Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
GeoIP 20.7 solution
« previous
next »
Print
Pages: [
1
]
Author
Topic: GeoIP 20.7 solution (Read 5892 times)
Julien
Hero Member
Posts: 666
Karma: 33
GeoIP 20.7 solution
«
on:
August 17, 2020, 03:56:15 pm »
Hi Guys,
If your GEOIP seems not to works after the last uptate, the issue is easy and simple
your firewall Firewall Maximum Table Entries is Limited to 100k.
So Go to your firewall>>>Settings>>>Advanced and change the value of Firewall Maximum Table Entries to 200k and save.
i have mine at 400k as ive got a powerfull hardware.
after i've done that the GEOIP start working and loading IPS.
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
hushcoden
Hero Member
Posts: 550
Karma: 23
Re: GeoIP 20.7 solution
«
Reply #1 on:
August 17, 2020, 05:49:21 pm »
According to my OPNsense, actually the default value is set to 1M and the issue still persists...
Logged
FullyBorked
Sr. Member
Posts: 343
Karma: 24
Re: GeoIP 20.7 solution
«
Reply #2 on:
August 17, 2020, 09:50:07 pm »
Edit: I can't read.... This worked for me.
«
Last Edit: August 18, 2020, 04:29:40 pm by FullyBorked
»
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: GeoIP 20.7 solution
«
Reply #3 on:
August 18, 2020, 12:54:30 am »
Make sure to change the number twice to the one you have already there and reload the GEOIP.
like remove one country and save and re-add it.
i've done it today in 4 boxes which had the issue before and its appear to fix it.
«
Last Edit: August 18, 2020, 01:01:15 am by Julien
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Julien
Hero Member
Posts: 666
Karma: 33
Re: GeoIP 20.7 solution
«
Reply #4 on:
August 19, 2020, 05:45:59 pm »
Today I have rebooted one of the boxes and noticed it’s didn’t load the geoip.
After changing the size from 200k to 400k op has been loaded
It’s a bug but this solutions is the only that works for me till now.
@hydschu read carefully what I said
«
Last Edit: August 19, 2020, 06:53:07 pm by Julien
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
fog
Newbie
Posts: 24
Karma: 2
Re: GeoIP 20.7 solution
«
Reply #5 on:
August 25, 2020, 01:44:04 pm »
After Update to 20.7 GeoIP doesn't work anymore for an Alias with GeoIp, IPv4.
The Problem was, that the pfTable (Firewall: Diagnostics: pfTables) for the Alias was empty!
IPv6 worked.
The cause were empty files *IPv4 in /usr/local/share/GeoIP/alias/.
I renamed /usr/local/share/GeoIP , and applied the settings in Firewall: Aliases: GeoIP setting again.
The folder /usr/local/share/GeoIP was new created, now with the correct IPv4 files.
And the pfTable is filled for the Alias and GeoIP is working again.
Logged
white_rabbit
Full Member
Posts: 240
Karma: 4
Re: GeoIP 20.7 solution
«
Reply #6 on:
August 25, 2020, 09:10:42 pm »
sorry. wrong forum
Logged
geotek
Newbie
Posts: 12
Karma: 0
Re: GeoIP 20.7 solution
«
Reply #7 on:
August 30, 2020, 04:11:04 pm »
There is definitely something wrong with GeoIP processing in V.20.7.1. After Upgrading to this version GeoIP falsely blocked legitimate IPs. Setting "Firewall Maximum Table Entries" to 200000 resolved this issue instantly. When I leave this box empty, the help says "On your system the default size is: 200000" But this can't be, otherwise setting this value explicitly to the same value should not change anything.
This is repeatable. After booting with this field kept empty I get falsely blocket IPs, setting "Firewall Maximum Table Entries" to 200000 resolves this issue again.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
GeoIP 20.7 solution