From f477fa13b853ec8fdec5377be0db0e05bcbd47f3 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 14 Aug 2024 21:44:45 +0200 Subject: [PATCH] VPN: WireGuard - support carp vhid reuse on different interfaces, closes https://github.com/opnsense/core/issues/7773 Although all our examples always use vhid as a unique key per firewall, it is possible to add the same vhid to different interfaces. When "disable preempt" is not selected, eventually all of them will switch between master/backup at the same time anyway, so we can assume all virtual ips switch simultaneously. If preempt is disabled, our vhid matching might not be perfect, but likely better than before. --- src/opnsense/scripts/Wireguard/wg-service-control.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/opnsense/scripts/Wireguard/wg-service-control.php b/src/opnsense/scripts/Wireguard/wg-service-control.php index 117d13c6c..bc9cf7a68 100755 --- a/src/opnsense/scripts/Wireguard/wg-service-control.php +++ b/src/opnsense/scripts/Wireguard/wg-service-control.php @@ -39,18 +39,18 @@ require_once('system.inc'); function get_vhid_status() { $vhids = []; - $uuids = []; foreach ((new OPNsense\Interfaces\Vip())->vip->iterateItems() as $id => $item) { if ($item->mode == 'carp') { - $uuids[(string)$item->vhid] = $id; $vhids[$id] = ['status' => 'DISABLED', 'vhid' => (string)$item->vhid]; } } foreach (legacy_interfaces_details() as $ifdata) { if (!empty($ifdata['carp'])) { foreach ($ifdata['carp'] as $data) { - if (isset($uuids[$data['vhid']])) { - $vhids[$uuids[$data['vhid']]] = ['status' => $data['status'], 'vhid' => $data['vhid']]; + foreach ($vhids as $id => &$item) { + if ($item['vhid'] == $data['vhid']) { + $item['status'] = $data['status']; + } } } }