Last active
June 8, 2024 05:54
-
-
Save tlyakhov/15172db645d01dc67a0b585096f28ab3 to your computer and use it in GitHub Desktop.
single-wan OpnSense HA setup. Put this file into /usr/local/etc/rc.syshook.d/carp on both primary/backup firewalls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/php | |
| <?php | |
| require_once("config.inc"); | |
| require_once("system.inc"); | |
| require_once("interfaces.inc"); | |
| require_once("util.inc"); | |
| $subsystem = !empty($argv[1]) ? $argv[1] : ''; | |
| $type = !empty($argv[2]) ? $argv[2] : ''; | |
| if ($type != 'MASTER' && $type != 'BACKUP') { | |
| log_error("Carp '$type' event unknown from source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| if (!strstr($subsystem, '@')) { | |
| log_error("Carp '$type' event triggered from wrong source '{$subsystem}'"); | |
| exit(1); | |
| } | |
| // Add more interfaces that need to be disabled/enabled after a CARP event. | |
| $wan_interfaces = array('wan'); | |
| // interfaces object | |
| $conf_ifs = $config['interfaces']; | |
| foreach ($wan_interfaces as $if_name) { | |
| if (!array_key_exists($if_name, $conf_ifs)) | |
| continue; | |
| $os_if_name = $conf_ifs[$if_name]['if']; | |
| print "Configuring $if_name ($os_if_name)\n"; | |
| if ($type === "MASTER") { | |
| log_error("enable interface '$if_name' due CARP event '$type'"); | |
| $config['interfaces'][$if_name]['enable'] = '1'; | |
| interfaces_bring_up($if_name); | |
| interface_configure(false, $if_name, true, true); | |
| write_config("enable interface '$if_name' due CARP event '$type'", false); | |
| usleep(200 * 1000); | |
| } else { | |
| log_error("disable interface '$if_name' due CARP event '$type'"); | |
| interface_reset($if_name, true); | |
| unset($config['interfaces'][$if_name]['enable']); | |
| interface_configure(false, $if_name, false, false); | |
| exec("/sbin/ifconfig {$os_if_name} down 2>&1", $ifc, $ret); | |
| write_config("disable interface '$if_name' due CARP event '$type'", false); | |
| } | |
| } | |
| ?> |
Updated, thanks (haven't been using this script recently)
also should change line 42 to interface_reset
as they removed interface_bring_down
Updated again.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Line 44 should be changed from
interface_configure(false, $if_name, true, false);to
interface_configure(false, $if_name, false, false);Otherwise you will get a random error when you first enter maintenance mode, as opnsense will try to restart dhcp and dns when you are trying to bring the interface down.