Update lists fail
-
Is the date time correct on the pfsense box?
-
Is the date time correct on the pfsense box?
Yup, the dashboard pfS reads "Current date/time Thu May 10 11:23:16 CEST 2018"
btw what is your MaxMind from, here it reads in the dashboard "MaxMind: Last-Modified: Mon, 06 Nov 2017 19:15:47 GMT"
-
MaxMind: Last-Modified: Tue, 03 Apr 2018 22:41:00 GMT
I am out of good ideas to help you :(.
I did see this which I thought was interesting:
https://serverfault.com/questions/681835/freebsd-pfsense-root-ca-failsSuggests to me your problem is not with pfblockerng but rather with openssl. Perhaps it is unable to update its cert store?
other ideas which may or may not help you:
https://www.google.com/search?q=pfblockerng+%22unable+to+get+local+issuer+certificate%22&oq=pfblockerng+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=pfsense+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=freebsd+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=openssl+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
wish I had answers for you.
Curious to know what you eventually find.
ps: I have found that a 2 am reinstall in some cases is a quicker bug fix then diving down the rabbit hole. I guess it depends on how stock your config is.
-
All of those feeds are hosted on Github and/or Amazon, so I would assume that a DNSBL Feed or an IP Blocklist is blocking access on download… Check the pfBlockerNG Alerts Tab...
Might need to whitelist:
raw.githubusercontent.com s3.amazonaws.comor wildcard whitelist the whole domain
.githubusercontent.com .amazonaws.comFor the MaxMind issue, from the pfSense box, check to see if you can access the MaxMind site:
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.37.47 geolite.maxmind.com has address 104.16.38.47Then try to ping the resulting IPs and get a reply.
The MaxMind download errors are reported to the error.log file…
Once you have fixed connectivity, you can manually download the MaxMind database with this command:
php -f /usr/local/www/pfblockerng/pfblockerng.php dc -
MaxMind: Last-Modified: Tue, 03 Apr 2018 22:41:00 GMT
I am out of good ideas to help you :(.
I did see this which I thought was interesting:
https://serverfault.com/questions/681835/freebsd-pfsense-root-ca-failsSuggests to me your problem is not with pfblockerng but rather with openssl. Perhaps it is unable to update its cert store?
other ideas which may or may not help you:
https://www.google.com/search?q=pfblockerng+%22unable+to+get+local+issuer+certificate%22&oq=pfblockerng+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=pfsense+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=freebsd+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
https://www.google.com/search?q=openssl+%22unable+to+get+local+issuer+certificate%22&oq=pfsense+%22unable+to+get+local+issuer+certificate%22
wish I had answers for you.
Curious to know what you eventually find.
ps: I have found that a 2 am reinstall in some cases is a quicker bug fix then diving down the rabbit hole. I guess it depends on how stock your config is.
Thanks for your time and thoughts.
cheers Qinn
-
All of those feeds are hosted on Github and/or Amazon, so I would assume that a DNSBL Feed or an IP Blocklist is blocking access on download… Check the pfBlockerNG Alerts Tab...
Might need to whitelist:
raw.githubusercontent.com s3.amazonaws.comor wildcard whitelist the whole domain
.githubusercontent.com .amazonaws.comFor the MaxMind issue, from the pfSense box, check to see if you can access the MaxMind site:
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.37.47 geolite.maxmind.com has address 104.16.38.47Then try to ping the resulting IPs and get a reply.
The MaxMind download errors are reported to the error.log file…
Once you have fixed connectivity, you can manually download the MaxMind database with this command:
php -f /usr/local/www/pfblockerng/pfblockerng.php dcThanks, I will try and report back.
Cheers Qinn
-
a```
host -t A geolite.maxmind.comreturns``` geolite.maxmind.com has address 10.10.10.1If I disable DNSBL I get
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.38.47 geolite.maxmind.com has address 104.16.37.47I added .geolite.maxmind.com to the Custom Domain Whitelist in DNSBL, but nothing changes, still I get the ip of the VIP, instead op 104.16.etc.
-
a```
host -t A geolite.maxmind.comreturns``` geolite.maxmind.com has address 10.10.10.1If I disable DNSBL I get
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.38.47 geolite.maxmind.com has address 104.16.37.47I added .geolite.maxmind.com to the Custom Domain Whitelist in DNSBL, but nothing changes, still I get the ip of the VIP, instead op 104.16.etc.
When you manually add a domain or an IP to a whitelist, you need to run a Reload to get it to apply the change or wait until the next cron run to execute… Alternatively, when you whitelist from the Alerts Tab, the whitelist/suppression will take effect immediately.
-
Thanks yeah I was pulling my hair ;) After I added it to the whitelist, I did a "Select 'Reload' option" All and hit run got a "exists" in return. Then I realized it and a reload solved it.
Now
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.37.47 geolite.maxmind.com has address 104.16.38.47Now I works, btw I can do a manual update of MaxMind, but when will pfblockerNG do it automatically?
Thanks BBCan177 I hope everything it going well with the next major release, thumbs up!!
-
Thanks yeah I was pulling my hair ;) After I added it to the whitelist, I did a "Select 'Reload' option" All and hit run got a "exists" in return. Then I realized it and a reload solved it.
Now
host -t A geolite.maxmind.com geolite.maxmind.com has address 104.16.37.47 geolite.maxmind.com has address 104.16.38.47Now I works, btw I can do a manual update of MaxMind, but when will pfblockerNG do it automatically?
Thanks BBCan177 I hope everything it going well with the next major release, thumbs up!!
MaxMind is updated once per month. You will see the cron task in pfSense for that…
Thanks! Its been submitted and awaiting review by the devs...
-
Thanks, did a manual update and worked like a charm.
php -f /usr/local/www/pfblockerng/pfblockerng.php dc Country code update Start Converting MaxMind Country databases for pfBlockerNG. Processing ISO IPv4 Continent/Country Data Processing ISO IPv6 Continent/Country Data [ 05/12/18 16:45:27 ] Creating pfBlockerNG Continent XML files IPv4 Africa [ 05/12/18 16:45:48 ] IPv6 Africa [ 05/12/18 16:45:49 ] IPv4 Antarctica [ 05/12/18 16:45:50 ] IPv6 Antarctica IPv4 Asia IPv6 Asia [ 05/12/18 16:45:59 ] IPv4 Europe [ 05/12/18 16:46:01 ] IPv6 Europe [ 05/12/18 16:46:30 ] IPv4 North America [ 05/12/18 16:46:40 ] IPv6 North America [ 05/12/18 16:47:01 ] IPv4 Oceania [ 05/12/18 16:47:04 ] IPv6 Oceania [ 05/12/18 16:47:06 ] IPv4 South America IPv6 South America [ 05/12/18 16:47:08 ] IPv4 Proxy and Satellite [ 05/12/18 16:47:10 ] IPv6 Proxy and Satellite IPv4 TOP 20 IPv6 TOP 20 pfBlockerNG Reputation Tab Country Code Update Ended [ 05/12/18 16:47:11 ] [2.4.3-RELEASE][root@pfSense.localdomain]/root:Just to be sure I added the MaxMind IP's to my IPV4 whitelist also.
-
MaxMind is updated once per month. You will see the cron task in pfSense for that…
I did a```
crontab -lCheers Qinn -
Did you leave MaxMind Updates unticked ?
There is a Cron package you can install ;)
The job run from 4th to 10th of the month
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> /var/log/pfblockerng/extras.log 2>&1 -
Did you leave MaxMind Updates unticked ?
There is a Cron package you can install ;)
The job run from 4th to 10th of the month
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> /var/log/pfblockerng/extras.log 2>&1Thanks for you reply RonpfS. Nope I haven't disabled it, I just thought a```
crontab -l -
On my system I get :
crontab -l crontab: no crontab for root ``` :o -
So what does the MaxMind updates trigger?
-
@qinn Is there a way to check when the next update of MaxMind will run?
-
@qinn You can check /var/log/pfblockerng/extras.log to see when the last update was done.
-
Thanks, nice overview btw of the last 2 years, seems I have to wait for 11 juni (when updating comes once a month)
-
Hmm it's been well over a month and as from what it looks in the dashboard MaxMind isn't updated, I looked in
cat /var/log/pfblockerng/extras.logand it reads:
Download Process Starting [ 06/05/18 07:00:00 ] /usr/local/share/GeoIP/GeoIP.dat.gz 200 OK /usr/local/share/GeoIP/GeoIPv6.dat.gz 200 OK /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK /var/db/pfblockerng/top-1m.csv.zip 200 OK Download Process Ended [ 06/05/18 07:00:28 ] Country code update Start Converting MaxMind Country databases for pfBlockerNG. Processing ISO IPv4 Continent/Country Data Processing ISO IPv6 Continent/Country Data [ 06/05/18 07:01:46 ] Creating pfBlockerNG Continent XML files IPv4 Africa [ 06/05/18 07:02:07 ] IPv6 Africa [ 06/05/18 07:02:08 ] IPv4 Antarctica IPv6 Antarctica IPv4 Asia IPv6 Asia [ 06/05/18 07:02:17 ] IPv4 Europe [ 06/05/18 07:02:19 ] IPv6 Europe [ 06/05/18 07:02:48 ] IPv4 North America [ 06/05/18 07:02:58 ] IPv6 North America [ 06/05/18 07:03:19 ] IPv4 Oceania [ 06/05/18 07:03:22 ] IPv6 Oceania [ 06/05/18 07:03:24 ] IPv4 South America IPv6 South America [ 06/05/18 07:03:26 ] IPv4 Proxy and Satellite [ 06/05/18 07:03:28 ] IPv6 Proxy and Satellite IPv4 TOP 20 IPv6 TOP 20 pfBlockerNG Reputation Tab Country Code Update Ended [ 06/05/18 07:03:29 ]So it confirms that the last one, was the one I did manually, what goes wrong, why doesn't it update automatically once a month?
Thnx for any advise
Cheers Qinn
