Recent posts

Pages1 2 3 ... 10
#1
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by jfou1987 - Today at 01:34:35 PM
Quote from: Monviech (Cedrik) on Today at 12:45:01 PMThen go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.

I just did it, and the problem was solved ! Thank you for your help.

I thing robvdw was right, there was an issue at ipinfo yesterday.

#2
General Discussion / Re: Where is TCP processed - C...
Last post by chemlud - Today at 01:26:47 PM
OK, so best bet is:

Code Select
pcie_aspm=off
added to kernel boot line and reboot.

Will try... :-)
#3
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by robvdw - Today at 12:59:37 PM
Thanks! The current ipinfo file processes fine and fixes the aliases. I suspect there either was a severely truncated file online yesterday afternoon for a short while, or it contained something that crashed the script that extracts them.

I also noticed that the IPv6 files were not updated yesterday, which would be consistent with some kind of truncated file that only contained IPv4 until 5.something.

File sizes before re-download:
Code Select
-rw-r-----  1 root wheel      288 Jan 20 13:41 BA-IPv4
-rw-r-----  1 root wheel    27668 Jan 19 13:40 BA-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BB-IPv4
-rw-r-----  1 root wheel    13532 Jan 19 13:40 BB-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BD-IPv4
-rw-r-----  1 root wheel   116040 Jan 19 13:40 BD-IPv6
-rw-r-----  1 root wheel      916 Jan 20 13:41 BE-IPv4
-rw-r-----  1 root wheel   565784 Jan 19 13:40 BE-IPv6
-rw-r-----  1 root wheel       14 Jan 20 13:41 BF-IPv4
-rw-r-----  1 root wheel    23354 Jan 19 13:40 BF-IPv6
-rw-r-----  1 root wheel     1233 Jan 20 13:41 BG-IPv4
-rw-r-----  1 root wheel   122141 Jan 19 13:40 BG-IPv6

File sizes after re-download:
Code Select
-rw-r-----  1 root wheel     8492 Jan 21 12:49 BA-IPv4
-rw-r-----  1 root wheel    27668 Jan 21 12:49 BA-IPv6
-rw-r-----  1 root wheel     4531 Jan 21 12:49 BB-IPv4
-rw-r-----  1 root wheel    13532 Jan 21 12:49 BB-IPv6
-rw-r-----  1 root wheel    65683 Jan 21 12:49 BD-IPv4
-rw-r-----  1 root wheel   114769 Jan 21 12:49 BD-IPv6
-rw-r-----  1 root wheel   158563 Jan 21 12:49 BE-IPv4
-rw-r-----  1 root wheel   566429 Jan 21 12:49 BE-IPv6
-rw-r-----  1 root wheel     5637 Jan 21 12:49 BF-IPv4
-rw-r-----  1 root wheel    23354 Jan 21 12:49 BF-IPv6
-rw-r-----  1 root wheel   118374 Jan 21 12:49 BG-IPv4
-rw-r-----  1 root wheel   122103 Jan 21 12:49 BG-IPv6
#4
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by meyergru - Today at 12:51:25 PM
As expected (but with the community edition):

You cannot view this attachment.
#5
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by Monviech (Cedrik) - Today at 12:45:01 PM
Do these steps, first execute:

/usr/local/opnsense/scripts/filter/download_geoip.py

Then go to "Firewall - Aliases" and create a new alias that contains Belgium.
After saving and apply, go to "Firewall - Diagnostics - Aliases" and check the contents of the alias you just created.
#6
25.1, 25.4 Series / Re: Wireguard issue(s)
Last post by Bob.Dig - Today at 12:16:57 PM
For Android there is "WG Tunnel", that can cope with dynamic IPs. If your resolution is to restart WG on OPNsens though, you might have another problem und upgrading OPNsense is strongly advised to begin with. 
#7
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 12:12:44 PM
To be honest usually you want to disable. e.g force disabled ASPM off globally on OS level cause the per-device per-line disabling may not work always as it should... I usually disable ASPM in BIOS on everything or if not available or I have suspicions its not enough I force disable it globally in Linux.

https://wiki.archlinux.org/title/Power_management#Active_State_Power_Management

Regards,
S.
#8
General Discussion / Re: Where is TCP processed - C...
Last post by OPNenthu - Today at 12:07:05 PM
Understood, although there might be a reason why Protectli found that ASPM must be disabled globally rather than disabling it on a per-device basis with PCI sysctls.  Usually you don't use the nuclear option unless there's a reason, but who knows.
#9
General Discussion / Re: subdomains / haproxy not w...
Last post by Patrick M. Hausen - Today at 11:57:07 AM
You need to whitelist your internal addresses.

Either with this parser:

https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/whitelists

or manually following the documentation:

https://doc.crowdsec.net/u/getting_started/post_installation/whitelists/
#10
25.7, 25.10 Series / Re: GeoIP list no more correct...
Last post by meyergru - Today at 11:56:43 AM
I neither use the business edition nor have I monitored the size of the Ipinfo database over time. I use it with the community edition and for me, it works:

Code Select
# wc /usr/local/share/GeoIP/alias/BE-IPv?
    9736    9736  158563 /usr/local/share/GeoIP/alias/BE-IPv4
   24323   24323  566429 /usr/local/share/GeoIP/alias/BE-IPv6
   34059   34059  724992 total

# fgrep ,BE, ipinfo_lite.csv | wc
  34059   64340 2112133

Seems like there is some kind of extraction process from the Ipinfo CSV that failed to generate all entries, maybe because of a subtle syntax error in the CSV. For example, I find this line inside the CSV:

Code Select
2a14:3d02::/35,Belgium,BE,Europe,EU,AS57234,"LLC ""IT NETWORKS CHAT""",ichatua.com.ua

Note the multiple quotes. Also, there are missing ASNs in some lines. So maybe this is a parsing error within OpnSense code, but probably in the business edition only?
Pages1 2 3 ... 10