Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]" (Read 3706 times)
PerpetualNewbie
Newbie
Posts: 30
Karma: 8
OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
on:
August 01, 2021, 12:17:54 pm »
Hello,
We upgraded from OPNSense 21.1.8 to 21.1.9 to 21.7
Before upgrade, MaxMind GeoIP aliases for dual stack IPv4/IPv6 were working.
Now, any GeoIP aliases with just IPv6 selections, or IPv4/IPv6 selections no longer work, and break rule selection, denying port-forward and firewall rules from matching for selection.
When I visit any GeoIP alias with pure IPv6 rules or combination IPv4/IPv6 and edit, then save, or create new and then save, then with either case when complete, choose "apply" I see an error like this for each GeoIP Alias with any support for IPv6:
"Invalid argument. [NAME_OF_ALIAS_with_pure_IPv6_rules_or_IPv4_and_IPv6_rules]"
Where you replace the name "NAME_OF_ALIAS_with_pure_IPv6_rules_or_IPv4_and_IPv6_rules" with the actual name of each alias.
To try to debug...
I've pulled out the URL for downloading updated from MaxMind, and the URL works. I get a zip file with CSV items.
I've manually called the script from the command-line to complete this import process, which appears to complete with a zero exit status (no errors.)
After the script downloads an update, the directory /usr/local/share/GeoIP/alias/ has new files.
For each country selected in the IPv6 rules (examples: CA,US,SG,ZA,IN,AE) I've confirmed there are files in /usr/local/share/GeoIP/alias/ for those regions and IPv4 and IPv6 and none are zero-length.
When I make pure IPv4 GeoIP aliases, and duplicate the dual-stack rules to pure IPv4 rules for firewall or port-forwarding, those work.
Suggestions on where to look next?
Logged
PerpetualNewbie
Newbie
Posts: 30
Karma: 8
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #1 on:
August 01, 2021, 02:18:59 pm »
Sorry for self reply, but problem found.
Firewall -> Settings -> Advanced -> "Firewall Maximum Table Entries"
Quadrupled the present setting, then re-tried to complete a GeoIP , IPv6 alias rule, and the error changed to something about insufficient memory for the v6 aliases.
After some re-tooling, I reduced the number of GeoIP aliases from 5 to 4, then 4 to 3 by re-using the same alias with different countries for services where it didn't quite apply, and now, after edits of any GeoIP IPv6 aliases, no more errors and rules which use them are no longer skipped.
I'll advise my boss we need to get more memory for our instance.
Again, sorry to reply to myself and wasting your time.
Have a great day!
Logged
N0_Klu3
Jr. Member
Posts: 93
Karma: 2
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #2 on:
August 02, 2021, 05:47:17 pm »
Thank you for this!
Logged
TheLatestWire
Jr. Member
Posts: 70
Karma: 6
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #3 on:
August 02, 2021, 08:53:01 pm »
Do you happen to know what the default value for "Firewall Maximum Table Entries" is?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #4 on:
August 03, 2021, 12:02:11 am »
HI, in the info tooltip it reads "Note: Leave this blank for the default. On your system the default size is: 1000000"
Logged
HenrysCat
Jr. Member
Posts: 58
Karma: 2
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #5 on:
August 03, 2021, 06:53:13 pm »
I cant get mine working after the update, Firewall Maximum Table Entries is 2000000
Memory usage 18% (1524/8070MB)
Disk usage 8% [ufs] (2.1G/27G)
I have deleted the alias and GeoIP rule, re added but still no go.
any other ideas?
Thanks all
Logged
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
HenrysCat
Jr. Member
Posts: 58
Karma: 2
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #6 on:
August 03, 2021, 07:19:02 pm »
Update
I have tried connecting to my server behind OPNSense via Tor browser and I cannot connect, so it seems to be working just logging as green/allowed?
Logged
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
HenrysCat
Jr. Member
Posts: 58
Karma: 2
Re: OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"
«
Reply #7 on:
August 04, 2021, 08:03:45 am »
Update 2
Got it working, I disabled all WAN rules, re enabled and now working as it should, almost,
the firewall log now has "IPv6 RFC4890 requirements (ICMP)" on every other line, but that's for another thread.
Logged
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
OPNSense, 21.7, GeoIP, MaxMind, IPv6 aliases error: "Invalid argument. [ALIAS]"