diff --git a/roles/lmn_fvs/tasks/main.yml b/roles/lmn_fvs/tasks/main.yml
index ee841a7..6e3fa61 100644
--- a/roles/lmn_fvs/tasks/main.yml
+++ b/roles/lmn_fvs/tasks/main.yml
@@ -27,6 +27,7 @@
       - elpa-color-theme-modern
       - elpa-magit
       - emacs
+      - filezilla
       - freeplane
       - git
       - gitg
diff --git a/roles/lmn_vm/files/create-vm.sh b/roles/lmn_vm/files/create-vm.sh
index 5f858bf..bd1669f 100755
--- a/roles/lmn_vm/files/create-vm.sh
+++ b/roles/lmn_vm/files/create-vm.sh
@@ -41,8 +41,8 @@ fi
 
 # hardware addresses need to be removed, libvirt will assign
 # new addresses automatically
-sed -i /uuid/d "${VM_NAME}-${VM_CLONE}.xml"
-sed -i '/mac address/d' "${VM_NAME}-${VM_CLONE}.xml"
-
 # and actually rename the vm: (this also updates the storage path)
-sed -i "s/${VM_NAME}/${VM_NAME}-${VM_CLONE}/" "${VM_NAME}-${VM_CLONE}.xml"
+sed -i -E \
+    -e '/<uuid>.+<\/uuid>/d' \
+    -e '/.+mac address.+[[:xdigit:]:]{17}.+/d' \
+    -e "s/${VM_NAME}/${VM_NAME}-${VM_CLONE}/" "${VM_NAME}-${VM_CLONE}.xml"
diff --git a/roles/lmn_vm/files/run-vm.sh b/roles/lmn_vm/files/run-vm.sh
index c3f649d..1f8a714 100755
--- a/roles/lmn_vm/files/run-vm.sh
+++ b/roles/lmn_vm/files/run-vm.sh
@@ -97,6 +97,11 @@ create-clone() {
     sed -i "s/${VM_NAME}/${VM_NAME}-clone/" "${VM_XML}"
     # set virtiofs-Socket
     sed -i "s:VIRTIOFSSOCKET:/run/user/${UID}/virtiofs-${VM_NAME}.sock:" "${VM_XML}"
+
+    # find macvtap interface MAC address:
+    MAC="$(ip link | grep -A1 "vm-macvtap" |
+              sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")"
+    sed -i -E -e "s/MACMACVTAP/$MAC/" "${VM_XML}"
 }
 
 QEMU='qemu:///session'
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index f013d5b..08101fb 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -177,12 +177,39 @@
     create: True
     mode: '0600'
 
-# FIXME #691138
+
+# FIXME #691138, better: prepare interfaces ready to use, c.f. below
 - name: Allow users to attach to bridge
   file:
     path: /usr/lib/qemu/qemu-bridge-helper
     mode: '4755'
 
+- name: Configure macvtap interface
+  ansible.builtin.copy:
+    dest: /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
+    mode: '0600'
+    content: |
+      [connection]
+      id=macvlan-vm-macvtap
+      type=macvlan
+      interface-name=vm-macvtap
+      [macvlan]
+      mode=2
+      parent={{ ansible_default_ipv4['interface'] }}
+      tap=true
+      [ipv4]
+      method=disabled
+      [ipv6]
+      method=disabled
+      [proxy]
+
+- name: Adjust interface permissions for user mode VMs
+  ansible.builtin.copy:
+    dest: /etc/udev/rules.d/80-macvlan.rules
+    content: |
+      SUBSYSTEMS=="net", KERNELS=="vm-macvtap", MODE="0666"
+
+
 - name: Create directory for local .desktop-Files
   ansible.builtin.file:
     path: "{{ item }}"