Vezpi/Blog
1
0
Fork 0
Code Issues 2 Pull Requests Actions Wiki Activity

Auto-update blog content from Obsidian: 2025-11-15 22:19:47
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Details
Blog Deployment / Build (push) Has been skipped
Details
Blog Deployment / Deploy-Staging (push) Successful in 11s
Details
Blog Deployment / Test-Staging (push) Successful in 3s
Details
Blog Deployment / Merge (push) Successful in 6s
Details
Blog Deployment / Deploy-Production (push) Successful in 10s
Details
Blog Deployment / Test-Production (push) Successful in 2s
Details
Blog Deployment / Clean (push) Has been skipped
Details
Blog Deployment / Notify (push) Successful in 3s
Details

Browse Source
This commit is contained in:
Gitea Actions
2025-11-15 22:19:47 +00:00
parent 36f1374128
commit 67d23c90ac
2 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
content/post/15-migration-opnsense-proxmox-highly-available.md
View File

@@ -222,6 +222,67 @@ No DNS, it is always DNS
no gateway for backup node -> rework script no gateway for backup node -> rework script
Solution: Enable master node as gateway when backup Solution: Enable master node as gateway when backup
New script
```php
#!/usr/local/bin/php
<?php
/**
* OPNsense CARP event script
* - Enables/disables the WAN interface only when needed
* - Avoids reapplying config when CARP triggers multiple times
*/
require_once("config.inc");
require_once("interfaces.inc");
require_once("util.inc");
require_once("system.inc");
// Read CARP event arguments
$subsystem = !empty($argv[1]) ? $argv[1] : '';
$type = !empty($argv[2]) ? $argv[2] : '';
// Accept only MASTER/BACKUP events
if (!in_array($type, ['MASTER', 'BACKUP'])) {
// Ignore CARP INIT, DEMOTED, etc.
exit(0);
}
// Validate subsystem name format, expected pattern: <ifname>@<vhid>
if (!preg_match('/^[a-z0-9_]+@\S+$/i', $subsystem)) {
log_error("Malformed subsystem argument: '{$subsystem}'.");
exit(0);
}
// Interface key to manage
$ifkey = 'wan';
// Determine whether WAN interface is currently enabled
$ifkey_enabled = !empty($config['interfaces'][$ifkey]['enable']) ? true : false;
// MASTER event
if ($type === "MASTER") {
// Enable WAN only if it's currently disabled
if (!$ifkey_enabled) {
log_msg("CARP event: switching to '$type', enabling interface '$ifkey'.", LOG_WARNING);
$config['interfaces'][$ifkey]['enable'] = '1';
write_config("enable interface '$ifkey' due CARP event '$type'", false);
interface_configure(false, $ifkey, false, false);
} else {
log_msg("CARP event: already '$type' for interface '$ifkey', nothing to do.");
}
// BACKUP event
} else {
// Disable WAN only if it's currently enabled
if ($ifkey_enabled) {
log_msg("CARP event: switching to '$type', disabling interface '$ifkey'.", LOG_WARNING);
unset($config['interfaces'][$ifkey]['enable']);
write_config("disable interface '$ifkey' due CARP event '$type'", false);
interface_configure(false, $ifkey, false, false);
} else {
log_msg("CARP event: already '$type' for interface '$ifkey', nothing to do.");
}
}
```
### Packets Drop ### Packets Drop
Problem while pinging bastion from user vlan, some pings are lost (9%) Problem while pinging bastion from user vlan, some pings are lost (9%)
@@ -244,6 +305,15 @@ Warning rtsold <interface_up> vtnet1 is disabled. in the logs (OPNsense)
Error dhcp6c transmit failed: Can't assign requested address Error dhcp6c transmit failed: Can't assign requested address
## Last Failover
Everything is fine.
When entering CARP maintenance mode, no packet drop is observed.
For a failover, only one packet is dropped
![Pasted_image_20251115225054.png](img/Pasted_image_20251115225054.png)
## Clean Up ## Clean Up

BIN
static/img/Pasted_image_20251115225054.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB