Last active
February 17, 2026 17:52
-
-
Save kronenpj/e90258f12f7a40c4f38a23b609b3288b to your computer and use it in GitHub Desktop.
OpnSense 25.7 - Disable WAN + OPT2 Interfaces during CARP Failover
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/php | |
| <?php | |
| require_once("config.inc"); | |
| require_once("system.inc"); | |
| require_once("interfaces.inc"); | |
| require_once("interfaces.lib.inc"); | |
| require_once("util.inc"); | |
| $subsystem = !empty($argv[1]) ? $argv[1] : ''; | |
| $type = !empty($argv[2]) ? $argv[2] : ''; | |
| // Add more interfaces that need to be disabled/enabled after a CARP event. | |
| //$iface_aliases = array('wan', 'opt2'); | |
| //$iface_names = array('wan' => 'igc0', 'opt2' => 'gif0'); | |
| $iface_aliases = array('wan', 'wan'); | |
| $iface_names = array('wan' => 'igc0'); | |
| $dhcp_ifaces = array('lan', 'opt3', 'opt1'); | |
| // Optional if you want the default route removed on the backup system | |
| $lan_vip = 'YOUR_LAN_GATEWAY_Virtual_IP'; | |
| $remove_backup_route = False; | |
| if ($type != 'MASTER' && $type != 'BACKUP' && $type != 'INIT') { | |
| log_error("Carp '$type' event unknown from source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if (!strstr($subsystem, '@')) { | |
| log_error("Carp '$type' event triggered from wrong source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if ($type === "MASTER") { | |
| if ($config['interfaces']['wan']['enable'] == 0) { | |
| foreach ($iface_aliases as $ifkey) { | |
| // $iface_name = $iface_names[$ifkey]; | |
| log_error("enable interface '$ifkey' due CARP event '$type'"); | |
| $config['interfaces'][$ifkey]['enable'] = '1'; | |
| legacy_interface_flags($ifkey, 'up'); | |
| interface_configure(false, $ifkey, true, true); | |
| write_config("enable interface '$ifkey' due CARP event '$type'", false); | |
| //usleep(200 * 1000); | |
| //foreach ($dhcp_ifaces as $dhkey) { | |
| // $config['dhcpd'][$dhkey]['enable'] = true; | |
| //} | |
| } | |
| } else { | |
| log_msg("Carp '$type' duplicate event triggered."); | |
| } | |
| } else if ($type === "BACKUP") { | |
| if ($config['interfaces']['wan']['enable'] == 1) { | |
| foreach ($iface_aliases as $ifkey) { | |
| // $iface_name = $iface_names[$ifkey]; | |
| log_error("disable interface '$ifkey' due CARP event '$type'"); | |
| //foreach ($dhcp_ifaces as $dhkey) { | |
| // $config['dhcpd'][$dhkey]['enable'] = false; | |
| //} | |
| interface_reset($ifkey); | |
| unset($config['interfaces'][$ifkey]['enable']); | |
| interface_configure(false, $ifkey, true, false); | |
| exec('/sbin/ifconfig ' . escapeshellarg($ifkey) . 'down 2>&1', $ifc, $ret); | |
| write_config("disable interface '$ifkey' due CARP event '$type'", false); | |
| if ($remove_backup_route === True) { | |
| exec('/sbin/route del default >&1', $ifc, $ret); | |
| exec('/sbin/route add default ' . $lan_vip . ' >&1', $ifc, $ret); | |
| } | |
| } | |
| } else { | |
| log_msg("Carp '$type' duplicate event triggered."); | |
| } | |
| } | |
| ?> |
Author
Prepping to upgrade to 26 finally and ran into an issue. One of my nodes (the backup node, in VIP backup mode) will not keep the WAN interfaces down.. I have 2 interfaces, one to Verizon and one to Spectrum. Switching the CARP master to the master node brings them down.. but after a moment, they come back up. I can't get them to stay down. Currently pinned up on my primary node with the interfaces all disabled to the backup. Anyone seen this before?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On the occasion when that I recall it occurred to me, I put one in persistent maintenance mode to get the networks on one instance. When I disabled maintenance, everything stayed or went back to the primary. It's worked as expected since. I haven't tried it on 25.7.9.