Hello,
I need help with a MaxMind GeoIP problem in OPNsense. The GUI doesn't load the database, even though I'm setting everything up according to the documentation.
🎯 My goal:
I wanted to use a GeoIP alias to block selected countries (CN, RU, IR, KP, BY) on the WAN interface.
📋 Procedure according to documentation:
I followed the official guide:
https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html
1. Creating MaxMind account:
Registered at https://www.maxmind.com/en/geolite2/signup
Generated Account ID and License Key
2. Creating URL with authentication:
According to the guide, I created a URL in the format:
https://ACCOUNT_ID:LICENSE_KEY@download.maxmind.com/geoip/databases/GeoLite2-Country-CSV/download?suffix=zip
3. Testing URL in browser:
Pasted the URL into browser
✅ Database downloaded successfully (5.2 MB ZIP file)
Extracted it on my computer and checked the content
Files contain correct CSV files according to documentation:
GeoLite2-Country-Locations-en.csv
GeoLite2-Country-Blocks-IPv4.csv
GeoLite2-Country-Blocks-IPv6.csv
4. Configuration in OPNsense GUI:
Firewall → Aliases → GeoIP settings
Pasted URL into "Url" field
Clicked "Apply"
5. Creating GeoIP alias:
Firewall → Aliases → IP → Add
Name: Blocked_Countries
Type: GeoIP
Countries: CN, IR, KP, BY, RU
Save
6. Creating firewall rule:
Firewall → Rules → WAN → Add
Action: Block
Source: Blocked_Countries alias
Save → Apply
❌ Problem:
GUI doesn't load the database:
After applying URL in GeoIP settings, nothing happened
Total number of ranges: 0 (stayed at zero)
Warning: "In order to use GeoIP, you need to configure a source in the GeoIP settings tab"
Firewall rule with GeoIP alias doesn't work - nothing is blocked
Console check:
bashpfctl -t Blocked_Countries -T show
# Empty - no IP addresses
🔧 Alternative solution (SSH workaround):
Since GUI doesn't work, I tried to bypass the problem via SSH:
1. Manual download and installation of database:
bash# Download database
curl -L -o /tmp/GeoLite2-Country.tar.gz \
-u ACCOUNT_ID:LICENSE_KEY \
'https://download.maxmind.com/geoip/databases/GeoLite2-Country/download?suffix=tar.gz'
# Extract
cd /tmp
tar -xzf GeoLite2-Country.tar.gz
# Copy MMDB to correct directory
find . -name "*.mmdb" -exec cp {} /usr/local/share/GeoIP/ \;
chmod 644 /usr/local/share/GeoIP/*.mmdb
# Verification
ls -lh /usr/local/share/GeoIP/
# Result: GeoLite2-Country.mmdb (9.5 MB)
2. Refresh aliases:
bashconfigctl filter refresh_aliases
{"status": "ok"}
3. Functionality test:
bash# Number of IP addresses in table
pfctl -t Blocked_Countries -T show | wc -l
491970
# Test specific Chinese IP
pfctl -t Blocked_Countries -T test 1.0.1.1
1/1 addresses match.
# Check firewall rule
pfctl -vsr | grep -A 5 "Blocked_Countries"
block drop in log quick on pppoe0 ... from <Blocked_Countries> to any
[ Evaluations: 42 Packets: 0 Bytes: 0 States: 0 ]
✅ It works! GeoIP alias contains 491,970 IP ranges and blocking works.
4. Automating updates - creating update script:
bash# Create script
cat > /usr/local/bin/update-geoip.sh << 'EOF'
#!/bin/sh
curl -L -o /tmp/GeoLite2-Country-CSV.zip \
-u ACCOUNT_ID:LICENSE_KEY \
'https://download.maxmind.com/geoip/databases/GeoLite2-Country-CSV/download?suffix=zip'
/usr/local/sbin/configctl filter refresh_aliases
echo "GeoIP database updated: $(date)"
EOF
# Set permissions
chmod +x /usr/local/bin/update-geoip.sh
# Test script
/usr/local/bin/update-geoip.sh
# Result: {"status": "ok"}
# GeoIP database updated: Sat Nov 1 22:14:05 CET 2025
5. Setting up cron job in GUI:
System → Settings → Cron → Add
Minutes: 0
Hours: 3
Days of week: 2,5 (Tuesday, Friday)
Command: /usr/local/bin/update-geoip.sh
Description: Update GeoIP database
Save → Apply
✅ Result of workaround solution:
✅ GeoIP blocking works
✅ 491,970 IP ranges from CN, RU, IR, KP, BY
✅ Automatic updates twice a week
✅ Firewall rule active and blocking
BUT:
❌ GUI still shows Total number of ranges: 0
❌ Warning in GUI still present
💻 My environment:
OPNsense: Tested on both Community Edition 25.7.6 and Business Edition 25.10_2 - same problem on both
MaxMind: GeoLite2-Country (free)
Formats: Tried CSV (zip) and MMDB (tar.gz) - GUI doesn't load either
❓ Questions:
Why doesn't the GUI load the database from MaxMind URL, even though it downloads successfully in browser?
Is this a known issue in OPNsense 25.7.6 / 25.10_2?
Is there a way to get standard GUI downloading to work?
Or is my SSH workaround an acceptable long-term solution?
Thank you for any help