"Recent posts
#1
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by reincoder - Today at 09:13:58 AMQuote from: Kayakero on December 05, 2025, 07:01:26 PMthe only thing I can assume is that ipinfo removed the "Content-Disposition" header ( it's hosted in cloudflare it doesn't make sense ).
Let us investigate this issue. I have escalated this to engineering.
— Abdullah | DevRel, IPinfo
#2
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by reincoder - Today at 09:11:59 AMHi,
I am Abdullah, the DevRel of IPinfo. I will try my best to help you here.
Our file format will never change to anything else without a significant amount of communication. Please understand that a file format change without alerting our user base is a catastrophic change that we will never make. So, I suspect this is some error message being interpreted as zip file or something.
I am not clear about the implementation of how the database is downloaded, but we do have a checksums API endpoint that you should use to verify the download.
Reference: https://ipinfo.io/developers/database-download
The download process requires you to go through a redirect path because the data is stored in a cloud storage bucket.
Reference: https://ipinfo.io/developers/ipinfo-lite-database (See the code section)
The API provides unlimited usage, but the data downloads are subject to rate limits. It permits 10 downloads per unique IP address multiplied by unique access token. This means that to reach the rate limit, you probably downloaded it 10 times using the token you are using from the same IP address.
Reference: https://community.ipinfo.io/t/announcement-we-are-adding-rate-limits-to-data-downloads/358
You have shared your API access token: `f2cbc8898bc30a` which according to our database is a not an active or assigned token.
---
Please let me know if this problem persists. We will be happy to take a look. Our community forum is available here: https://community.ipinfo.io/
— Abdullah | DevRel, IPinfo
I am Abdullah, the DevRel of IPinfo. I will try my best to help you here.
Our file format will never change to anything else without a significant amount of communication. Please understand that a file format change without alerting our user base is a catastrophic change that we will never make. So, I suspect this is some error message being interpreted as zip file or something.
I am not clear about the implementation of how the database is downloaded, but we do have a checksums API endpoint that you should use to verify the download.
Reference: https://ipinfo.io/developers/database-download
The download process requires you to go through a redirect path because the data is stored in a cloud storage bucket.
Reference: https://ipinfo.io/developers/ipinfo-lite-database (See the code section)
The API provides unlimited usage, but the data downloads are subject to rate limits. It permits 10 downloads per unique IP address multiplied by unique access token. This means that to reach the rate limit, you probably downloaded it 10 times using the token you are using from the same IP address.
Reference: https://community.ipinfo.io/t/announcement-we-are-adding-rate-limits-to-data-downloads/358
You have shared your API access token: `f2cbc8898bc30a` which according to our database is a not an active or assigned token.
---
Please let me know if this problem persists. We will be happy to take a look. Our community forum is available here: https://community.ipinfo.io/
— Abdullah | DevRel, IPinfo
#3
25.7, 25.10 Series / 25.7.9: pkg exited on signal 1...
Last post by kozistan - Today at 07:20:36 AMHi, after upgrading to OPNsense 25.7.9 I started seeing repeated crashes of pkg with signal 11 on my firewall and I am not sure what is going on.
System log (repeating every minute):
pkg update output:
Right now the firewall seems to work, but the segmentation fault happens every time pkg update runs and clutters the logs. I am just trying to understand if this is a known issue with 25.7.9 / the new kernel, or something broken on my installation only.
Could you please advise what might be wrong or what additional diagnostics I should provide?
Thank you in advance.
System log (repeating every minute):
Code Select
<13>1 2025-12-06T07:00:05+01:00 fw.sloto.space kernel - - [meta sequenceId="32"] <6>[21705] pid 39394 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:01:07+01:00 fw.sloto.space kernel - - [meta sequenceId="1"] <6>[21768] pid 1476 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:02:05+01:00 fw.sloto.space kernel - - [meta sequenceId="2"] <6>[21825] pid 49670 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:03:05+01:00 fw.sloto.space kernel - - [meta sequenceId="3"] <6>[21885] pid 88108 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)pkg update output:
Code Select
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
pkg: Failed to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.7/16d2de42-0612-444d-84cd-9da99e66f1f9/data.pkg: Not found
pkg: Failed to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.7/16d2de42-0612-444d-84cd-9da99e66f1f9/data.txz: Not found
SunnyValley repository is up to date.
All repositories are up to date.
Child process pid=4711 terminated abnormally: Segmentation fault
Right now the firewall seems to work, but the segmentation fault happens every time pkg update runs and clutters the logs. I am just trying to understand if this is a known issue with 25.7.9 / the new kernel, or something broken on my installation only.
Could you please advise what might be wrong or what additional diagnostics I should provide?
Thank you in advance.
#4
High availability / Re: Connectivity from a HA sec...
Last post by crlt - Today at 07:17:46 AMI recently setup iBGP for some internal services so I thought I would attempt this with eBGP between my two HA opnsense nodes. In the end I was able to achieve this with active/active BGP on each router (each having a unique router-id). However there seems to be an issue (bug? expected?) during failover and/or maintenance mode (mainly happen when one router is put into maintenance mode but not always) where an erroneous route is installed which not only breaks routing between sites but sends the traffic out of the WAN interface. The only way to fix it is to stop FRR and start it (restarting does not fix it). I suspect the cause is that routes are added before the wireguard site-to-site tunnel is ready.
This is the output in the FRR routing table. The second entry is supposed to be the site-to-site wireguard interface with it's tunnel address.
CODE NETWORK ADMIN DISTANCE METRIC INTERFACE INTERFACE_NAME VIA
B>* 10.20.10.0/24 20 0 <blank> <blank> 192.168.20.251
B>* 10.20.10.0/24 20 0 igb1 wan01 <WAN-IP>
After multiple steps to troubleshoot I gave up and figured that the potential for unexpected behavior during failover/maintenance was not worth it and eventually reverted back. Active/backup BGP does not solve it since the FRR daemon does not run on the backup I cannot reach the services on the site like I originally sought out to do.
This is the output in the FRR routing table. The second entry is supposed to be the site-to-site wireguard interface with it's tunnel address.
CODE NETWORK ADMIN DISTANCE METRIC INTERFACE INTERFACE_NAME VIA
B>* 10.20.10.0/24 20 0 <blank> <blank> 192.168.20.251
B>* 10.20.10.0/24 20 0 igb1 wan01 <WAN-IP>
After multiple steps to troubleshoot I gave up and figured that the potential for unexpected behavior during failover/maintenance was not worth it and eventually reverted back. Active/backup BGP does not solve it since the FRR daemon does not run on the backup I cannot reach the services on the site like I originally sought out to do.
#5
General Discussion / Seeking advice for first Guest...
Last post by Seldon - Today at 06:36:09 AMHi everyone,
I'm fairly new to tinkering with firewalls, so I'm bound to make lots of mistakes, so I'd thought I'd might dip my toes in by creating a guest VLAN and trying out some Rules, and wanted to get some feedback. I have a screenshot of my Rules attached. Anything to look out for, missing, general advice? Are there any must have Rules for guest networks over others? Did I make any mistakes? :)
I'm fairly new to tinkering with firewalls, so I'm bound to make lots of mistakes, so I'd thought I'd might dip my toes in by creating a guest VLAN and trying out some Rules, and wanted to get some feedback. I have a screenshot of my Rules attached. Anything to look out for, missing, general advice? Are there any must have Rules for guest networks over others? Did I make any mistakes? :)
#6
General Discussion / Can I inststall smokeping on o...
Last post by Meg - Today at 06:12:43 AMHi: Can I install Smokeping directly on Opnsense. I have seen this question in some old forum articles and have seen online one person that had it working on older Opnsese. Since the package for smokeping exists for both FreeBSD - https://www.freshports.org/net-mgmt/smokeping/ and HardenedBSD - https://github.com/HardenedBSD/hardenedbsd-ports/tree/master/net-mgmt/smokeping, I was wondering if there is an easy way to deploy it on OPNsense. I already tried and had issues with dependancies and conflicts with sunnyvally repositories. Has anyone got it to work on newer versions of Opnsense.
#7
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - Today at 05:47:04 AM@neel You mean a bootable USB image with the interactive installer? You should be able to build this with the official github.com/opnsense/tools. Have you tried that?
If you don't want to build everything from scratch, you can prefetch the sets from my repo (see first post).
We've also recently added aarch64 support to opnsense-bootstrap, so another option is to install FreeBSD 14.3 first (using one of their official images) and then convert it to OPNsense.
(Update 25.7.9 is in work.)
If you don't want to build everything from scratch, you can prefetch the sets from my repo (see first post).
We've also recently added aarch64 support to opnsense-bootstrap, so another option is to install FreeBSD 14.3 first (using one of their official images) and then convert it to OPNsense.
(Update 25.7.9 is in work.)
#8
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - Today at 05:43:00 AMI dont have an idea right now. I also know of customers for who it works as it is right now when using Outlook.
Caddy works because there is an NTML plugin compiled in (I maintain the Caddy plugin too). Though as NTML is deprecated I wonder how long that will still work.
If it works for Sophos UTM please connect to it via SSH and extract the apache config and post it here, maybe we can spot a difference to our apache config.
Caddy works because there is an NTML plugin compiled in (I maintain the Caddy plugin too). Though as NTML is deprecated I wonder how long that will still work.
If it works for Sophos UTM please connect to it via SSH and extract the apache config and post it here, maybe we can spot a difference to our apache config.
#9
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by Netlearn - Today at 04:44:19 AMYou cannot view this attachment.
Three of them have no problem, two of them don't seem to be happy with the file format.
Three of them have no problem, two of them don't seem to be happy with the file format.
#10
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by Netlearn - Today at 04:42:34 AMIn five different OPNsense, all of them on 25.7.9:
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
