP of 127.127.20.0 for the GPS source. In looking it up, the pseudo IP address (127.127.x.0) changes where x is the "driver" type and needs to match your use case.
Drivers:
20 = Generic NMEA driver
22 = PPS driver (GPIO or similar)
28 = SHM (shared memory) driver
NTPd prefers to have 4-7 time sources. It uses this to get a consensus between them all to throw out any bad sources (tickers) but additionally uses them all together to become more precise. I use these network sources
- Employer GPS
- time.cloudflare.com
- time.facebook.com
- 0.us.pool.ntp.org
I do not use Google time as they smear leap seconds wheras everyone else will have 61 seconds on the leap. The last one was in 2017 with none currently scheduled. You should use sources that handle a leap in the same way.
Once configured you should be all set and can view this on the dashboard
Or under Network Time | Status. It's currently favoring the local GPS module with the others being within 3ms (milliseconds) either direction.
Note in both cases OPNSense provides a click to Google Maps to show where the GPS is located. Nice feature.
As a bonus, I always create an A or CNAME for time.mydomain.TLD that points to the firewall and also add it as a DHCP option for those few devices that use that field. I then just change the DNS record to the new internal time source if needed. I set all my systems to use it so my environment is at the same time.
In the future, I may switch over to serial and see if this device will let it be powered by USB but use serial for comms. though running a5v to the serial header won't be that difficult by chopping a USB cable up. PPS generally is provided via the DCD (Carrier Detect) pin.