🧠 1. Background
Starting from OPNsense 25.x, the GeoIP function is now integrated into the core system, no plugin installation is required.
However, the authorization method has changed — you now must use both Account ID and License Key in the download URL.
⚙️ 2. Generate License Information on MaxMind
1️⃣ Sign up at MaxMind GeoLite2.
2️⃣ Find your Account ID on your dashboard.
3️⃣ Go to My Account → Manage License Keys, click Generate New License Key.
4️⃣ Enable ✅ “Yes, this key will be used for GeoIP Update Program.”
5️⃣ Copy the generated License Key.
🌐 3. Configure GeoIP in OPNsense
1️⃣ Open OPNsense → Firewall → Aliases → GeoIP settings
2️⃣ Enter this URL pattern in the “URL” field:
https://AccountID:LicenseKey@download.maxmind.com/geoip/databases/GeoLite2-Country-CSV/download?suffix=zip
📘 Example:
https://123456:AbCdEfGhIjKlMnOpQrStUvWxYz123456@download.maxmind.com/geoip/databases/GeoLite2-Country-CSV/download?suffix=zip
3️⃣ Click Apply, then wait for the database to download.
✅ 4. Verification
After downloading successfully, you’ll see:
- Last Updated: shows a timestamp
- Total Ranges: lists millions of entries
That means GeoIP data is now ready for use.
🔒 5. Example Usage
Block China and Russia:
Action: Block
Source: BLOCK_CN_RU
Destination: any
Allow VPN access only from specific countries:
Action: Pass
Source: VPN_ALLOWED
Destination: WAN address (VPN port)
⚡ 6. Notes and Best Practices
| Item | Recommendation |
|---|---|
| Auth Requirement | Use Account ID + License Key |
| URL Format | Must include “@download.maxmind.com” |
| Database Type | GeoLite2-Country (CSV) |
| Update Cycle | Auto monthly or manual Apply |
| Performance | Increase pf table entries to 4 M+ |
✅ 7. Summary
| Version | GeoIP Method | Auth Model | Config Path | URL Pattern |
|---|---|---|---|---|
| ≤ 24.7 | Plugin os-geoip | License Key only | Services → MaxMind | Simple URL |
| ≥ 25.x | Built-in core | Account ID + License Key | Firewall → Aliases → GeoIP Settings | https://AccountID:LicenseKey@... |