OPNsense CARP/MacSpoofing issues

[gislaved]

Ì'm having some issues with macspoofing on Proxmox as my CARP Master/Backup VIP's are flapping in state between the servers and stay that way they are set.

I have checked:

• Disable hardware checksum offload
• Disable hardware TCP segmentation offload
• Disable hardware large receive offload
• Disable VLAN Hardware Filtering

Which should solve the issues with Virtio Nics most of the time.

Then we still have the Proxmox server that doesn't know about MacSpoofing so I wonder what needs to be set.

People seem to have it working under Pfsense they say, not difference with OPNsense I would say on that part as it's pretty BSD based.

I see this on my WAN and LAN interfaces where I sync over LAN.


In the past on other environments like oVirt I needed to disable macspoofing for the VM.

Anyone running this just fine ?

 

[gislaved]

As an update on this: It seems that this casue something, I thin IP spoofing where also the Slave (Backup) box cannot ping the LAN Gateway when pf is enabled but I can SSH into it using my VPN to the MASTER VM.

CARP has detected a problem and this unit has been demoted to BACKUP status.
Check link status on all interfaces with configured CARP VIPs.

I'm doing this over VLAN interfaces and I saw people having issues there in the past, could that be a problem as I see the advertisements using tcpdump.