Last active
December 12, 2025 00:02
-
-
Save kronenpj/e90258f12f7a40c4f38a23b609b3288b to your computer and use it in GitHub Desktop.
OpnSense 25.7 - Disable WAN + OPT2 Interfaces during CARP Failover
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/php | |
| <?php | |
| require_once("config.inc"); | |
| require_once("system.inc"); | |
| require_once("interfaces.inc"); | |
| require_once("interfaces.lib.inc"); | |
| require_once("util.inc"); | |
| $subsystem = !empty($argv[1]) ? $argv[1] : ''; | |
| $type = !empty($argv[2]) ? $argv[2] : ''; | |
| // Add more interfaces that need to be disabled/enabled after a CARP event. | |
| //$iface_aliases = array('wan', 'opt2'); | |
| //$iface_names = array('wan' => 'igc0', 'opt2' => 'gif0'); | |
| $iface_aliases = array('wan', 'wan'); | |
| $iface_names = array('wan' => 'igc0'); | |
| $dhcp_ifaces = array('lan', 'opt3', 'opt1'); | |
| // Optional if you want the default route removed on the backup system | |
| $lan_vip = 'YOUR_LAN_GATEWAY_Virtual_IP'; | |
| $remove_backup_route = False; | |
| if ($type != 'MASTER' && $type != 'BACKUP' && $type != 'INIT') { | |
| log_error("Carp '$type' event unknown from source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if (!strstr($subsystem, '@')) { | |
| log_error("Carp '$type' event triggered from wrong source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if ($type === "MASTER") { | |
| if ($config['interfaces']['wan']['enable'] == 0) { | |
| foreach ($iface_aliases as $ifkey) { | |
| // $iface_name = $iface_names[$ifkey]; | |
| log_error("enable interface '$ifkey' due CARP event '$type'"); | |
| $config['interfaces'][$ifkey]['enable'] = '1'; | |
| legacy_interface_flags($ifkey, 'up'); | |
| interface_configure(false, $ifkey, true, true); | |
| write_config("enable interface '$ifkey' due CARP event '$type'", false); | |
| //usleep(200 * 1000); | |
| //foreach ($dhcp_ifaces as $dhkey) { | |
| // $config['dhcpd'][$dhkey]['enable'] = true; | |
| //} | |
| } | |
| } else { | |
| log_msg("Carp '$type' duplicate event triggered."); | |
| } | |
| } else if ($type === "BACKUP") { | |
| if ($config['interfaces']['wan']['enable'] == 1) { | |
| foreach ($iface_aliases as $ifkey) { | |
| // $iface_name = $iface_names[$ifkey]; | |
| log_error("disable interface '$ifkey' due CARP event '$type'"); | |
| //foreach ($dhcp_ifaces as $dhkey) { | |
| // $config['dhcpd'][$dhkey]['enable'] = false; | |
| //} | |
| interface_reset($ifkey); | |
| unset($config['interfaces'][$ifkey]['enable']); | |
| interface_configure(false, $ifkey, true, false); | |
| exec('/sbin/ifconfig ' . escapeshellarg($ifkey) . 'down 2>&1', $ifc, $ret); | |
| write_config("disable interface '$ifkey' due CARP event '$type'", false); | |
| if ($remove_backup_route === True) { | |
| exec('/sbin/route del default >&1', $ifc, $ret); | |
| exec('/sbin/route add default ' . $lan_vip . ' >&1', $ifc, $ret); | |
| } | |
| } | |
| } else { | |
| log_msg("Carp '$type' duplicate event triggered."); | |
| } | |
| } | |
| ?> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On the occasion when that I recall it occurred to me, I put one in persistent maintenance mode to get the networks on one instance. When I disabled maintenance, everything stayed or went back to the primary. It's worked as expected since. I haven't tried it on 25.7.9.