Page MenuHomeVyOS Platform
Create Task
Maniphest T5405

Add VRF support for "update geoip"
Open, NormalPublicBUG
Actions

Description

When having vrfs configured attempting to run "update geoip" from op-mode fails:

vyos@vyos:~$ update geoip 
Error: Failed to download GeoIP database
GeoIP not in use by firewall

Workaround is to first switch context into the vrf who can reach internet like so:

vyos@vyos:~$ force vrf INTERNET

vyos@vyos:INTERNET:~$ update geoip
Downloaded GeoIP database
GeoIP not in use by firewall

Suggestion is that "update geoip" should get the same syntax as "add system image" where one from op-mode can specify which vrf the command should run under like so:

vyos@vyos:~$ update geoip vrf INTERNET

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202307250317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Apachez created this task.Jul 27 2023, 2:37 AM
pasik subscribed.Jul 27 2023, 8:40 AM
dmbaturin triaged this task as Normal priority.Jan 11 2024, 11:52 AM
dmbaturin added a project: VyOS 1.5 Circinus.
syncer edited projects, added VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta.May 7 2024, 8:02 AM
manuel81 subscribed.Jun 12 2024, 10:36 AM

For 1.5-rolling-202406120020 it doesnt work even without having a vrf:

vyos@vyos-a# run update geoip 
Downloaded GeoIP database
Error: GeoIP failed to update firewall
[edit]
vyos@vyos-a#

Unfortunately there is no explaining logging (at least I didn't found any).

dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.1); removed VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.5 Circinus.Jul 2 2024, 7:29 PM
dmbaturin added a project: Restricted Project.Sep 15 2024, 5:03 PM
dmbaturin renamed this task from "update geoip" fails when vrf is being configured to Add VRF support for "update geoip".Tue, Oct 8, 9:19 PM
dmbaturin edited projects, added VyOS 1.5 Circinus; removed Restricted Project, VyOS 1.4 Sagitta (1.4.1).
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Bug (incorrect behavior) to Improvement (missing useful functionality).
dmbaturin subscribed.

I created a separate task for the issue with GeoIP database updates failing regardless of the VRF: https://vyos.dev/T6768

The lack of the VRF option is more of a feature request — a valid one for sure.