GEOIP stopt working

[opnsenseuser]

Look like curl is not installed. Just type curl, do you get a help prompt?


If not pkg install curl

yes

[marjohn56]

Oops.. put your curl string in quotes i.e. curl -v "url"

[opnsenseuser]

Oops.. put your curl string in quotes i.e. curl -v "url"

doesnt work.- got a warning. see screenshot

[marjohn56]

Yes, that's working. It stops because its trying to output the binary file to the terminal. You would normally save it to file, but not interested in that. I think what it is maybe the internal timer that only calls the update once a day. Try the python commands I posted earlier in the thread and see if that unblocks it. Run  the commands then go back to the Alias page and see if its updated. Look at msg #62 in this thread.

[opnsenseuser]

Yes, that's working. It stops because its trying to output the binary file to the terminal. You would normally save it to file, but not interested in that. I think what it is maybe the internal timer that only calls the update once a day. Try the python commands I posted earlier in the thread and see if that unblocks it. Run  the commands then go back to the Alias page and see if its updated. Look at msg #62 in this thread.

yes, perfect. this works!! great support! thx for your help!

regards
rené

[ledufakademy]

wouahhhh : your last update break all my rules with geoip !!!
Professional ?
not sure.

[marjohn56]

It does not break any rules. You have to have a key from Maxmind to use Geoip,  it was not a choice made by the Opnsense devs, it was a fact of life. Once you have that set up, it works as it always did.

[ijsboeker]

I think I may have discovered another reason why the GeoIP alias is not importing definitions after putting in a correct URL with a valid key from MaxMind.

During my setup I made another 'admin' user and disabled the 'root' user. As long as my root user was disabled I couldn't make the forced update through the shell and python3 working. I kept getting an error about permissions.

This made me think and enable the root user. Then switched to root user in shell and sure enough the forced update through python3 works like a charm.

Don't know if it will keep working (e.g. updating) when I disable the root user again.

But in my opinion this should also be possible with a disabled 'root' user, as long as the import/update can be done with another user in de admin group.

Best regards,
Joris.

[hauwech]

Here's a way of forcing a download and seeing what is happening.
Go into the shell. Bold chars are what you must enter
root@gateway:~ # cd /usr/local/opnsense/scripts/filter/lib
root@gateway:/usr/local/opnsense/scripts/filter/lib # python3
You will now be seeing the Python interpreter.
>>> from geoip import download_geolite
>>> download_geolite()
Wait a few seconds and if you have got the correct url and licence you should see something like this:
{'address_count': 433499, 'file_count': 499, 'timestamp': '2020-01-06T23:45:56', 'locations_filename': 'GeoLite2-Country-Locations-en.csv', 'address_sources': {'IPv4': 'GeoLite2-Country-Blocks-IPv4.csv', 'IPv6': 'GeoLite2-Country-Blocks-IPv6.csv'}}....

Hi marjohn56,
thanks a lot, this pointed me to the right way. I configured the URL in opnsense with suffix=tar.gz. This URL in Browser was downloading the file very well, but it does not work in opnsense without any message. The python response  was "File is not a zip file". So I changed the URL to MaxMInds Permalink to CSV-File, this is a zip. Now, after creating a new alias, my opnsense is blocking GeoIP traffic.
After weeks of head scratching it works!
Again: thanks a lot!

Regards
Roland

[hushcoden]

Here's a way of forcing a download and seeing what is happening.

Go into the shell. Bold chars are what you must enter

root@gateway:~ # cd /usr/local/opnsense/scripts/filter/lib
root@gateway:/usr/local/opnsense/scripts/filter/lib # python3

You will now be seeing the Python interpreter.

>>> from geoip import download_geolite
>>> download_geolite()

Wait a few seconds and if you have got the correct url and licence you should see something like this:

{'address_count': 433499, 'file_count': 499, 'timestamp': '2020-01-06T23:45:56', 'locations_filename': 'GeoLite2-Country-Locations-en.csv', 'address_sources': {'IPv4': 'GeoLite2-Country-Blocks-IPv4.csv', 'IPv6': 'GeoLite2-Country-Blocks-IPv6.csv'}}

Hit Ctrl-d to exit the Python interpreter.

This will download the data, and extract the lists to the /usr/local/share/GeoIP/alias folder and prove  that your url is correct. If you run this at anytime it will update the files and you can prove this by looking at the changed date/time on the files in that folder. Note that the free Geolite files are only updated weekly, and according to the Maxmind website this happens on a Tuesday.

Thanks marjohn56, this works ! Do you know if there is an ETA when this will be eventually fixed ?

[marjohn56]

There's nothing to fix. If you just leave it after entering the details it will update... might take a few hours, but it will do so. The 'fix' is just for those with no patience. :)


With GeoIP it only gets updated once a week, updating it every time someone saves the info would really 'p*** ***' maxxmind, so hence the fetch and update is delayed, but it will get called.

[hushcoden]

I must be missing something: I did set up GeoIP Settings as per picture and before today the last update dated back to 3rd of June, so in my case the cron job it's not working...  :o

[marjohn56]

It should update weekly, so there's an issue with that trigger. You might want to raise an issue on Github in that case.