Recent posts

#81

General Discussion / Re: Behind ISP Router vs DMZ H...

Last post by Untoasted9563 - December 05, 2025, 04:23:25 PM

Hope its ok to jump into this slightly older thread, but my issue is related to that one. I switched to fiber, and my crappy ISP only provides modems/router with no bridge mode, meaning I also need to rely on placing my OPNsense into this pseudo-DMZ.

If OPNsense has the DMZ-host (private) IP on its WAN interface, what does that mean in terms of fire-walling? Do I lose all information about originating IPs? Will all inbound connections to OPNsense just show the ISP router IP 192.168.1.1? I rely heavily on geo-blocking and additional blocklists, which I cannot afford to lose.

Sorry if this is a bad place to ask, I can start a new thread if this seems like a hijack of that thread.

#82

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by MoonbeamFrame - December 05, 2025, 03:45:02 PM

I'm using unique tokens on all firewalls.

I'm deducing that the maximum download exceeded is due to the firewall making multiple attempts to download the file, which matches the logs.

If I use curl to download the file from another location I see ?token=f2cbc8898bc30a appended to the filename.

I'm also seeing:

In order to use GeoIP, you need to configure a source in the GeoIP settings tab

When I go into the Firewall: Aliases

#83

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by DEC670airp414user - December 05, 2025, 03:38:19 PM

i am not using this product.  but i did sign up for it.   i stayed with Opnsense Business edition geoblocking

anyways.  my lite account says unlimited requests using the API access.

seems weird they would be blocking all of a sudden?

#84

General Discussion / Re: Some sites think I live in...

Last post by coffeecup25 - December 05, 2025, 03:33:29 PM

I'm sure they are expanding rapidly vs Comcast.

They are a little late to the party, but coincidentally I just got an email today that they'll be working in my neighborhood next week to expand their multigig (symmetrical) service here.  That's a huge deal as the 30-40Mbps upload cap is no longer viable, and they recognize it, but I don't expect the pricing to be competitive with lesser-known fiber ISPs.

Take a look at what they offer as soon as they are open for business in your area. My new company is very easy to work with. I'm using their free ont and my own router (obviously). No charge for home visit to install from the outdoor hookups. They came to bury the cable when they said they would. No drama of any kind.

Comcast was ok by me until they stopped negotiating better pricing at contract renewals. I tried t_mobile wifi, It offers well over 1 gb wireless at my house. I live very close to a tower. But the modem didn't have a bridge mode and it became very erratic when plugged into the WAN port. I had to send it back. They also had data caps for highest speed data.

Comcast is today offering 1 gb for $50 with a 5 year lock and no data caps. If they still have it in a few months, without typical Comcast drama, I will take a look at going back.

#85

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by meyergru - December 05, 2025, 03:30:50 PM

It works just fine for me and there is a very simple explanation that hides behind this log line:

Code Select Expand

2025-12-05T11:42:13    Error    firewall    geoip update failed : You have reached your 10 downloads per day limit for ipinfo_lite.csv.gz from [ip.ad.dr.ess] Please reach out to increase your limit via support@ipinfo.io. [http_code: 429]

Ipinfo has a daily download limit that you have exceeded, probably because you use the same token on multiple OpnSense instances.

#86

German - Deutsch / Re: IPSec site2site neues Setu...

Last post by viragomann - December 05, 2025, 03:24:16 PM

Hallo,

Der verzweifelte Versuch mit Fake ID's hat klarer Weise auch nicht funktioniert.

Klar ist mir das nicht.
Die ID kann meines Wissens beliebig gewählt werden. Die beiden Seiten müssen sich nur einig sein.
Also deine IP ist bspw. guenter. Dann muss die Remoteseite guenter verifizieren.

Du solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.

#87

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by franco - December 05, 2025, 03:16:04 PM

> geoip update failed : File is not a zip file

but the code didn't change? if they offer a gz file with a zip ending that's not good.


Cheers,
Franco

#88

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by MoonbeamFrame - December 05, 2025, 03:15:02 PM

I'm seeing the same thing. From the timings this is before I updated to 25.7.9 from 25.7.8

Relevant logs from one of my firewalls.

[...]
2025-12-05T11:42:13    Notice    firewall    geoip updated (files: 0 lines: 0)
2025-12-05T11:42:13    Error    firewall    geoip update failed : You have reached your 10 downloads per day limit for ipinfo_lite.csv.gz from [ip.ad.dr.ess] Please reach out to increase your limit via support@ipinfo.io. [http_code: 429]
2025-12-05T11:42:13    Notice    firewall    geoip updated (files: 0 lines: 0)
[...]
2025-12-05T11:42:01    Error    firewall    geoip update failed : File is not a zip file
2025-12-04T11:46:03    Notice    firewall    geoip updated (files: 0 lines: 0)
2025-12-04T11:46:03    Error    firewall    geoip update failed : You have reached your 10 downloads per day limit for ipinfo_lite.csv.gz from [ip.ad.dr.ess]. Please reach out to increase your limit via support@ipinfo.io. [http_code: 429]
[...]
2025-12-04T11:41:04    Error    firewall    geoip update failed : File is not a zip file
2025-12-04T11:41:03    Notice    firewall    geoip updated (files: 0 lines: 0)
2025-12-04T11:41:03    Error    firewall    geoip update failed : File is not a zip file
2025-12-04T11:41:01    Notice    firewall    geoip updated (files: 0 lines: 0)
2025-12-04T11:41:01    Error    firewall    geoip update failed : File is not a zip file
2025-12-03T11:40:08    Notice    firewall    geoip updated (files: 496 lines: 5785121)
2025-12-02T11:39:06    Notice    firewall    geoip updated (files: 496 lines: 4954678)
2025-12-01T11:38:05    Notice    firewall    geoip updated (files: 496 lines: 4951034)
[...]

#89

25.7, 25.10 Series / Re: Unbound error

Last post by spraysn - December 05, 2025, 03:06:10 PM

Code Select Expand

"""
import time
import dns
import dns.name
import unboundmodule
sys.path.insert(0, "/var/unbound/unbound-dnsbl/")
sys.path.insert(0, "/unbound-dnsbl/")
from lib import Query, ModuleContext
from lib.dnsbl import DNSBL
from lib.log import Logger
from lib.utils import obj_path_exists


ACTION_PASS = 0
ACTION_BLOCK = 1
ACTION_DROP = 2
dnsbl_module.py: 248 lines, 10327 characters.
root@OPNsense:/var/unbound/unbound-dnsbl # configctl unbound check
no errors in /var/unbound/unbound.conf
root@OPNsense:/var/unbound/unbound-dnsbl #

#90

25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...

Last post by franco - December 05, 2025, 02:57:46 PM

> geoip update failed : File is not a zip file

but the code didn't change? if they offer a gz file with a zip ending that's not good.


Cheers,
Franco