Ctrl K

Arch Windows VM with KVM/QEMU

UEFI based Windows 11 virtual machine on an Arch Linux host using QEMU/KVM, libvirt, and virt-manager.

Standard Arch virtualization stack: QEMU/KVM + libvirt + virt-manager + OVMF (UEFI) + swtpm (TPM). Windows 11 requires UEFI and TPM 2.0, both provided by this stack.

Host package setup

sudo pacman -Syu
sudo pacman -S qemu-desktop libvirt virt-manager dnsmasq edk2-ovmf swtpm
sudo systemctl enable --now libvirtd
sudo usermod -aG libvirt $USER

Log out and back in after usermod for group membership to take effect.

Recommended VM configuration

Tested working configuration:

  • Memory: 12 GB (16 GB for heavier multitasking)
  • vCPU: 4 (6 for heavier multitasking)
  • Disk: 100 GB, SATA bus for simplest initial install
  • Firmware: UEFI / OVMF
  • TPM: enabled (required for Windows 11)
  • Network: default libvirt NAT

Verify the default libvirt network is active and set to autostart:

sudo virsh net-list --all
sudo virsh net-info default

Network fix - host forwarding and NAT

On hosts running Docker alongside libvirt, Docker's forwarding rules can block guest internet access. The symptom is the guest receiving an IP from the libvirt bridge but failing to reach outside. Fix by adding the missing rules manually:

sudo iptables -I FORWARD 1 -i virbr0 -o virbr0 -j ACCEPT
sudo iptables -I FORWARD 1 -i virbr0 -j ACCEPT
sudo iptables -I FORWARD 1 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t nat -I POSTROUTING 1 -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

Accepts forwarding from the VM bridge and masquerades guest traffic out to the host network.

virtio NIC driver for Windows

Attach the virtio-win ISO as a CD-ROM in virt-manager:

  • Shut down the VM
  • VM settings -> Add Hardware -> Storage
  • Select the virtio-win ISO -> set device type to CDROM -> attach on SATA
  • Change the VM NIC model to virtio

Then inside Windows, install the NetKVM driver:

  • Device Manager -> locate unknown network adapter
  • Update driver -> Browse my computer
  • Point to the mounted virtio ISO, enable subfolders
  • Install the NetKVM driver (Windows 11 x64)

SPICE guest tools for clipboard and display

Run the SPICE Guest Tools installer inside the Windows guest and reboot. This enables host to guest clipboard and dynamic display resolution. Do this after boot and networking are confirmed.

Setup order

    1. Download Windows 11 ISO, virtio-win ISO, and SPICE Guest Tools
    1. Install host packages and enable libvirtd
    1. Create VM in virt-manager with UEFI, TPM, and NAT networking
    1. Install Windows 11 from ISO
    1. Fix host iptables rules if Docker is also running on the host
    1. Attach virtio-win ISO as CDROM, change NIC to virtio, install NetKVM driver in Windows
    1. Install SPICE Guest Tools in Windows for clipboard and display

Resources