OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: Julien on August 17, 2020, 03:56:15 pm

Title: GeoIP 20.7 solution
Post by: Julien on August 17, 2020, 03:56:15 pm

Hi Guys,

If your GEOIP seems not to works after the last uptate, the issue is easy and simple
your firewall Firewall Maximum Table Entries is Limited to 100k.
So Go to your firewall>>>Settings>>>Advanced and change the value of Firewall Maximum Table Entries to 200k and save.
i have mine at 400k as ive got a powerfull hardware.

after i've done that the GEOIP start working and loading IPS.

Title: Re: GeoIP 20.7 solution
Post by: hushcoden on August 17, 2020, 05:49:21 pm

According to my OPNsense, actually the default value is set to 1M and the issue still persists...

Title: Re: GeoIP 20.7 solution
Post by: FullyBorked on August 17, 2020, 09:50:07 pm

Edit: I can't read....  This worked for me.

Title: Re: GeoIP 20.7 solution
Post by: Julien on August 18, 2020, 12:54:30 am

Make sure to change the number twice to the one you have already there and reload the GEOIP.
like remove one country and save and re-add it.
i've done it today in 4 boxes which had the issue before and its appear to fix it.

Title: Re: GeoIP 20.7 solution
Post by: Julien on August 19, 2020, 05:45:59 pm

Today I have rebooted one of the boxes and noticed it’s didn’t load the geoip.
After changing the size from 200k to 400k op has been loaded
It’s a bug but this solutions is the only that works for me till now.

@hydschu read carefully what I said

Title: Re: GeoIP 20.7 solution
Post by: fog on August 25, 2020, 01:44:04 pm

After Update to 20.7 GeoIP doesn't work anymore for an Alias with GeoIp, IPv4.
The Problem was, that the pfTable (Firewall: Diagnostics: pfTables) for the Alias was empty!
IPv6 worked.
The cause were empty files *IPv4 in /usr/local/share/GeoIP/alias/.
I renamed /usr/local/share/GeoIP , and applied the settings in  Firewall: Aliases: GeoIP setting again.
The folder /usr/local/share/GeoIP was new created, now with the correct IPv4 files.
And the pfTable is filled for the Alias and GeoIP is working again.

Title: Re: GeoIP 20.7 solution
Post by: white_rabbit on August 25, 2020, 09:10:42 pm

sorry. wrong forum

Title: Re: GeoIP 20.7 solution
Post by: geotek on August 30, 2020, 04:11:04 pm

There is definitely something wrong with GeoIP processing in V.20.7.1. After Upgrading to this version GeoIP falsely blocked legitimate IPs. Setting "Firewall Maximum Table Entries" to 200000 resolved this issue instantly. When I leave this box empty, the help says "On your system the default size is: 200000" But this can't be, otherwise setting this value explicitly to the same value should not change anything.

This is repeatable. After booting with this field kept empty I get falsely blocket IPs, setting "Firewall Maximum Table Entries" to 200000 resolves this issue again.