>Well one of the things of concern is the fact that your tap 
>       status: no carrier
>My connected bhyve vm's have, amongst others:
>       status: active
>        groups: tap
>        Opened by PID 20763

I had no running bhyve vms when I ran the commands.

>And my bridge device tells me:
>bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 
>0 mtu
>        ether 02:76:2d:3d:9c:00
>        inet xxx.xxx.xxx.xxx netmask 0xff000000 broadcast 
>        nd6 options=9<PERFORMNUD,IFDISABLED>
>        groups: bridge
>        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>        member: tap651 
>                ifmaxaddr 0 port 11 priority 128 path cost 2000000
>        member: tap6 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 10 priority 128 path cost 55
>        member: tap14041 
>                ifmaxaddr 0 port 9 priority 128 path cost 2000000
>        member: tap13101 
>                ifmaxaddr 0 port 8 priority 128 path cost 2000000
>        member: tap12041 
>                ifmaxaddr 0 port 6 priority 128 path cost 2000000
>        member: tap13 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 4 priority 128 path cost 2000000
>        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 1 priority 128 path cost 20000
>So I think you first need to connect your VM's, before anything 
>will start to work. Like adding the tap-ifs to the bridge.
>And on the host itself you don't really need to add routing for 
>the VM's
>because everything is actually already connected. Which is what the
>netstat output tells you. The routing table tells you that traffic 
>    link#4             U       bridge0
>is send into the the bridge0 devices, which is directly connected.
>And ip-nrs in that range should appear in the the arp table.
>And the host then knows how to get to them directly.
>Routing for, if any needed, will be required on 
>hosts on you network on lagg0. Unless all hosts there have 
>as their default route.

On my gateway/router/internet connection, I added a static route via its web 

think maybe I am mis-understanding something.

Basically, Internet connected laptop via wifi on a network, 
laptops IP, gateway IP is

I want to put my VMs on a separate, but internet connected subnet

in the bhyve vms:

# cat /etc/rc.conf:

# cat /etc/resolv.conf
nameserver #unbound

can this sort of network config be done without NAT or a bridge, by pure 


