Fix obsolete, undeletable WAN interface in Interfaces/Interface Assignments

Mission-Ghost

Through an evolution of WAN providers on my v24.11 Netgate 4200 I recently ended up with the official, unchangeable WAN interface unused and un-deletable. I was able to fix it with the method described here.

I'm reporting the method I used to fix this here because finding how to do it was challenging. I found a post from early in the 2000s that was a big help. The OP had a nearly identical problem but didn't report back on how the suggested edit of config.xml fix went. I can't find the post again or I would have appended this there.

In pfSense, apparently, the 'official' WAN interface is a fixed thing that cannot be deleted in the GUI. However, an actual WAN connection apparently can be assigned to any interface and, as in my case, I ended up with the official WAN interface being unused and unable to be deleted, while one of my two WANs were on the OPT1 interface and could be deleted.

I didn't like this discrepancy, even though the router/firewall worked fine. Discrepancies like these, in my experience, are where the bugs can come out.

I found that the post from the last decade hinted that editing the <wan>...</wan> and (in my case) the <opt1>...</opt1> tags using the console (I used ssh) in /conf/config.xml could fix it by swapping the contents of wan and opt1.

This is the procedure I used to fix it:

WARNING: Making a mistake editing the /conf/config.xml could break your router/firewall and only a factory reset or reinstall might fix it. Use this procedure at your own risk. Do this during a designated service time, not during production. This is a what-I-did post, not a how-to-do-it post.

If you're using ZFS, connect to the GUI and take a snapshot of the working as-is system and set it as the next to boot. This is a fallback in case something gets borked. If you don't have ZFS, use a Diagnostics>Backup & Restore to take a full backup.
Connect to the console. SSH works well or hardwired.
Enter the command cd /conf
Save a backup copy of the working config.xml by entering the command cp config.xml config.xml.0 This will copy the config file to a "version zero" config file which you can copy back over config.xml if you commit a mistake to the live file.
Edit config.xml with an editor. I used vi even though I don't like it. I know it, it's there, it works.
Execute a global search and replace of wan with xxx with verification. (Or perhaps "whole word search and replace would work; I didn't try that.) Verification is important, as the word wan appears inside some strings that must remain unchanged.
Execute a global search and replace of opt1 (in my case) with wan with verification. Verify each replacement to be sure it's ok. In my case opt1 appeared in various rules and I definitely needed them to be updated but elsewhere a change might not have been advisable. Your case may be different. One has to have some understanding of XML and pfSense to do this right.
Execute a global search and replace of xxx with opt1 (opt1 in my case; whatever your opt is in your case) with verification.
Save and exit.
Load the new configuration into the running configuration by executing the command /etc/rc.reload_all Be patient. This takes a little while to finish.
Go to your GUI and examine Interfaces/Interface Assisgnments. It should reflect your changes if your edits worked correctly.
If step 12 and other operational aspects suggest the edit worked properly, go to the ZFS snapshots (if applicable) and switch your next-boot designation to the default, currently-running snapshot.
Reboot.
Verify correct operation.
Delete or reconfigure the Interface Assignments as you see fit.

Good luck.

PS: Editing the Interfaces XML can also be used to sort the interfaces as they appear on the Assign Interfaces page and the monitoring widgets. I found this a welcome unexpected bonus. Having the ability to sort these interfaces for display purposes would be a useful addition to the product.