Skip to content

Instantly share code, notes, and snippets.

@tvlooy
Last active February 28, 2024 15:14
Show Gist options
  • Save tvlooy/fd6bc5a77bc03f4d419f395dfcf4f038 to your computer and use it in GitHub Desktop.
Save tvlooy/fd6bc5a77bc03f4d419f395dfcf4f038 to your computer and use it in GitHub Desktop.
OpenBSD VMM howto

OpenBSD VMM howto

Setup

/etc/rc.conf.local

apmd_flags="-A"
dhcpd_flags=vether0
vmd_flags=
ntpd_flags="-s"

/etc/hostname.vether0

inet 192.168.30.1 255.255.255.0 NONE

/etc/dhcpd.conf

# Network:        192.168.11.0/255.255.255.0
# Domain name:    vmm.home.ctors.net
# Name servers:   192.168.11.1
# Default router: 192.168.11.1
# Addresses:      192.168.30.100 - 192.168.30.200

shared-network VMM-HOME-CTORS-NET {
    subnet 192.168.30.0 netmask 255.255.255.0 {
        range 192.168.30.100 192.168.30.200;

        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.30.255;
        option routers 192.168.30.1;
        option domain-name-servers 192.168.11.1;

        filename "auto_install";
        next-server pxe.home.ctors.net;

#        host vm1 {
#            hardware ethernet 00:20:91:00:00:01;
#            fixed-address vm1.vmm.home.ctors.net;
#        }
    }
}

/etc/sysctl.conf

net.inet.ip.forwarding=1

/etc/pf.conf

set skip on lo

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

ext_if="em0"
int_if="{ vether0 tap0 }"
set block-policy drop
set loginterface egress
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass out quick inet
pass in on $int_if inet
pass in on egress inet proto tcp from any to (egress) port 22

/etc/vm.conf

switch "local" {
    add vether0
    add tap0
}

vm "vm1.vm" {
    memory 512M
    kernel "/bsd.rd"
    disk "/vmm/vm1.img"
    interface {
        switch "local"
        lladdr 00:20:91:00:00:01
    }
}

Commands

vmmctl status

vmctl console 1
cu /dev/ttyp0

vmctl create /vmm/vm1.img -s 500M
vmctl start -c -b /bsd.rd -m 512M -i 1 -d /vmm/vm1.img
@rbucker
Copy link

rbucker commented Apr 18, 2021

I kinda knew that was going to be the answer... The two bits that are ahead of me in a pure openbsd solution...

I'm trying to deploy a gateway(haproxy, ssh) and a couple of private web servers. The gateway and webservers would have a private IP ip range. and should be able to us mdns to discover each other. OpenMDNS seems old and resolv.cong changed around 5.2 where they prevent the nameserver format from having a port... ping does not use mdns. golang's code is quite pure and does not support mdns on openbsd and then there is some cruft about libc. (I really do not feel like building my own distro)

ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment