ÇàÇà²ÝÊÓƵ

Sonoma GPS Time Server

Sonoma GPS Network Time Server

Free Lifetime Technical Support

We support our products for as long as you own them with FREE technical support by phone or email and free software upgrades as they become available. No maintenance contract required.

Product Status

Introduction:
Status: Recommended for all installations.
Last Software Update:
Latest Network Security Bulletin:
Latest Field Service Bulletin:
Leap Second Pending: None

Product Bulletins

240228
Feb 28, 2024

Security Vulnerability Announcements re: c_rehash script

CVE-2022-1292

CVE-2022-2068

EndRun products are not vulnerable.

180606
Aug 3, 2018

February 2018 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering, Stratum 2 or interleave mode.Ìý This bulletin also has recommendations for securing your NTP clients.

180104
Jan 4, 2018

January 2018 Meltdown and Spectre Vulnerabilities
The Google Project Zero team announced three cpu vulnerabilities.
EndRun's Sonoma, Meridian II, Tycho II, RTM3205 and Distribution Chassis products are not affected.Ìý

170328
Mar 28, 2017

March 2017 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2.ÌýThis bulletin also has recommendations for securing your NTP clients.

161205
Dec 5, 2016

November 2016 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you changed the factory configuration to allow remote control, peering, traps, or rate limiting.

160606
Jun 6, 2016

June 2016 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2.ÌýThis bulletin also has recommendations for securing your NTP clients.

160321
Mar 21, 2016

GNU glibc Vulnerability to Crafted DNS Responses
CVE-2015-7547.
EndRun's Sonoma, Meridian II, Tycho II, and Distribution Chassis are unaffected.Ìý Legacy products are vulnerable.

151026
Oct 26, 2015

October 2015 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2.ÌýThis bulletin also has recommendations for securing your NTP clients.

150414
Apr 14, 2015

NTP Client/Peering Vulnerabilities
CVE-2015-1798, 1799
EndRun Time Servers may be affected if you use peering.

150130
Jan 30, 2015

Linux Ghost Vulnerability
CVE-2015-0235
EndRun products are affected.

141222
Dec 22, 2014

NTP Remote Query and Crypto Vulnerabilities
CVE-2014-9293, 9294, 9295, 9296
EndRun Time Servers are affected.

140926
Sep 26, 2014

Linux Bash Shellshock Vulnerability
CVE-2014-6271, 6277, 6278, 7169
Most EndRun products are affected.Ìý SeeÌýSecurity BulletinÌýfor details.

140409
Apr 9, 2014

OpenSSL Heartbleed Vulnerability
CVE-2014-0160
EndRun products areÌýNOTÌýaffected.

140110
Jan 10, 2014

NTP Monlist Vulnerability
CVE-2013-5211
Some EndRun products are vulnerable.

Field Service Bulletins

180427
Apr 27, 2018

GPS-Synchronized: Sonoma, Tempus LX, Unison, Meridian, Tycho, RTM3204, Tempus Gntp, Praecis Gntp, Praecis Gfr
GPS week rollover event on April 7, 2019.
Note: Meridian II, Tycho II, RTM3205 are unaffected by this event. Sonoma shipped after June 2017 is also unaffected.

160126
Jan 26, 2016

Sonoma, Tempus LX, Unison, Meridian, Tycho
(GPS-Synchronized)

Potential 13-microsecond offset due to GPS system anomaly.

151026
Oct 26, 2015

Sonoma, Tempus LX, Unison, Meridian,
Meridian II, Tycho II

NTP Vulnerabilities identified by the NTP Project.

141222-01
Dec 22, 2014

Sonoma
NTP Vulnerability: ntpq, ntpdc, crypto.

140926-01
Sep 26, 2014

Sonoma
Shellshock Vulnerability.

140110-01
Jan 10, 2014

Sonoma
NTP Vulnerability: monlist, ntpq, ntpdc.

131216
Dec 16, 2013

Sonoma
SNMP MIB correction.

Leap Second Bulletins

170101
Jan 1, 2017

Sonoma, Meridian II, Tycho II, Tempus LX, Unison, Meridian, Tycho, Praecis

160707
Jul 7, 2016

Sonoma, Meridian II, Tycho II, Tempus LX, Unison, Meridian, Tycho, Praecis

150701
Jul 1, 2015

Sonoma, Tempus LX, Unison, Meridian, Tycho, Praecis

150106
Jan 6, 2015

Sonoma, Tempus LX, Unison, Meridian, Tycho, Praecis

Frequently Asked Questions (FAQs)

I've had my unit for 1 year already, can I get an extended warranty?

As long as your unit is still under its current warranty then yes, you can purchase an extended warranty. ÌýContact EndRun Sales for information.

My product is 12 years old and out-of-warranty. Can I get it repaired?

Yes - we will try. The problem may be that we no longer have parts for the oldÌýmodels.ÌýBut, if we can still get the needed parts thenÌýwe willÌýrepair your unit and charge for time and materials.

What is the EOL on my EndRun product?

At EndRun, End-of-Life (EOL) means end of the production life cycle. We continue to provide free technicalÌýsupport (by phone or email) for as long as you own an EndRun product.Ìý In fact, we are still providing free support for products that we shipped in 2001.

How are upgrades handled and what do they cost?

Software upgrades for all our products are freely available for download from our website at:Ìýwww.endruntechnologies.com/support/software-upgrades.

Ìý

I haven't upgraded my firmware for a long time. Can I upgrade straight to the latest version without installing subsequent versions first?

Current products (Sonoma, Meridian II, Tycho II, RTM3205) can be upgraded to the latest version of firmware straight from any older version. ÌýHowever, if you have modified either /etc/profile or /etc/rc.d/rc.MÌýand yourÌýLinux Root File System (RFS) is prior to version 2.20 then please contact Support (support@endruntechnologies.com).

Legacy products (Tempus LX, Unison, Meridian, Tycho, RTM3204) can also be upgraded to the latest version of firmware straight from any older version. ÌýHowever, if your RFS is prior to version 2.60 then please read this.

Will GPS work inside?

Unlike CDMA, GPS will not work inside buildings.Ìý To receive GPS signals the antenna must have a view of the sky.Ìý The best location is on a roof-top with the antenna in view of a maximum amount of sky.Ìý However, our GPS products have the ability to operate in a single-satellite mode.Ìý This lets you avoid the trouble and expense of a rooftop installation by allowing you to mount the antenna in a window of your building with only a partial view of the sky.

Ìý

How far can I install the antenna from the GPS receiver?

The standard antenna cable length is 50 feet.Ìý If you need more we offer antenna lengths up to 250 feet without a GPS preamplifier.Ìý If you need more than 250 feet of cable then a preamp is required.Ìý You can run an additional 250 feet of cable for every preamp installed and you can have up to 3 preamps.Ìý This will allow you to run a total of 1000 feet of cable.Ìý For more information clickÌýhere.

Will my EndRun product be affected by the GPS week rollover event in April 2019?

All EndRun GPS-synchronized products with up-to-date firmware will not be affected by the April 7, 2019 rollover event.Ìý For more information, please refer to Field Service Bulletin 180427.

Ìý

Do I set my calibration delay to positive or negative to compensate for the antenna cable?

The answer is positive because there is a delay between the antenna and the receiver.

Think about it like this: The antenna receives the time data x nanoseconds before the receiver.Ìý Therefore, the receiver is behind the antenna by x nanoseconds.Ìý By entering a positive delay, the clock will be advanced x nanoseconds to compensate.

Ìý

I don't have roof-top access for a GPS antenna. What do I do?

You have two choices:
ÌýÌýÌý1.ÌýMount your GPS antenna in a window. ÌýOur GPS products have the ability to operate in a single-satellite mode which allows you to mount the antenna in a window of your building with only a partial view of the sky. ÌýSee this Window-Mount Installation Guide for details.
ÌýÌýÌý2.ÌýPurchase a CDMA-synchronized product which works very well inside buildings (assuming your area has CDMA coverage).

Ìý

What is NTP Stratum?

Stratum is a term that means different things depending on the context.Ìý In the world of NTP, stratum is defined in RFC 1305.Ìý NTP uses a hierarchical structure in which Stratum 0 is the reference clock, linked via a time signal, to a reliable source of UTC.Ìý Stratum 1 is the time server with a direct link to the reference clock.Ìý Stratum 2 is a client that receives time over a network connection from a Stratum 1 clock.Ìý Stratum 3 is a client that receives time from a Stratum 2 clock.Ìý And so on, up to Stratum 15.Ìý For more details on strata in the NTP world, clickÌýhere.

Ìý

How accurate is NTP?

Over WANs (Wide Area Networks), up to 100 milliseconds is typical.Ìý It depends on how far away the public time server is, or more specifically, how many hops between you and the server.Ìý Within a LAN (Local Area Network) using a dedicated NTP Time Server, 0.5 to 2 milliseconds is typical.Ìý The internal accuracy of the CDMA Network Time Server is on the order of 10 microseconds.Ìý It can easily keep all clients on a LAN synchronized to typically within 0.5 to 2 milliseconds.

Ìý

Where can I get NTP client software?

Client software is widely available as freeware and shareware.Ìý Setting up an NTP or SNTP client is relatively simple once you have installed the software on your workstation and communicated with the time server over the network.Ìý For a list of NTP client software click here.

Ìý

How long will the NTP Server deliver Stratum 1 performance if the signal is lost?

Exclusive EndRun oscillator-control algorithms provide extended Stratum 1 holdover performance when the unit is not locked to the synchronization signal (GPS or CDMA).Ìý Typical NTP Stratum 1 holdover periods are:
Ìý Ìý 24 hours - TCXO (standard)
Ìý Ìý 35 days - OCXO (upgrade)
Ìý Ìý 140 days - Rubidium (upgrade)

Ìý

Why do I need a time server?

When two or more computers are involved, accurate time keeping is difficult, especially if they are not in the same physical location.Ìý A dedicated time server inside your network perimeter is the most accurate, reliable and secure way to ensure accurate timekeeping for all computers on your network.Ìý Accurate timekeeping is necessary to support eBusiness and other applications such as Stock Trades, Logs, B2B Transactions, File Operations, Packet Time Stamps, Software Configuration Management, Database Accuracy, Telecommunication Call Billing, etc.Ìý For a more detailed response to this question click here.

Ìý

Why not use the time servers available over the Internet?

There are many public time servers available over the Internet.Ìý Access to these public time servers is free of charge.Ìý While public time servers are certainly less costly - accurate, reliable and secure time is best provided by a dedicated time server that resides under your control inside your network security perimeter.Ìý Using public time servers available over the Internet is not recommended for the following reasons:

1.Ìý Setting up your firewall to accept NTP packets (which is based on UDP/IP) introduces a security risk that many Network Administrators are not willing to take.

2.Ìý Time accuracy degrades because of indeterminate network latency, up to 100 milliseconds is typical.

Ìý

Is there a command to tell me the Stratum level of my NTP Server?

Yes.Ìý For current models (Sonoma, Meridian II, Tycho II, RTM3205) use Linux command:

ÌýÌýÌýntpq -c sysinfo

For legacy models use Linux command:

ÌýÌýÌýntpdc -c sysinfo

Ìý

How many clients can a time server handle?

For a detailed answer to this question click here.

Is support for NTS4NTP on your product roadmap?

Yes.Ìý NTS4NTP is in the draft standard level and when released we expect it will be integrated into the NTP distribution.Ìý The Time Servers are periodically upgraded with the latest distribution so when NTS4NTP is supported, then it will also be supported in our products.Ìý The standards process is lengthy so there is no telling when this capability will be in the NTP distribution.

Are the EndRun NTP Servers compliant with STIG ID: NET0813, Rule ID: SV-15326r5?

EndRun NTP Servers are compliant with STIG ID: NET0813,Ìý Rule ID: SV-15326r5,Ìý Vuln ID:Ìý V-14671.Ìý The time servers support a FIPS-approved message authentication code and NIST-approved HMAC algorithms.

How do I restart the NTP daemon without rebooting?

For our third generation units such as Sonoma, Meridian II, Tycho II, Ninja, RTM3205 and e-Series Distribution, run the command:

ÌýÌýÌý/etc/rc.d/rc.ntpd restart

For older models, the only way to restart the daemon is to reboot.

What is PTP?

Precision Time Protocol (PTP) is a relatively new protocol that was developed to improve the time synchronization accuracy that is obtainable over a Local Area Network (LAN).Ìý Specifications for PTP are defined in the IEEE-1588 standard.Ìý In PTP terminology, the Grandmaster is the distributor of accurate time and the Slave is the receiver of this time.Ìý The Slave synchronizes itself to the Grandmaster.

The most common network timekeeping protocol is the Network Time Protocol (NTP).Ìý In NTP terminology, the Server is the distributor of accurate time and the Client is the receiver of this time.Ìý The Client synchronizes itself to the Server.

With NTP you can get client synchronization accuracies in the millisecond range.Ìý With PTP you can get slave synchronization accuracies in the nanosecond or microsecond range.Ìý Synchronization accuracy depends not just on the PTP Grandmaster, but also on the network topology such as switch and slave hardware.

Ìý

What is the accuracy of EndRun's PTP?

Products listed below can be configured as a IEEE-1588/PTP Grandmaster Clock.Ìý Here are the timestamp resolution and accuracy specifications:

Model Timestamp Resolution Timestamp Accuracy to UTC (RMS)
Sonoma (GPS)
Network Time Server
8 nanoseconds 30 nanoseconds
Sonoma (CDMA)
Network Time Server
8 nanoseconds 10 microseconds (typical)
Meridian II
Precision TimeBase
8 nanoseconds 10 nanoseconds
Tycho II
Precision TimeBase
8 nanoseconds 25 nanoseconds

Ìý

I want to put my Grandmaster on one subnet, with my servers and workstations on another subnet. How will that work?

The Grandmaster user interface allows you to modify the TTL Value (time-to-live value) in order to accomplish this.Ìý You will also need to modify the TTL Value on your PTP Slave.

Ìý

What is the difference between PTP hardware and software timestamping?

The main difference is in the synchronization accuracy that can be achieved.Ìý With software timestamping as typically implemented (software-only approach), you can see slave synchronization accuracies between 10 and 100 microseconds.Ìý You can achieve this level of accuracy with commonly used network hardware such as standard switches, and computers withÌýsoftware PTP slaves.

With hardware timestamping as implemented on a Sonoma it is possible to achieve time synchronization accuracies of 30 nanoseconds with an 8 nanosecond resolution.Ìý However, in order to get this level of accuracy, both the Grandmaster and the Slave must be capable of hardware timestamping.Ìý This means you will need to purchase specialized hardware to install in each Slave.Ìý In addition, network switches must configured as transparent clocks or boundary clocks.Ìý

Ìý

Can PTP operate over a wide area network (WAN)?

PTP Version 2 has been designed to span over a WAN.Ìý However, performance is dependent on the network configuration.Ìý For example, a network switch would need to be configured as a transparent clock or boundary clock in order to realize the superior synchronization capability.Ìý Otherwise, synchronization of PTP becomes equivalent to NTP.

Ìý

Can PTP be installed in the field?

Yes.Ìý All Sonoma, Meridian, Tycho II, Tempus LX, and Unison Time Servers are capable of operating PTP.Ìý PTP is a relatively low-cost option that can be installed by you at any time.Ìý All that is needed from you is the Ethernet address (MAC) and we can supply a software key and instructions for turning on PTP.Ìý For older products, you may need to upgrade your software first.

Ìý

Where can I get PTP Slave software?

The Precision Time Protocol (PTP) is a relatively new protocol (compared with NTP).Ìý As such, there are fewer options available for you to use for PTP Slave software.Ìý The options that do exist range from software-only solutions to software with hardware timestamping solutions. ÌýFor further information click here.

Ìý

How many PTP Slaves can your Grandmaster support?

Over 2000.Ìý But it depends on various settings and configurations that can increase or decrease the number of slaves that Sonoma can support.Ìý Consider the following:

1.Ìý If using a Boundary Clock, the Sonoma only interfaces with the network switch Boundary Clock.Ìý In this case the capacity is limited by the Boundary Clock switch.

2.Ìý When using a Transparent Clock, the capacity is limited by the frequency of the delay requests and the sync rate.Ìý Sonoma will be able to provide all the slaves with the Sync Packets and Announce Packets.Ìý But, there will be a limit for processing delay requests issued by the slaves.Ìý Our implementation requires about 10 microseconds to handle a delay request / response.Ìý The delay request is used to calculate the slave-to-master delay.Ìý If your network is static the delay should not change and the Sonoma will announce to the slave to use 32-second delay request interval.

Even though the slaves randomize the delay request packets, the request can come in simultaneously.Ìý What happens if delay requests show up simultaneously?Ìý In this case, the Sonoma will not issue a delay response.Ìý The slave will then randomize the delay request interval and issue the request again.Ìý Some slaves will log a notification that a delay response was not received.

Ìý

When I log into my unit from the CLI, a time string displays that does not match the current UTC. What is wrong?

This string:

ÌýÌýÌýSonoma_D12 GPS 6010-0065-000 v 2.40 - Tue Sep 19 02:19:38 UTC 2017

which is displayed immediately after login simply means that firmware 6010-0065-000 version 2.40 was released on Tuesday September 16, 2017 at 02:19:38Ìý UTC. ÌýIt has nothing to do with current UTC.

Ìý

Do I have root access to the Linux file system via the command line interface?

Yes.

Do I need to be familiar with Linux in order to use your equipment?

No. To see a list of EndRun's product commands that you can easily use,Ìýtype:

ÌýÌýÌýhelp

To get help on a particular command type "help EndRun-command-name". For example:

ÌýÌýÌýhelp gpsstat

This will show you details regarding the gpsstat command.

Ìý

Ìý

How can the default prompt be changed?

Edit the file Ìý/etc/profileÌý and modify the definition of PS1.Ìý After making the change, copy the file to the non-volatile area:

ÌýÌýÌýcp /etc/profile /boot/etc

Our security guys did a scan on the EndRun unit and found a few vulnerabilities. Is there going to be a firmware update soon to address this?

Serious vulnerabilities that cannot be mitigated with a reasonable workaround will be addressed with a new firmware update as soon as possible.Ìý For remaining vulnerabilities, please see Network Security Bulletins for mitigation steps.

Also, we recommend reading this: Best Practices to Secure Your Time Server.Ìý Taking the steps outlined in this paper will eliminate most, if not all, vulnerabilities.Ìý It was written for the Sonoma Time Servers but the same general steps apply to our other Linux-based products.

Is there a way to set a timeout for ssh sessions?

Yes.Ìý Follow these instructions:

1.ÌýÌýOpen theÌýsshd_configÌýfile for editing.

For current models (Sonoma, Meridian II, Tycho II, RTM3205) open this file:

ÌýÌýÌý/etc/ssh/sshd_config

For legacy models open this file:

ÌýÌýÌý/etc/sshd_config

2.ÌýÌýUncomment and edit the lines in sshd_config with ClientAliveInterval and ClientAliveCountMax settings as follows:

ÌýÌýÌýClientAliveInterval <session timeout in seconds>
ÌýÌýÌýClientAliveCountMax 0

3.ÌýÌýDon't forget to make the modified file persistent, by copying it to FLASH:

For current models (Sonoma, Meridian II, Tycho II, RTM3205):

ÌýÌýÌýcp -p /etc/ssh/sshd_config /boot/etc/ssh

For legacy models:

ÌýÌýÌýcp -p /etc/sshd_config /boot/etc/

4.ÌýÌýReboot the unit using this command:

ÌýÌýÌýreboot

Ìý

I am using WinSCP to upload files for upgrading and the upgrade keeps failing. What do I do?

If you are uploading via SSH, do not use WinSCP!Ìý WinSCP does not work well with a raw flash partition.Ìý We have had great success using PuTTY's pscp utility, which is executed from the Windows command line and uses the same syntax as the Linux-based scp utility.Ìý You can download pscp from .

Ìý

How can I serve time on two different networks?

You will need to configure a gateway for both the Ethernet ports.Ìý The user manual indicates that only one port can be configured with a default gateway (using the front panel or netconfig).Ìý However, with advanced routing you can configure a gateway for both ports (eth0 and eth1).Ìý You must add commands to set up static routes in theÌý/etc/rc.d/rc.MÌýstartup script. There is an easily spotted comment in the rc.MÌýfile showing where to add the commands.ÌýFor more information, read this Product NoteÌýor contact EndRun Technical Support.

Ìý

Are any products manufactured by EndRun affected by the CVE-2021-44228 Apache Log4j vulnerability?

No.Ìý Products manufactured by Endrun Technologies are not affected because none of them include any version of Apache Log4j.

How are restrictions for subnet access with SSH/SNMP and telnet achieved? For example, how do I set restriction for access to 192.168.1.0/24 subnet?

For our third-generation units such as Sonoma, Meridian II, Tycho II, Ninja, RTM3205 and e-Series Distribution Chassis run the command below to invoke interactive script:

accessconfig

Then, when prompted enter a hostname, host address or range of host addresses to be given telnet/ssh/snmp access (name, IP address or IP address range, 0 to quit).Ìý You enter:

192.168.1.0/255.255.255.0