January 3, 2019


This is a shameless copy and paste from various pages(*) for my own record.

Edit sysctl.conf

# cat >> /etc/sysctl.conf <<-__EOF__

Enable them on the running session:

# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1

Change your pf rules:

# cat > /etc/pf.conf <<-__EOF__

set skip on lo
block return

match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)

IP and subnet

# cat > /etc/hostname.vether0 <<-__EOF__ inet __EOF__

Bridge interface for the guest VMs to attach to, and bridge vether0 to it:

# cat > /etc/hostname.bridge0 <<-__EOF__ add vether0 __EOF__

Bring vether0 and bridge0 online:

# sh /etc/netstart vether0
# sh /etc/netstart bridge0

Reload the pf configuration now (not earlier):

# pfctl -f /etc/pf.conf

Create a basic DHCP server configuration file that matches the vether0 configuration:

# cat > /etc/dhcpd.conf <<-__EOF__
option domain-name "vmm.openbsd.local";
option domain-name-servers,;

subnet netmask {
option routers;


Configure a switch for vmm, so the VMs have connectivity:

# cat > /etc/vm.conf <<-__EOF__

switch "local" {
interface bridge0

Enable and start the DHCP server. We also need to set the flags on dhcpd so that it only listens on vether0. Otherwise, you'll end up with a rogue DHCP server on your primary network:

# rcctl enable dhcpd
# rcctl set dhcpd flags vether0
# rcctl start dhcpd

Enable vmd, and start it as well:

# rcctl enable vmd
# rcctl start vmd
# fw_update

You should notice a new interface, bridge0, in ifconfig now.

If you have avahi-daemon installed, edit /etc/avahi/avahi-daemon.conf to ignore your virtual ethernet device:


Grab a Linux ISO,

$ cd /tmp
$ wget https://nl.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-virt-3.8.0-x86_64.iso

Make a new virtual disk image,

$ vmctl create alpine-virt.img -s 6G

Boot it (login root, no passwd):

# vmctl start alpine-vm -c -d alpine-virt-*.iso -d alpine-virt.img -m 1024M -n local

When your install is done,

# poweroff

Boot it,

# vmctl start alpine-vm -c -d alpine-virt.img -m 1024M -n local

Install docker, edit /etc/apk/repositories and uncomment


Make a User

# adduser pau -G wheel

It is more stable to close the terminal after you have started the VM session, and then ssh from another to it. You can of course find out the IP from ifconfig.

(*) namely

  1. https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110
  2. http://www.h-i-r.net/2017/04/openbsd-vmm-hypervisor-part-2.html
  3. https://gist.github.com/voutilad/1f018ba1fd8e177e40370dda143e5713