Libvirt is a library to controls VMs . It manages the network, storage, start and shutdown VMs on Host start / shutdown. In a nutshell, it does anything that you need to control a VM



Libvirt comes with the virsh command. It allows you to do everything from a shell, but it is not very comfortable.


In the moment, there is no Web interface, but there is another easy a very comfortable way to control the VMs via libvirt.


virt-manager is a desktop interface to control Vms and via ssh it can control the VMs on IPFire to.

There are some steps to make it possible to communicate over ssh with libvirt:

  1. Log as root user and change the password of the "libvirt-remote" user to a strong password!
    passwd libvirt-remote
  2. Set up public key access for the user "libvirt-remote"

Now, create a new connection in virt-manager and choose ssh to connect. As user choose "libvirt-remote". You should now able to connect with libvirt.


Vms require a lot of disk space! So create storage pool only on /var or on an extra drive. The root partition is far too small to contain disk images of a VM. Just remember 100 GB disk space in a VMs requires a little bit more disk space on the host.

Host Arch / Guest Arch

There are some differences between i686 host and x86_64 host. Generally, it is recommended to use x86_64 (64 bit) as host arch because an i686 host has some limitations in virtualization.

IPFire i686/i586 (32bit)

On this host arch, it is only possible to virtualize a 32-bit guest. It is not possible to virtualize a 64-bit guest on a 32-bit host.

The virt-manager shows x86_64 as the guest arch on and 32-bit host, but this is a bug, and should ignored.

Also, there is a memory limit on a 32-bit host. It is not possible to allocate more than 2047 MB to a guest. This is a limitation of qemu.

IPFire x86_64 (64-bit)

On this host arch, it is possible to virtualize 32-bit guest and 64-bit guest.


To use this network configuration, you must have installed Core 103 or greater.

There are two and only these two supported network configurations, all other configurations like bridges, bonds, virtual networks are not supported and highly dangerous, you destroy you whole IPFire network if you try to use them and not the supported configuration.

How the supported network configuration works:

  1. You have to set the zone in which the VM should be connected, into bridge or macvtap mode!
    See Network Modes for further explanations.

Now reboot to apply the changes.

You have to do this step only one time. The next time you can start with step 2.

  1. Create a new VM and in choose for the network:

    • macvtap (when the mode of the zone is macvtap)
    • host device: green0phys (orange0phys if you used the orange interface in step 1)
    • and mode: bridge
    • set the checkbox on "use a persistent MAC Address"

When the mode of the zone is 'bridge' then choose:

  • Network
  • Specify shared device name
  • The Bridge name is the name of the bridge device (orange zone => orange0)

The option my called a little bit different. (For example: "Host device green0phys: macvtap")
If there are questions then ask in the forum.

  1. That's it. The Vm are located in the green (orange) network and can communicate with all VMs in the network and with the internet trough IPfire. You can also control the VM with firewall rules and so on.


1. When I try to start a VM I get the the following error:

Could not access KVM kernel module: Permission denied
failed to initialize KVM: Permission denied

The should happen only one time after the installation! If this error occur more than one time please file a bug in the bug tracker.


On a machine with a CPU from intel do as root:

modprobe -r kvm_intel
modprobe -r kvm
modprobe kvm_intel

On a machine with a CPU from AMD, do as root:

modprobe -r kvm_amd
modprobe -r kvm
modprobe kvm_amd
Edit Page ‐ Yes, you can edit!

Older Revisions • May 29 at 11:01 pm • Jon