Page MenuHomeVyOS Platform
Create Task
Maniphest T5405

Add VRF support for "update geoip"
In progress, NormalPublicFEATURE REQUEST
Actions

Description

When having vrfs configured attempting to run "update geoip" from op-mode fails:

vyos@vyos:~$ update geoip 
Error: Failed to download GeoIP database
GeoIP not in use by firewall

Workaround is to first switch context into the vrf who can reach internet like so:

vyos@vyos:~$ force vrf INTERNET

vyos@vyos:INTERNET:~$ update geoip
Downloaded GeoIP database
GeoIP not in use by firewall

Suggestion is that "update geoip" should get the same syntax as "add system image" where one from op-mode can specify which vrf the command should run under like so:

vyos@vyos:~$ update geoip vrf INTERNET

Details

Version
VyOS 1.4-rolling-202307250317
Is it a breaking change?
Perfectly compatible

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedFEATURE REQUESTsarthurdevT4299 Firewall - GeoIP filtering
 In progresssarthurdevT7926 Refactor and improve geoip handling
 In progressFEATURE REQUESTsarthurdevT5405 Add VRF support for "update geoip"

Event Timeline

Apachez created this task.Jul 27 2023, 2:37 AM
pasik subscribed.Jul 27 2023, 8:40 AM
dmbaturin triaged this task as Normal priority.Jan 11 2024, 11:52 AM
dmbaturin added a project: VyOS 1.5 Circinus.
syncer edited projects, added VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.May 7 2024, 8:02 AM
manuel81 subscribed.Jun 12 2024, 10:36 AM

For 1.5-rolling-202406120020 it doesnt work even without having a vrf:

vyos@vyos-a# run update geoip 
Downloaded GeoIP database
Error: GeoIP failed to update firewall
[edit]
vyos@vyos-a#

Unfortunately there is no explaining logging (at least I didn't found any).

dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.1); removed VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus.Jul 2 2024, 7:29 PM
dmbaturin added a project: Bugs.Sep 15 2024, 5:03 PM
dmbaturin renamed this task from "update geoip" fails when vrf is being configured to Add VRF support for "update geoip".Oct 8 2024, 9:19 PM
dmbaturin edited projects, added VyOS 1.5 Circinus; removed Bugs, VyOS 1.4 Sagitta (1.4.1).
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Bug (incorrect behavior) to improvement.
dmbaturin subscribed.

I created a separate task for the issue with GeoIP database updates failing regardless of the VRF: https://vyos.dev/T6768

The lack of the VRF option is more of a feature request — a valid one for sure.

syncer changed the subtype of this task from "Bug" to "Feature Request".Oct 30 2024, 5:59 PM
syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.
syncer moved this task from Need Triage to Backlog - Feature Requests on the VyOS Rolling board.
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
c-po added a parent task: T4299: Firewall - GeoIP filtering.Dec 28 2024, 10:57 AM
sarthurdev changed the task status from Open to In progress.Sun, Nov 30, 8:32 PM
sarthurdev claimed this task.
sarthurdev added a parent task: T7926: Refactor and improve geoip handling.