V1.7 Release 2 GLRM1

The upgrade has degraded the video experience. When using WebRTC smart or normal ultra high, the bitrate constantly fluctuates between 2 Mbps and 20 Mbps. After logging in, the mouse cursor becomes unresponsive and moves with noticeable lag unless I switch back to normal mode with medium quality. This problem did not exist in version 1.5 even in ultra high.

PiKVM has the same issue, and one of Comet’s advantages was that it didn’t suffer from this problem—until now.

In either mode Normal -Ultra High or Smart this uses the entire bandwidth.

When downgrading to version 1.5 I get the error upload failed. How to downgrade?

GL.iNet download center

YES, we have disabled the zero-latency mode in the smart mode, as it tends to cause more stuttering in scenarios like WiFi connections. However, the normal mode should perform consistently.

I retested the latency in normal mode + ultra-high on RM1 1.7 R2, and it still remains between 40-60ms within the local network.

lQDPJxGABPNm4rfNA8DNBQCwehsdjYKL-csI8eDfIvXhAA_1280_9601280×960 293 KB

lQDPKHvyqz1ZA7fNA8DNBQCwnvkiXn4r5DcI8eDf47ujAA_1280_9601280×960 293 KB

I am using rm1 but also have the RM1PE.

I only upgraded rm1. The issue was not there on rm1 in version 1.5.

I just downgraded to v 1.5 and high and ultra high works great now. In v 1.7 it doesn't - the mouse cursor gets stuck after a few secs on ultra high/ high or the new smart mode. One can only use medium.

To be realistic you need to test this in a 50 Mbps or lower internet speed with decent latency as that the major use case.

what os and browser you used?

Windows 11 and tried both chrome and edge.

Comet kvm has external internet access blocked via router rule and is accessed via VPN that connects to the local network

Can you provide a screen recording? For this kind of lagging issue, logs usually don't reveal much.

Also I noticed the below

Pikvm3: the 1920x1080 kbps jeeps jumping between 2mb to 30 mb …experience not good when connecting from outside the immediate network with tailscale or VPN

Pikvm4: 1920x1200 very stable kbps between 3 mb to 6 mb. Good connection quality and experience

Today I noticed in comet kvm the kbps jumped to 15mbps+ on 2560x1440

Email for screen recording?

[email protected]

It sounds like your VPN bandwidth is insufficient, causing packet congestion... In that case, you should definitely use the Smart Mode. This mode is specifically designed for such situations, as it significantly reduces bandwidth consumption.

It seems that /sbin/ntpd has been removed from the new firmware. There is still no option to set the NTP server in the Web Interface. /etc/ntp.conf still exists but it is unclear how (or if) it is still used.

What is the new recommended way to set an NTP server on the 1.7 firmware? Please just add a configuration field in settings. Don’t make this harder than it needs to be, it’s not going to “confuse the user”.

this release also appears to have completely broken tailscale on my comet (base model). none of the normal trouble shooting steps work via shell commands. they all generate -

500 Internal Server Error: fetch control key: Get "https://controlplane.tailscale.com/key?v=125": x509: certificate signed by unknown authority

which tells me i’m doing something wrong- or this update broke the cert that GLI uses.

My Tailscale is working fine on 1.7, is it possible the software on your client is out of date? Or that you manually provisioned a cert for the Comet that wasn't preserved or expired?

As an aside, the only issue I had with the upgrade was that my manually-configured hostname wasn't properly migrated over and I had to revert to the glkvm hostname until I rebooted. Hopefully this wont be an issue in the future since custom hostnames is now a UI option.

Previously there were two NTP daemons (CONNMAND and NTPD) running, which were bombarding NTP servers, resulting in neither being able to sync time if KOD is enabled on the target NTP server.

If time is not sync’ed, Tailscale will fail. You can also manually update Tailscale

tailscale update

They elected to remove NTPD and just let CONNMAND sync time. If your DHCP server supports configuring a NTP server, CONNMAND will prefer that.

Example from pfSense

Screenshot 2025-11-15 at 6.09.22 AM546×458 19.5 KB

Otherwise, you can add a custom S20update_ntp.sh file to the /etc/kvmd/user/scripts folder, which will persist on reboot or firmware upgrade.

1. Determine service interface name

connmanctl services
*AO Wired                ethernet_9483c4bb171f_cable

2. Example S20update_ntp.sh

#! /bin/sh
connmanctl config ethernet_9483c4bb171f_cable --timeservers 192.168.69.5

3. Make sure the script has execute permissions

chmod a+x S20update_ntp.sh

4. Confirm which NTP server CONNMAND is using after executing the script or command.

[root@glkvm:/etc/kvmd/user/connman/ethernet_9483c4bb171f_cable]# grep -i timeservers settings
Timeservers=192.168.69.5;

Looks like the new firmware hasn’t stopped the constant pinging of public DNS servers (literally) every 5 seconds either just to update the status light.

image1790×1006 139 KB

I can confirm this works.

/bin/sh /etc/init.d/S23led stop

https://forum.gl-inet.com/t/excessive-icmp-ping-flood/64904/10?u=elvisimprsntr

Could you provide the debug log? It sounds like this might be caused by NTP failing to synchronize the time.

Perhaps you can use ping to check if the following three NTP servers are accessible on the Comet:

pool.ntp.org
time.google.com
ntp.aliyun.com

Looks like CONNMAND is still bombarding public NTP servers during initialization, which results in the NTP servers responding with KOD or ignoring. Even if I have a NTP server defined in my DHCP server and run the following command automatically during initialization.

connmanctl config ethernet_9483c4bb171f_cable --timeservers 192.168.69.5

23:47:06.217853 IP (tos 0x10, ttl 64, id 29930, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.51898 > 216.239.35.0.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343626.055379234 (2025-11-17T04:47:06Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343626.055379234 (2025-11-17T04:47:06Z)
23:47:08.209539 IP (tos 0x10, ttl 64, id 30185, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.51898 > 216.239.35.0.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343628.053449999 (2025-11-17T04:47:08Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343628.053449999 (2025-11-17T04:47:08Z)
23:47:12.210135 IP (tos 0x10, ttl 64, id 30857, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.51898 > 216.239.35.0.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343632.053606228 (2025-11-17T04:47:12Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343632.053606228 (2025-11-17T04:47:12Z)
23:47:20.209154 IP (tos 0x10, ttl 64, id 32745, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.51898 > 216.239.35.0.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343640.053396215 (2025-11-17T04:47:20Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343640.053396215 (2025-11-17T04:47:20Z)
23:47:36.214552 IP (tos 0x10, ttl 64, id 3394, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.38675 > 216.239.35.8.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343656.054697273 (2025-11-17T04:47:36Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343656.054697273 (2025-11-17T04:47:36Z)
23:47:38.209142 IP (tos 0x10, ttl 64, id 3670, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.38675 > 216.239.35.8.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343658.053443713 (2025-11-17T04:47:38Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343658.053443713 (2025-11-17T04:47:38Z)
23:47:42.209908 IP (tos 0x10, ttl 64, id 4792, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.38675 > 216.239.35.8.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343662.053634867 (2025-11-17T04:47:42Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343662.053634867 (2025-11-17T04:47:42Z)
23:47:50.209804 IP (tos 0x10, ttl 64, id 5302, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.38675 > 216.239.35.8.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343670.053636729 (2025-11-17T04:47:50Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343670.053636729 (2025-11-17T04:47:50Z)
23:48:06.223620 IP (tos 0x10, ttl 64, id 63806, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.52253 > 216.239.35.12.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343686.056893099 (2025-11-17T04:48:06Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343686.056893099 (2025-11-17T04:48:06Z)
23:48:08.209126 IP (tos 0x10, ttl 64, id 64219, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.52253 > 216.239.35.12.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343688.053530326 (2025-11-17T04:48:08Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343688.053530326 (2025-11-17T04:48:08Z)
23:48:12.210674 IP (tos 0x10, ttl 64, id 65019, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.52253 > 216.239.35.12.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343692.053896335 (2025-11-17T04:48:12Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343692.053896335 (2025-11-17T04:48:12Z)
23:48:20.210133 IP (tos 0x10, ttl 64, id 65526, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.52253 > 216.239.35.12.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343700.053802039 (2025-11-17T04:48:20Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343700.053802039 (2025-11-17T04:48:20Z)
23:48:36.211025 IP (tos 0x10, ttl 64, id 42778, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.46432 > 216.239.35.4.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343716.054046511 (2025-11-17T04:48:36Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343716.054046511 (2025-11-17T04:48:36Z)
23:48:38.209119 IP (tos 0x10, ttl 64, id 42823, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.46432 > 216.239.35.4.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343718.053610187 (2025-11-17T04:48:38Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343718.053610187 (2025-11-17T04:48:38Z)
23:48:42.211546 IP (tos 0x10, ttl 64, id 43141, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.46432 > 216.239.35.4.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343722.054193427 (2025-11-17T04:48:42Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343722.054193427 (2025-11-17T04:48:42Z)
23:48:50.212407 IP (tos 0x10, ttl 64, id 44870, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.46432 > 216.239.35.4.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343730.054416479 (2025-11-17T04:48:50Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343730.054416479 (2025-11-17T04:48:50Z)
23:49:06.220763 IP (tos 0x10, ttl 64, id 46639, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.50084 > 203.107.6.88.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343746.056401360 (2025-11-17T04:49:06Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343746.056401360 (2025-11-17T04:49:06Z)
23:49:08.207901 IP (tos 0x10, ttl 64, id 46713, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.50084 > 203.107.6.88.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343748.053414143 (2025-11-17T04:49:08Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343748.053414143 (2025-11-17T04:49:08Z)
23:49:12.210477 IP (tos 0x10, ttl 64, id 46904, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.50084 > 203.107.6.88.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343752.054021831 (2025-11-17T04:49:12Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343752.054021831 (2025-11-17T04:49:12Z)
23:49:20.208785 IP (tos 0x10, ttl 64, id 48394, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.50084 > 203.107.6.88.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343760.053665135 (2025-11-17T04:49:20Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343760.053665135 (2025-11-17T04:49:20Z)
23:49:41.212072 IP (tos 0x10, ttl 64, id 62076, offset 0, flags [DF], proto UDP (17), length 76)
    192.168.69.60.46820 > 192.168.69.5.123: NTPv4, Client, length 48
	Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0
	Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
	  Reference Timestamp:  0.000000000
	  Originator Timestamp: 0.000000000
	  Receive Timestamp:    0.000000000
	  Transmit Timestamp:   3972343781.054477481 (2025-11-17T04:49:41Z)
	    Originator - Receive Timestamp:  0.000000000
	    Originator - Transmit Timestamp: 3972343781.054477481 (2025-11-17T04:49:41Z)
23:49:41.212245 IP (tos 0xb8, ttl 64, id 273, offset 0, flags [none], proto UDP (17), length 76)
    192.168.69.5.123 > 192.168.69.60.46820: NTPv4, Server, length 48
	Leap indicator:  (0), Stratum 1 (primary reference), poll 10 (1024s), precision -22
	Root Delay: 0.000000, Root dispersion: 0.001022, Reference-ID: GPS^@
	  Reference Timestamp:  3972343778.885575939 (2025-11-17T04:49:38Z)
	  Originator Timestamp: 3972343781.054477481 (2025-11-17T04:49:41Z)
	  Receive Timestamp:    3972343781.212144792 (2025-11-17T04:49:41Z)
	  Transmit Timestamp:   3972343781.212213246 (2025-11-17T04:49:41Z)
	    Originator - Receive Timestamp:  +0.157667311
	    Originator - Transmit Timestamp: +0.157735764

GLKVM is running an older version of CONNMAND, which has documented issues bombarding NTP servers during initialization.

connmand -v
1.44

What’s happening in ConnMan 1.44

• Aggressive retry loop: This version doesn’t implement exponential backoff for NTP queries. If the first few requests fail, it keeps hammering the servers.

• FallbackNTPServers: Defaults to Google’s public servers (time1.google.com … time4.google.com). These servers rate‑limit, so repeated bursts get ignored.

• Result: ConnMan never successfully syncs the clock because the servers stop responding after too many requests.

ConnMan 1.45 introduced improved NTP (Network Time Protocol) support, focusing on reliability, fallback handling, and tighter integration with system time services.

Key Improvements in NTP Support (ConnMan 1.45)

• Better fallback logic:

  • If the primary NTP server fails, ConnMan now cycles through configured servers more intelligently.

  • Reduces long delays in time synchronization on embedded devices.

• Enhanced IPv6 support:

  • NTP queries now handle IPv6 addresses more consistently, ensuring proper operation in dual-stack networks.

• Improved error handling:

  • Clearer logging when NTP synchronization fails.

  • Automatic retries with exponential backoff to avoid flooding the network.

• Integration with systemd-timesyncd:

  • ConnMan can delegate time synchronization to systemd’s timesyncd when present, avoiding conflicts.

  • This ensures smoother coexistence with distributions that rely on systemd for timekeeping.

• Plugin refinements:

  • The NTP plugin was updated to better handle DNS resolution of pool.ntp.org servers.

  • Improved caching of resolved NTP server IPs to reduce repeated lookups.

• Security patches:

  • Fixes for CVEs related to malformed NTP responses that could previously cause crashes or memory leaks.

  • Hardened parsing routines to prevent buffer overflows.

• Performance optimizations for embedded devices.

You also might want to step up to a more modern Linux kernel. The current version is 5 years, 8 months old.

uname -r
4.19.111

Linux kernel 4.19.111 is known to have multiple documented vulnerabilities (CVEs), including privilege escalation, denial of service, and information leaks.

Key Details

• Total CVEs: Over 4,000 vulnerabilities have been reported across the 4.19.x series, with many affecting 4.19.111 specifically.

• Types of vulnerabilities:

  • Privilege Escalation: Attackers can gain higher-level access than intended.

  • Denial of Service (DoS): Crashes or hangs caused by malformed inputs.

  • Information Leaks: Kernel memory exposure to user space.

  • Code Execution: Exploits that allow arbitrary code to run.

• Examples of CVEs impacting 4.19.x (including 4.19.111):

  • CVE-2019-19083 – Memory leak in AMD GPU driver.

  • CVE-2018-18281 – Improper TLB flush in mremap, leading to memory corruption.

  • CVE-2025-40179 – Ext4 filesystem orphan file handling flaw, causing excessive memory consumption.

UPDATE: Submitted a bug report to hopefully give this some traction.

https://github.com/gl-inet/glkvm/issues/72#issue-3635391839

In regards to the NTP server that’s all well and good that it can pull the time server from DHCP, but let’s just have an option to configure it in the KVM Web UI and skip the extra steps.

I wound up editing /etc/connman/main.conf and commented out the Fallbacks and put my preferred (local) time server in there. I don’t want fallback non-local NTP server or fallback non-local DNS servers. I want the ones I specify.

bash-5.2# cat main.conf
[General]
#FallbackTimeservers = pool.ntp .org,time.google .com,ntp.aliyun. com
FallbackTimeservers = time.lan
#FallbackNameservers = 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1
FallbackNameservers = 192.168.20.1

I think the bombarding of NTP servers with NTP packets is different than the bombarding of the DNS servers with pings.

Minmie, can you clarify what it is that you’re asking about those 3 time servers (which I’m apparently prevented from posting the names to here without spaces because they automatically turn into links?
pool.ntp .org
ntp.aliyun .com
time.google .com

I don’t believe my kvm is doing anything with those since i changed the fallbacks in main.conf. They are currently inaccessible though because I have everything from the KVM blocked to the internet because I don’t trust its behavior.