-
-
Save spali/2da4f23e488219504b2ada12ac59a7dc to your computer and use it in GitHub Desktop.
| #!/usr/local/bin/php | |
| <?php | |
| require_once("config.inc"); | |
| require_once("interfaces.inc"); | |
| require_once("util.inc"); | |
| $subsystem = !empty($argv[1]) ? $argv[1] : ''; | |
| $type = !empty($argv[2]) ? $argv[2] : ''; | |
| if ($type != 'MASTER' && $type != 'BACKUP') { | |
| log_error("Carp '$type' event unknown from source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if (!strstr($subsystem, '@')) { | |
| log_error("Carp '$type' event triggered from wrong source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| $ifkey = 'wan'; | |
| if ($type === "MASTER") { | |
| log_error("enable interface '$ifkey' due CARP event '$type'"); | |
| $config['interfaces'][$ifkey]['enable'] = '1'; | |
| write_config("enable interface '$ifkey' due CARP event '$type'", false); | |
| interface_configure(false, $ifkey, false, false); | |
| } else { | |
| log_error("disable interface '$ifkey' due CARP event '$type'"); | |
| unset($config['interfaces'][$ifkey]['enable']); | |
| write_config("disable interface '$ifkey' due CARP event '$type'", false); | |
| interface_configure(false, $ifkey, false, false); | |
| } |
That sounds like a solution that only works for PPPoE connections. I believe that the "Disconnect dialup interfaces" functionality has been in there for a while now. This script is trying to solve the failover situation for any interface connection, including things like fiber, cellular bridge, or cable modem connections.
For anyone landing here later: I made a working fork for my setup, tested on OPNsense 26.1.7.
Warning: it is vibe-coded / AI-assisted, so please review it carefully before using it in production.
You must adapt the CARP trigger subsystem, interface key, and gateway name placeholders to your own setup.
In my environment, it correctly keeps the DHCP WAN inactive on BACKUP and active on MASTER.
Fork: Link
I am new to OPNsense and had the same problem with WAN DHCP and CARP events.
As all the vibe coded scripts did not work (also had function calls which never were implemented in OPNsense), I took an advanced version of the original script (https://blog.vezpi.com/en/post/migration-opnsense-proxmox-highly-available/) and extended it a little bit in the BACKUP section:
- added
interface_reset($ifkey);to get the WAN interface into the previously configured status - added
system_routing_configure();to let the (maybe) configured backup gateway be set
#!/usr/local/bin/php
<?php
/**
* OPNsense CARP event script
* - Enables/disables the WAN interface only when needed
* - Avoids reapplying config when CARP triggers multiple times
*/
require_once("config.inc");
require_once("interfaces.inc");
require_once("util.inc");
require_once("system.inc");
// Read CARP event arguments
$subsystem = !empty($argv[1]) ? $argv[1] : '';
$type = !empty($argv[2]) ? $argv[2] : '';
// Accept only MASTER/BACKUP events
if (!in_array($type, ['MASTER', 'BACKUP'])) {
// Ignore CARP INIT, DEMOTED, etc.
exit(0);
}
// Validate subsystem name format, expected pattern: <ifname>@<vhid>
if (!preg_match('/^[a-z0-9_]+@\S+$/i', $subsystem)) {
log_error("Malformed subsystem argument: '{$subsystem}'.");
exit(0);
}
// Interface key to manage
$ifkey = 'wan';
// Determine whether WAN interface is currently enabled
$ifkey_enabled = !empty($config['interfaces'][$ifkey]['enable']) ? true : false;
// MASTER event
if ($type === "MASTER") {
// Enable WAN only if it's currently disabled
if (!$ifkey_enabled) {
log_msg("CARP event: switching to '$type', enabling interface '$ifkey'.", LOG_WARNING);
$config['interfaces'][$ifkey]['enable'] = '1';
write_config("enable interface '$ifkey' due CARP event '$type'", false);
interface_configure(false, $ifkey, false, false);
} else {
log_msg("CARP event: already '$type' for interface '$ifkey', nothing to do.");
}
// BACKUP event
} else {
// Disable WAN only if it's currently enabled
if ($ifkey_enabled) {
log_msg("CARP event: switching to '$type', disabling interface '$ifkey'.", LOG_WARNING);
unset($config['interfaces'][$ifkey]['enable']);
write_config("disable interface '$ifkey' due CARP event '$type'", false);
interface_configure(false, $ifkey, false, false);
interface_reset($ifkey);
system_routing_configure();
} else {
log_msg("CARP event: already '$type' for interface '$ifkey', nothing to do.");
}
}
`
The main thing I was missing was CARP on the VLAN interface of my WAN port. I had tried CARP on the physical interface, but it had to be on the VLAN. It works as expected now.