TroubleShoot / Frequently Asked Questions (FAQ)
I lost my account, HELP!
To invoke password recovery, run:
`/var/lib/nPulse/BVCP/Backend/vmm reset_password`
noVNC window is blinking and always reconnecting
Due in fact Bhyve allows one VNC session, please ensure that only one VNC window opened on the same Virtual Machine, otherwise the VNC transmission falpping between your browser windows.
Prior BVCP 2.0.0 this should not be issue anymore.
It says the VM is rebooting but nothing happens
In this case the VM could not be started properly, maybe not enough of memory available, check your dashboard and
also you can check the bhyve output at default `/vms/tmp/[VN_NAME]/log` location.
How can I add .ISO images?
When the default installation path is /vms then you should see there a folder /vms/iso_images. Simply copy or move there.
Sometimes I experience network lag especially when I start a virtual machine
This could happen only when the very first VM attached into the bridged network, in this case the FreeBSD reset the network interfaces that involved.
Can I have bridged network interface?
Yes, absolutely out-of-the-box.
Windows is frozen, hung up
Windows VMs are could freeze because of legacy e1000 network driver, use virtio instead!
Linux, Debian does not boot
Bhyve UEFI firmware does not save the path after reboot, its a little tricky, but UEFI loader should be installed as `boot` prefix. To solve this issue we recommend to boot-up with livecd and rename debianx64 efi file to bootx64, and same with the debian folder should be boot. Learn More.
Prior BVCP 2.0.0 this should not be issue anymore.
Can I have multiple hosts with one webinterface?
Yes, absolutely out-of-the-box, see below.
How can I start/stop/restart the frontend?
`service bvcp-frontend start / stop / restart`
How can I start/stop/restart the backend?
`service bvcp-backend start / stop / restart`
How can I start/stop/restart the helper?
`service bvcp-helper start / stop / restart`
Can I have NAT interface with portforwarding enabled?
Yes, absolutely but this is requires manual configuration, Learn more.
Where is the software installed?
The software is running under /var/lib/nPulse/BVCP untouched and by default: /vms. Because the software `integrates` with the OS but running independently.
Where will be the disk images created?
The software lists all of your mountpoints as drive, you can add them as `Storage` so then a new folder `vm_images` created into the root of the mountpoint here you can find your images after creation.
How to migrate, what disks are supported?
Migrating from existing virtual machines is very possible, please keep in mind BVCP only supports raw disk images so if you have different, like .vmdk, .qcow2 you must convert it into raw first. BVCP does not support other than UEFI!
Why FreeBSD?
FreeBSD has smaller resource footprint and faster. Thats means you can run more virtual machines with more modern technology.
Should I learn FreeBSD?
You should, Installing FreeBSD 10x harder than managing it, after that its just like as any linux distro! Commands are nearly the same. And if you watch one of the most popular streaming service or playing with PlayStation, you are already a FreeBSD user by now.
Why is this better than others?
No one said that, but this is pretty different and I have not seen any working UI for Bhyve yet.
After years I can say that, this one is reliable and just works, that could be a reason.
Does it IPv6 Ready?
It is. IPv4 and IPv6 are fully Supported!
What packages needed, depedencies?
Nothing just the FreeBSD!
Can I use it with Let's Encrypt?
Yes Of Corse, the self-signed SSL certificates are only generated if there is none! Please refer for /var/lib/nPulse/BVCP/sslCertificate.pem and bvcp.conf for more informations!
Can I run Windows with it?
Yes, but UEFI capable windows (Windows 7, Windows 10) and only with virtio drivers.
Please note that the latest release of BVCP supports NVME storages which is natively works on Windows 10+.
Windows 11 requires TPM support that does not found on Bhyve and should not be, but many workarounds already exists on the internet to solve this easily, even Microsoft let this workaround happen.
Does it sending usage statistics?
Yes. To be fair we only get error reporting and initial info such as hostname, OS version, License status. We are regulated and we are comply with both EU and US laws. For more information please visit https://npulse.net/en/about/19-our-privacy--data-handling-policy
Summary
BVCP is a robust all-in-one set for managing Bhyve Virtual Machines on FreeBSD via secure webinterface.
BVCP uses a lightweight webinterface, supports:
- - Authentication with detailed logging
- - System Health Assessments
- - TLS/SSL
- - noVNC Console
- - User Management
- - Storage Management
- - Network Management
- - VM Management
Frontend WebUI
Frontend running with unprivileged (www) user and does not interact with the system directly, every call uses built-in API through AES128 point-to-point encryption.
Frontend uses its own built-in webserver, supported protocols are: HTTP/1.0 HTTP/1.1 (TLS/SSL), no third party module needed.
Frontend/Authentication
The login interface provided by the frontend, but the authentication itself is happening on backend side always, the software uses cookies to store login information as encrypted form and revalidates every x seconds.
Security Fencing
This model proven as very secure within the past years, hence an attacker can not interact with a system-wide process directly nor the database, in fact the frontend also does not have database connection.
Users can interact with the Virtual Machines only, and no way to touch the main OS from this software.
DOS/DDOS
As inherited from a security appliance, our framework automatically managing the incoming connections, so in case of abnormal traffic the DOS mitigation kicks in and ignoring, that is very effective however not a full protection against DOS/DDOS.
noVNC Console
Users can interact graphically with the virtual machines but the VNC protocol is unsafe due its unencrypted, we encapsulates into TLS, hardened AES as traffic between the Backend - Frontend - EndUser line.
When using VNC, users will connect to the frontend, then the frontend make (secure, AES) tunnel into the backend. So the VNC data is encrypted between any party.
The Backend
The backend is running with highest (root) privileges and serve a TCP servers for RFB (VNC) and for the API.
Every operation done by backend.
The Helper
The helper is running with highest (root) privileges and start / stop the VMs. This is for security, because forked applications sometimes has access to it's parent. We focusing on that security, meanwhile others does not even care to run the frontend with unprivileged user, thats why BVCP born.
Utility
The backend has some power-utility, such as reset admin password, and setup / update API CLI.
Database
BVCP uses SQLite Database!
VMCTL
VMCTL is a very small single C program that just fork bhyve instance and keep it running.
Alternatives, Similar Softwares
Configuration File
/var/lib/nPulse/BVCP/bvcp.conf
; Configuration File
api
{
auto_blacklist_sec = 10 ; 10 seconds of blacklist if one IP exceeds max_connections_per_ip
idle_timeout_ms = 60000 ; Connection will be dropped if no transmission done within 60 seconds
instances = 1 ; Defines how many instances run at once, consume more CPU and RAM
ipv4_listen = 127.0.0.1 ; IPv4 Listening Address, use: 0.0.0.0 to bind on all interfaces
ipv6_listen = ::1 ; IPv6 Listening Address, use: :: to bind on all interfaces
max_connections_per_ip = 50 ; Defines maximum allowed connections per IP Address
max_data_size = 200 ; Maximum allowed data is 200MB
port = 8628 ; Port number that listening on
}
core
{
date_format = %Y/%m/%d ; Defines Date format C-Function
time_format = %H:%M:%S ; Defines Time format C-Function
version = v12 ; Config Version
}
geoip
{
asn_database = geoIP/geolite_asn.mmdb
city_database = geoIP/geolite_city.mmdb
country_database = geoIP/geolite_country.mmdb
}
rfb
{
auto_blacklist_sec = 10 ; 10 seconds of blacklist if one IP exceeds max_connections_per_ip
idle_timeout_ms = 60000 ; Connection will be dropped if no transmission done within 60 seconds
instances = 1 ; Defines how many instances run at once, consume more CPU and RAM
ipv4_listen = 127.0.0.1 ; IPv4 Listening Address, use: 0.0.0.0 to bind on all interfaces
ipv6_listen = ::1 ; IPv6 Listening Address, use: :: to bind on all interfaces
max_connections_per_ip = 50 ; Defines maximum allowed connections per IP Address
max_data_size = 200 ; Maximum allowed data is 200MB
port = 8659 ; Port number that listening on
}
security
{
api_key = 208C694F9CBD2BFA47F8E4EC7C0D2A5FB3B29984802E3E049A73A2011CB93BDC ; SECRET! API KEY
secret = 59DFDCCC370406476578BDB1A42F2E0A05113D161F3F6A931E78564A7D034EC2 ; SECRET, INTERNAL USE ONLY
}
vm
{
vm.hostname = master.bhyve.npulse.net ; Self Hostname, important to matches with real hostname
vm.root = /vms ; Data Dir, where the log files and database is located.
}
vmctl
{
auth_node = master.bhyve.npulse.net ; Defines the master node, on multiple nodes this node refer for users and authentications
dns_ip = 8.8.8.8 ; DNS IP for built-in DNS resolver
nodes = master.bhyve.npulse.net one.bhyve.npulse.net ; Phyisical Nodes
smtp_auth_user = ; SMTP Auth User for mailing support
smtp_from = ; SMTP Sender Address for mailing support
smtp_password = ; SMTP Password for mailing support
smtp_port = 25 ; SMTP Port for mailing support
smtp_server = ; SMTP Server for mailing support
two_factor = yes ; NOT IMPLEMENTED
}
vmctl_master.bhyve.npulse.net ; Delegated Configuration for node
{
host = localhost ; Physical Host Name or IP Address
key = 208C694F9CBD2BFA47F8E4EC7C0D2A5FB3B29984802E3E049A73A2011CB93BDC ; API KEY
name = Master Node ; Name that will shown
port = 8628 ; API Port
rfb_port = 8659 ; RFB/VNC Port
}
vmctl_one.bhyve.npulse.net ; Second node, Always prepend 'vmctl_'
{
host = 91.82.18.18 ; Physical Host Name or IP Address
key = AAAA694F9CBD000047F8E4EC7C0D2A5FB3B29984802E3E049A73A2011CB9F0DC ; API KEY
name = The One ; Name that will shown
port = 8628 ; API Port
rfb_port = 8659 ; RFB/VNC Port
}
webui
{
auto_blacklist_sec = 10 ; 10 seconds of blacklist if one IP exceeds max_connections_per_ip
enable_compression = true ; Enable GZIP / DEFLATE over HTTP
idle_timeout_ms = 60000 ; Connection will be dropped if no transmission done within 60 seconds
instances = 4 ; Defines how many instances run at once, consume more CPU and RAM
ipv4_listen = 0.0.0.0 ; IPv4 Listening Address, use: 0.0.0.0 to bind on all interfaces
ipv6_listen = :: ; IPv6 Listening Address, use: :: to bind on all interfaces
keep_alive_ms = 60000 ; HTTP Keep-Alive timeout after 60 seconds
max_connections_per_ip = 200 ; Defines maximum allowed connections per IP Address
port = 8086 ; Port number that listening on
post_max_size_mb = 200 ; Maximum POST data is limited to 200MB
setuid_user = www ; Set-UID user
ssl_cert = /var/lib/nPulse/BVCP/sslCertificate.pem ; Defines TLS Certificate Location
ssl_chain = /var/lib/nPulse/BVCP/sslCertificate.pem ; Defines TLS Certificate CA-Chain Location
ssl_key = /var/lib/nPulse/BVCP/sslCertificate.pem ; Defines TLS Certificate Key Location
static_cache_sec = 3600 ; Static files cached for one hour
use_ssl = true ; Enable and Forces SSL
}