Libvirt is a library to controls virtual machines (VMs). It manages the network, storage, start and shutdown VMs on Host start / shutdown. In a nutshell, it does anything that you need to control a VM. In IPFire, it can be used to extend the system functionality beyond the available addons.

Note - Support for macvtap has been dropped as of Core Update 156. Please use bridges instead.



Libvirt comes with the virsh command. It allows you to do everything from a shell, but it is not very easy to use.


In the moment, there is no Web interface, but there is another easy and very comfortable way to control the VMs via libvirt.


virt-manager is a desktop interface to control VMs. It can be used to create and control VMs on IPFire over an SSH connection.

There are some steps to make it possible to communicate over ssh with libvirt:

  1. Log as root user and set a strong password for "libvirt-remote" user!
    passwd libvirt-remote
  2. Set up public key access for the user "libvirt-remote"

Now, create a new connection in virt-manager and choose ssh to connect. As user choose "libvirt-remote". You should now able to connect with libvirt.


VMs can require a lot of disk space! So create storage pool only in /var or on an extra drive. Depending on your IPFire system the root partition may be too small to contain disk images of a VM. Remember 100 GB disk space in a VMs requires a little bit more disk space on the host.

Host Arch / Guest Arch

There are some differences between i686 host and x86_64 host. Generally, it is recommended to use x86_64 (64 bit) as host arch because an i686 host has some limitations in virtualization.

IPFire i686/i586 (32bit)

On this host arch, it is only possible to virtualize a 32-bit guest. It is not possible to virtualize a 64-bit guest on a 32-bit host.

The virt-manager shows x86_64 as the guest arch on and 32-bit host, but this is a bug, and should ignored.

Also, there is a memory limit on a 32-bit host. It is not possible to allocate more than 2047 MB to a guest. This is a limitation of qemu.

IPFire x86_64 (64-bit)

On this host arch, it is possible to virtualize 32-bit guest and 64-bit guest.


To use this network configuration, you must have installed Core 103 or greater.

There are two and only these two supported network configurations, all other configurations like bridges, bonds, virtual networks are not supported and highly dangerous, you destroy you whole IPFire network if you try to use them and not the supported configuration.

How the supported network configuration works:

  1. Set the zone in which the VM should be connected into bridge mode.

Now reboot to apply the changes.

You have to do this step only one time. The next time you can start with step 2.

  1. Create a new VM and in choose for the network:

    • macvtap (when the mode of the zone is macvtap)
    • host device: green0phys (orange0phys if you used the orange interface in step 1)
    • and mode: bridge
    • set the checkbox on "use a persistent MAC Address"

When the mode of the zone is 'bridge' then choose:

  • Network
  • Specify shared device name
  • The Bridge name is the name of the bridge device (orange zone => orange0)

The option may be called a little bit differently. (For example: "Host device green0phys: macvtap")
If there are questions then ask in the forum.

  1. That's it. The Vm are located in the green (orange) network and can communicate with all VMs in the network and with the internet trough IPfire. You can also control the VM with firewall rules and so on.


1. When I try to start a VM I get the the following error:

Could not access KVM kernel module: Permission denied
failed to initialize KVM: Permission denied

The should happen only one time after the installation! If this error occur more than one time please file a bug in the bug tracker.


On a machine with a CPU from intel do as root:

modprobe -r kvm_intel
modprobe -r kvm
modprobe kvm_intel

On a machine with a CPU from AMD, do as root:

modprobe -r kvm_amd
modprobe -r kvm
modprobe kvm_amd