Setting Up A Hetzner Dedicated Server KVM
I run KVM servers at home for hosting multiple personal websites, but it's gotten to the point now where I need a dedicated server at a data-center to act as a KVM. I decided to go with Hetzner because they were the cheapest nearby (e.g. Europe, not America) provider, that offered an easy/flexible way to add ipv4 addresses.
I had a few "teething issues" with the networking, so I am documenting what I had to do, so I know what to do in future, and hopefully others won't go through the same pain.
Steps
Hetzner offers Debian 10 servers, so I picked one of those and used my tutorial on setting up KVM on Debian 10.
Now that we have a KVM hypervisor, we need to set up our network bridge and our guests to be able to access the internet.
Backup Your Network Interfaces File
In case anything goes wrong, create a backup of your interfaces file.
sudo mv /etc/network/interfaces /etc/network/interfaces.original
Set The Interfaces File
Create a file at /etc/network/interfaces.bridge
with the following content:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
# deliberately no configuration for enp35s0 here
auto kvmbr0
iface kvmbr0 inet static
address <primary IP here>
netmask <netmask here>
gateway <gateway IP here>
bridge_hw enp35s0
bridge_ports enp35s0
bridge_stp off
bridge_fd 1
bridge_hello 2
bridge_maxage 12
... and symlink the /etc/network/interfaces file to it.
sudo ln -s /etc/network/interfaces.bridge /etc/network/interfaces
bridge_hw enp35s0
is required as of Debian 11 'bulleye'. If setting up Debian 10, you may wish to remove this.enp35s0
, be sure to check yours at /etc/network/interfaces.original and change if necessary.
If you need to look up your primary IP, netmask, and gateway, you can just hover over the IP in the web interface and a tooltip will appear with the details as shown below:
If you have multiple IPs, your primary one will be the one that doesn't have a symbol by it for configuring the MAC address.
Reboot!
It turns out that you need to reboot your server for the changes to apply successfully. If you just perform a sudo service networking restart
, then you will lose access to your server.
Request A Single IP
When I started, I knew that I wanted to create multiple guests, so I requested a subnet with multiple IPv4 addresses. This was a mistake because I wanted the guests to have a direct connection to the internet, without having to be routed through the host's IP/MAC. For security, Hetzner filters network traffic by MAC addresses it recognizes, so we need to use a MAC address they provide us with, which can only be done when requesting a single IP not a subnet.
To request a single IP use the web interface as shown below:
Wait for Hetzner to assign an IP to you and notify you via email. Once they have done this, it will appear in the web interface. They are pretty quick at doing this (within hours, not days).
Get MAC Address
Once Hetzner has assigned you another IP, find it's mac address by hovering over the IP as shown below:
Also make note of the gateway IP address as you will need this later.
Configure Guest
If you haven't already, install your first guest to the KVM. For me, this is just a matter of running my KVM command generator tool.
After having installed a guest, we need to edit it's network settings to: 1. Use our bridge 2. Set its MAC address to one given to us by Hetzner.
sudo virsh edit $GUEST_IDENTIFIER
Find the interface section and change:
- interface type to
bridge
- The MAC address to the one provided for the static IP you requested.
- the
source network=
tosource bridge=
, - Set the value to
kvmbr0
to match our interfaces bridge name.
Now boot up your guest, and edit it's /etc/network/interfaces
file to match the following (filling in the details found earlier when getting the MAC address of your new IP)
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address <IP Address>
netmask 255.255.255.255
pointopoint <gateway IP>
gateway <gateway IP>
If you are using a server that uses netplan, such as Ubuntu 18.04 or higher, then you would want the following:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
ens2:
addresses:
- <IP Address>/32
routes:
- to: 0.0.0.0/0
via: <gateway IP>
on-link: true
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
Now reboot your guest, or restart the networking service, and it should now have a normal direct internet connection.
References
First published: 14th June 2020