Understanding bhyve and bhyvemgr
Installing bhyvemgr with OctoPkg
Configuring bhyvemgr
Network bridging
DNSMasq for DHCP & DNS
Privilege elevation: sudo or doas
PF firewall and NAT
Pros and Cons of bhyvemgr on FreeBSD and Derivatives
Conclusion
Understanding bhyve and bhyvemgr
When I first dipped my toes into FreeBSD’s native hypervisor, bhyve, I was struck by its elegance and efficiency. Pronounced “bee-hive,” bhyve is a modern, lightweight hypervisor introduced in FreeBSD 10.0. Its architecture leans heavily on the host kernel, drawing on built-in virtualisation capabilities of Intel VT-x and AMD SVM to deliver near-native performance for guest operating systems. Unlike monolithic hypervisors, bhyve delegates much of its I/O and management responsibilities to existing system components—ZFS for storage, the FreeBSD network stack for connectivity, and plain device drivers for hardware acceleration.
Bhyve’s key strengths lie in its simplicity and modularity. Its command-line toolset—bhyve, bhyvectl, bhyveload—lets you script VM lifecycle operations effortlessly. It supports UEFI boot through bhyveload, network bridging, ZFS and UFS disk images, and features like live migration via ZFS snapshots. However, for newcomers, the CLI can be intimidating: dozens of flags, manual editing of scripts, and careful orchestration of network and storage interfaces. That’s where bhyvemgr comes in.
Written in FreePascal and Lazarus by José Alonso Cárdenas Márquez, bhyvemgr presents a polished, desktop-friendly GUI for managing bhyve instances. Since its inception around 2020, bhyvemgr has evolved through steady commits and community contributions; its GitHub repo now boasts over a hundred commits and regular releases (v1.5.0 as of March 2025). It’s sponsored by FreeBSD.org and backed by contributions from the broader BSD community. Unique among bhyve front-ends, bhyvemgr integrates features like:
DNSMasq support, for built-in DHCP and DNS services per VM network
Bridge/TAP device management, creating and managing virtual network topologies
ZFS and raw volume support, allowing one-click disk creation on ZFS pools
VNC and RDP client integration, so you can connect to guest consoles inside the same app
UEFI/UBoot and basic TPM through swtpm for current FreeBSD builds
Sudo/Doas hooks, enabling secure privilege elevation to start and stop VMs
Extensible configuration, exposing bhyve kernel variables and device forms
Put simply, bhyvemgr transforms bhyve from a raw CLI toolkit into a point-and-click virtualisation solution, perfect for desktop users who want to spin up FreeBSD, Linux or other guests without memorising a dozen commands.
Installing bhyvemgr with OctoPkg
On NomadBSD 141R-20240711, OctoPkg comes pre-installed. OctoPkg is a Qt-based GUI frontend to the FreeBSD pkg system, complete with a minimal qt-sudo wrapper for privilege elevation. Here’s how I installed bhyvemgr in a few simple clicks:
Launch OctoPkg
Search for bhyvemgr
Select and install
Verify installation
Once complete, open a terminal and run:
bhyvemgr --version
You should see something like bhyvemgr v1.5.0.
Behind the scenes, OctoPkg runs:
sudo pkg install sysutils/bhyvemgr-qt6 |
so you can use that directly if you prefer the command line. But OctoPkg’s GUI makes discovery and dependency management a breeze, especially on a live USB environment like NomadBSD.
Configuring bhyvemgr
With bhyvemgr installed, a few configuration steps ensure a robust virtualisation environment. I’ll walk through network setup, DNSMasq configuration, privilege elevation, and PF firewall rules.
Network bridging
For most use cases, a bridge network lets your VMs behave like physical machines on your LAN. On NomadBSD, edit /etc/rc.conf:
cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="addm em0 addm tap0 up"
ifconfig_em0="up" |
em0 is your physical NIC (replace with re0, igb0, etc., as appropriate).
tap0 will be dynamically assigned by bhyvemgr for VMs.
bridge0 aggregates em0 and any tapX interfaces.
Restart networking or reboot:
sudo service netif restart |
DNSMasq for DHCP & DNS
bhyvemgr can manage DNSMasq directly. Install it via OctoPkg or:
Create a minimal /usr/local/etc/dnsmasq.conf:
interface=bridge0
bind-interfaces
dhcp-range=192.168.100.50,192.168.100.150,12h
no-resolv
server=1.1.1.1 |
interface: listen on your bridge.
dhcp-range: IP pool for VMs.
no-resolv: ignore /etc/resolv.conf, use server entries.
Enable DNSMasq in /etc/rc.conf:
Start the service:
sudo service dnsmasq start |
Privilege elevation: sudo or doas
bhyvemgr needs root permissions to load modules, create TAP devices, and launch bhyve. If you use doas (recommended for its simplicity), add /usr/local/etc/doas.conf:
permit nopass :wheel as root cmd /usr/local/bin/bhyvemgr
permit nopass :wheel as root cmd /sbin/kldload
permit nopass :wheel as root cmd /sbin/kldstat
permit nopass :wheel as root cmd /sbin/ifconfig
permit nopass :wheel as root cmd /usr/sbin/pipewire # if using audio passthrough |
Adjust commands as needed. For sudo, in /usr/local/etc/sudoers:
/etc/sudoers.d/bhyvemgr:
%wheel ALL=(ALL) NOPASSWD: /usr/local/bin/bhyvemgr, /sbin/kldload, /sbin/ifconfig, /usr/sbin/... |
PF firewall and NAT
If you want VMs to access the wider internet via NAT rather than bridge, use PF:
1. Enable PF in /etc/rc.conf:
pf_enable="YES"
2. Edit /etc/pf.conf:
ext_if = "em0"
vm_net = "192.168.100.0/24"
# NAT VMs to external network
nat on $ext_if from $vm_net to any -> ($ext_if)
# Allow all traffic (adjust for stricter rules)
pass all |
3. Reload PF:
sudo service pf reload
With this, bhyvemgr can create TAP interfaces in the 192.168.100.* subnet, DHCP them via DNSMasq, and NAT their traffic out through em0.
Pros and Cons of bhyvemgr on FreeBSD and Derivatives
Pros
Native integration: bhyvemgr plugs into FreeBSD’s bhyve, ZFS, and network stack—no virtualization layer overhead.
Desktop-friendly: point-and-click VM creation with wizards for disk, network, ISO mount and console.
Cross-platform UI: GTK2, Qt5, and Qt6 builds support a variety of desktop environments on FreeBSD, GhostBSD, NomadBSD, and DragonFly.
Lightweight: minimal dependencies beyond base system tools, dnsmasq, swtpm, and a viewer (virt-viewer or xfreerdp).
Rapid development: active GitHub repo, quarterly FreeBSD status reports, clear TODO list and community engagement.
Cons
Limited enterprise features: no live migration (beyond ZFS snapshot scripting), no high-availability clustering, no SPICE.
GUI only: power users who prefer pure CLI scripting may find bhyvemgr’s abstraction limiting.
Dependency on external services: requires dnsmasq, PF or bridge, doas/sudo—more moving parts than headless bhyve scripts.
Platform support: while amd64 on FreeBSD 13-15 and CURRENT is well-tested, aarch64 support lags slightly and may require on-current kernel features (TPM, swtpm).
Not suitable for production: bhyvemgr focuses on desktop use; it lacks the robustness and security auditing of enterprise hypervisors.
On GhostBSD and NomadBSD, bhyvemgr shines as a demo or classroom tool—live USB persistence, graphical niceties, and pre-installed OctoPkg streamline evaluation. Yet for hardened server environments, one may still script bhyve manually or leverage CBSD for more integrated jail and bhyve management in datacentres.
Conclusion
In my explorations, bhyve paired with bhyvemgr offers a compelling “FreeBSD-native” virtualisation story. You get the performance and security of a hypervisor built into the kernel, wrapped in a friendlier GUI that removes much of the tedium of manual command-line usage. On NomadBSD, the process is even smoother thanks to OctoPkg, a persistent live-USB environment, and minimal setup wizardry. Whether you’re teaching FreeBSD, recovering data, or simply tinkering with guests on a flash drive, this stack delivers an elegant out-of-the-box experience.
Disclaimer: All product names, trademarks and registered trademarks are property of their respective owners. The Distrowrite Project presents this information for educational purposes; use of open-source software in production environments requires careful risk assessment. This content is provided for informational purposes only and reflects the author’s understanding at the time of publication. While reasonable efforts have been made to ensure accuracy, no warranties are given. The publisher accepts no responsibility for errors, omissions, or outcomes related to its use. Always consult official documentation and professional guidance where necessary.
References & Further Reading
Bhyve management GUI (bhyvemgr) on GitHub: https://github.com/alonsobsd/bhyvemgr
sysutils/bhyvemgr port details: https://www.freshports.org/sysutils/bhyvemgr/
FreeBSD Quarterly Status Report (Bhyvemgr): https://www.freebsd.org/status/report-2025-01-2025-03/bhyvemgr/
NomadBSD Handbook: https://nomadbsd.org/handbook/handbook.html
OctoPkg README: https://github.com/aarnt/octopkg/blob/master/README.md
FreeBSD Networking Handbook (bridging): https://docs.freebsd.org/en/books/handbook/network-bridging/
DNSMasq configuration guide: https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
PF User’s Guide: https://docs.freebsd.org/en/books/handbook/firewalls-pf/
Hello, bhyvemgr author here. Thank you for you article about bhyvemgr. I'm a FreeBSD committer too but I want to clarify that FreeBSD.org is not sponsored this project. It is a personal project that I started some time ago with the main objective to close FreeBSD desktop users to use bhyve in their computers. Greetings and thank you again
ReplyDelete