# Configure vmm on OpenBSD

You will need to install vmm-firmware (which appears to be free software):

    $ doas fw_update


By default, there are only four tap interfaces. We need to create sufficient devices for all our virtual machines:

    # cd /dev
    # for i in $(jot 50 4 50); do sh MAKEDEV tap$i; done


We need to increase arpq because we may have so many virtual machines on the same switch:

    # sysctl net.inet.ip.arpq.maxlen=1024
    # echo "net.inet.ip.arpq.maxlen=1024" >> /etc/sysctl.conf


We will need to permit IPv4 and IPv6 forwarding for our virtual machines:

    # sysctl net.inet.ip.forwarding=1
    # echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
    # sysctl net.inet6.ip6.forwarding=1
    # echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf


Next we must create /etc/hostname.bridge0:

    add if0


where if0 is the interface device.

We edit /etc/vm.conf:

    socket owner :vmdusers
    switch "switch0" {
        interface bridge0
    }
    vm "user123" {
        owner user123
        memory 512M
        cdrom "/home/iso/install69.iso"
        disk /home/user123/user123.qcow2
        interface { 
            locked lladdr aa:bb:cc:dd:ee:01
            switch "switch0"
        }
    }


***WARNING***: Do ***not*** use aa:bb:cc:dd:ee:xx. Make sure to choose your own random lladdr. However, make sure not to pick a broadcast MAC address. If the first octet of the address is an odd number (such as f1:xx:xx:xx:xx:xx or f3:xx:xx:xx:xx:xx), it will appear as a broadcast device and may be the cause of routing issues. Networking will no longer work as a result.

Next we will need to download our [ISO for OpenBSD](/https://openbsd.org/ftp.html).

    $ doas useradd -m -g =uid -c "iso" -d /home/iso -s /sbin/nologin iso
    $ ftp https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.iso
    $ ftp https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/SHA256.sig
    $ signify -C -p /etc/signify/openbsd-70-base.pub -x SHA256.sig install70.iso
    Signature Verified
    install70.iso: OK
    $ doas mv install70.iso /home/iso/
    $ doas mv SHA256.sig  /home/iso/
    $ doas chown -R iso:iso /home/iso/


If the signature does not verify, don't proceed.

We will want to enable and start vmd:

    $ doas rcctl enable vmd
    $ doas rcctl start vmd  


We need to create a new group vmdusers for each of our users so they can access the serial console:

    # groupadd vmdusers
    # chown root:vmdusers /var/run/vmd.sock


For each virtual machine, we create a user and a disk image using install.pl:

    $ ./install.pl


    # vmctl create -s 20G user.qcow2


You will need to add this crontab entry for a user to prevent the networking from timing out:

For openbsd:

    @reboot /usr/bin/tmux new -d 'while true; do /sbin/ping -i5 38.87.162.1; done' \;


If some users are using the wrong IPs, you can run tcpdump with the -e flag to show the lladdr of tcp packets.