GEOIP stopt working

Started by moellerheide, January 02, 2020, 06:47:24 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 4 5 6 7
User actions
January 12, 2020, 11:51:40 AM #75 Last Edit: January 12, 2020, 12:12:54 PM by chemlud
Quote from: chemlud on January 11, 2020, 08:06:42 PM
I have two floating rules on all interfaces, one with GeoIP as SOURCE, one with DESTINATION. But I checked now, only the one with SOURCE does fire, if I try to access yandex.ru in the browser. My expectation was that even the traffic from the LAN client (GeoIP as DESTINATION) would be blocked...

Can someone of the network nerds please comment on this? Where is my mistake in this line of thought? :-)

PS: I created additional block rules on LAN with GeoIP Alias as DESTINATION, but these also do not fire when I try to contact hosts in the blocked regions. But the browser times out while attempting to reach hosts.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 12, 2020, 02:19:11 PM #76
Transparent Proxy?
January 12, 2020, 05:09:32 PM #77 Last Edit: January 12, 2020, 09:39:25 PM by chemlud
Nope, plain vanilla:

cabel modem (bridged) - DHCPv4 as WAN on OPNsense (latest x64) - LAN (10.10.10.0/25)

Only thing runnning is Suricata with some rules, but I don't see anything in the Suricata logs...

PS: I did a pcap on the LAN interface and see two outgoing SYN packages to 77.88.55.55 (yandex.ru) when trying to browse yandex.ru and 4 retransmissions. Browser times out, but nothing in the life view for the FW logs (filter for 77.88.55.55).
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 12, 2020, 06:59:33 PM #78
Would be nice if someone could post some GeoIP example rules.

I did seem to get it working, but I think my rules could be cleaner. Since floating rules don't include the local IP's, I have to have a rules for all the local nets before the GeoIP rules. Would be nice to include my own IP list into the Maxmind one.

I have to do this because my GeoIP rule is set to block all counties except US using an invert. See attached.
Is there a better way to handle this?
January 13, 2020, 02:09:09 PM #79
Fun fact: I can't reproduce the non-logging issue for the GeoIP rule on a second machine with same OPNsense version, but the geoip Alias FRESH defined AFTER activating the account.

Would have to delete all geoip rules, delete the geoip Alias, create a fresh Alias and rules and see how logging works then. But too busy currently...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 25, 2020, 12:56:26 PM #80
I have aswell problems with geoip.

I have done a fresh install of my opnsense router. So I am at OPNsense 19.7.9_1-amd64

I have this url and when I paste it in a browser I get a ZIP file.
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=MYKEY&suffix=zip

I have deleted old alias and created a new geopip alias. When hitting apply I get "In order to use GeoIP, you need to configure a source in the GeoIP settings tab"

The MaxmInd option I choose when generating key are
Will this key be used for GeoIP Update? : YES
[CHECK] Generate a license key and config file for use with geopipupdate version 3.1.1 or newer. 
January 25, 2020, 02:35:06 PM #81
You should be able to paste that whole URL into a browser and it should download the zip file.. does it?

OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
January 25, 2020, 03:35:39 PM #82 Last Edit: January 25, 2020, 05:22:03 PM by enor
Quote from: marjohn56 on January 25, 2020, 02:35:06 PM
You should be able to paste that whole URL into a browser and it should download the zip file.. does it?

Yes as I wrote. When I paste it in a webbrowser a zip file is downloaded.

Zipfilename: GeoLite2-Country-CSV_20200121.zip
GeoLite2-Country-CSV_20200121
├── COPYRIGHT.txt
├── GeoLite2-Country-Blocks-IPv4.csv
├── GeoLite2-Country-Blocks-IPv6.csv
├── GeoLite2-Country-Locations-de.csv
├── GeoLite2-Country-Locations-en.csv
├── GeoLite2-Country-Locations-es.csv
├── GeoLite2-Country-Locations-fr.csv
├── GeoLite2-Country-Locations-ja.csv
├── GeoLite2-Country-Locations-pt-BR.csv
├── GeoLite2-Country-Locations-ru.csv
├── GeoLite2-Country-Locations-zh-CN.csv
├── LICENSE.txt
└── README.txt


I tried the recommended way to force download with recommended python 3 way but it immediately exited with:
{'address_count': 0, 'file_count': 0, 'timestamp': None, 'locations_filename': None, 'address_sources': {'IPv4': None, 'IPv6': None}}


Hmm Noticed that I get "invalid license key" in curl/other browsers where I didn't sign up for maxmind login.
January 25, 2020, 05:46:51 PM #83 Last Edit: January 25, 2020, 05:57:27 PM by enor
Hmm.
Well generated a new Key at Maxmind but chose NO on "Will this key be used for GeoIP Update? " when generating key.

Which works for me now.
January 26, 2020, 08:45:53 AM #84
OK.. Think we need to change the docs again and advise to select no when selecting the licence type. :)
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
February 02, 2020, 04:10:59 PM #85
Quote from: marjohn56 on January 26, 2020, 08:45:53 AM
OK.. Think we need to change the docs again and advise to select no when selecting the licence type. :)

have the same problem but selecting "no" when i asked "Will this key be used for GeoIP Update?" doesn´t work for me.
the link itself works but not for opnsense. it always asked me to fill in the url which i did. but no success.

Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 02, 2020, 04:29:55 PM #86

Take the url and use curl in the shell

curl -v url


see what happens.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
February 02, 2020, 04:35:13 PM #87
Quote from: marjohn56 on February 02, 2020, 04:29:55 PM

Take the url and use curl in the shell

curl -v url


see what happens.

in the router shell i get an error: license_key=xxxxxxxxxxx: Command not found.
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 02, 2020, 04:42:02 PM #88
added a screenshot for more details
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
February 02, 2020, 04:47:56 PM #89
Look like curl is not installed. Just type curl, do you get a help prompt?


If not pkg install curl
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages 1 ... 4 5 6 7
User actions