Vmm /

Configure vmm on OpenBSD

You will need to install vmm-firmware (which appears to be free software):

$ doas fw_update

By default, there are only four tap interfaces. We need to create sufficient devices for all our virtual machines:

# cd /dev
# for i in $(jot 50 4 50); do sh MAKEDEV tap$i; done

We need to increase arpq because we may have so many virtual machines on the same switch:

# sysctl net.inet.ip.arpq.maxlen=1024
# echo "net.inet.ip.arpq.maxlen=1024" >> /etc/sysctl.conf

We will need to permit IPv4 and IPv6 forwarding for our virtual machines:

# sysctl net.inet.ip.forwarding=1
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
# sysctl net.inet6.ip6.forwarding=1
# echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf

Optional virtual Ethernet device

Depending on your networking settings, you may find it helpful to create a vether(4) device which will be used as the interface for the bridge. For example, we might create /etc/hostname.vether0:


Replace with the actual IP address you intend to use as the default gateway. Replace with the subnet mask.

Creating bridge device

Next we must create /etc/hostname.bridge0:

add if0

where if0 is the device you want to bridge. If you want to bridge the optional virtual Ethernet interface above, replace if0 with vether0.

We edit /etc/vm.conf:

socket owner :vmdusers

switch "switch0" {
    interface bridge0

vm "username" {
    owner username
    memory 512M
    cdrom "/home/username/username.iso"
    disk /home/username/username.qcow2
    interface { 
        locked lladdr aa:bb:cc:dd:ee:01
        switch "switch0"

WARNING: Do not use aa:bb:cc:dd:ee:xx. Replace with your own random lladdr address.

WARNING: Do not to pick a broadcast MAC address. If the first octet of the address is an odd number (such as f1:xx:xx:xx:xx:xx or f3:xx:xx:xx:xx:xx), it will appear as a broadcast device and may be the cause of routing issues.

Next, we download our OpenBSD ISO.

$ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso
$ ftp https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso
$ ftp https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/SHA256.sig
$ signify -C -p /etc/signify/openbsd-75-base.pub -x SHA256.sig install75.iso
Signature Verified
install75.iso: OK
$ doas mv install75.iso /home/iso/
$ doas mv SHA256.sig /home/iso/
$ doas chown -R iso:iso /home/iso/

If the signature does not verify, don't proceed.

We will want to enable and start vmd:

$ doas rcctl enable vmd
$ doas rcctl start vmd  

We need to create a new group vmdusers for each of our users so they can access the serial console:

# groupadd vmdusers
# chown root:vmdusers /var/run/vmd.sock

For each virtual machine, we create a user and a disk image using install.pl:

$ ./install.pl
# vmctl create -s 20G username.qcow2

If some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.