OPNsense CARP/MacSpoofing issues


New Member
Feb 25, 2019
Ì'm having some issues with macspoofing on Proxmox as my CARP Master/Backup VIP's are flapping in state between the servers and stay that way they are set.

I have checked:

  • Disable hardware checksum offload
  • Disable hardware TCP segmentation offload
  • Disable hardware large receive offload
  • Disable VLAN Hardware Filtering
Which should solve the issues with Virtio Nics most of the time.

Then we still have the Proxmox server that doesn't know about MacSpoofing so I wonder what needs to be set.

People seem to have it working under Pfsense they say, not difference with OPNsense I would say on that part as it's pretty BSD based.

I see this on my WAN and LAN interfaces where I sync over LAN.

In the past on other environments like oVirt I needed to disable macspoofing for the VM.

Anyone running this just fine ?
As an update on this: It seems that this casue something, I thin IP spoofing where also the Slave (Backup) box cannot ping the LAN Gateway when pf is enabled but I can SSH into it using my VPN to the MASTER VM.

CARP has detected a problem and this unit has been demoted to BACKUP status.
Check link status on all interfaces with configured CARP VIPs.

I'm doing this over VLAN interfaces and I saw people having issues there in the past, could that be a problem as I see the advertisements using tcpdump.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!