The Tapo C200 cameras insist on contacting public NTP servers to sync their clock. If you block them from reaching the Internet (a good idea for security), the cameras will slowly drift out of sync because they ignore the DHCP-provided NTP option.
The solution is simple: run an NTP server on your OpenWrt router and transparently redirect the cameras’ NTP traffic to it.
Step 1 — Enable NTP on OpenWrt
Make sure your router itself syncs time and provides it to LAN devices.
Edit /etc/config/system:
This ensures OpenWrt runs an NTP server and stays in sync with pool.ntp.org.
Step 2 — Advertise NTP via DHCP (best effort)
Some devices honor this, but Tapo cameras don’t. Still worth adding:
/etc/config/dhcp:
Step 3 — Redirect the Cameras’ NTP Traffic
Since Tapo cameras insist on using their own NTP servers, we force (DNAT) those requests to the router’s NTP service.
/etc/config/firewall:
| |
💡 Important: Do not match src_port=123. Most clients use random source ports. Only match src_dport=123.
Why This Works
- Tapo ignores DHCP-provided NTP server.
- We block the cameras from Internet → they can’t reach hardcoded NTP servers.
- With this firewall redirect, their NTP packets to “the Internet” get transparently sent to the router.
- The router answers with correct time → cameras stay in sync without needing Internet.
Verification
From the router:
| |
You should see traffic going to 192.168.1.1:123. The cameras should show the correct time within a minute or two.