Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Setting Up A Hetzner Dedicated Server KVM

I run KVM servers at home for hosting multiple personal websites, but it's gotten to the point now where I need a dedicated server at a data-center to act as a KVM. I decided to go with Hetzner because they were the cheapest nearby (e.g. Europe, not America) provider, that offered an easy/flexible way to add ipv4 addresses.

I had a few "teething issues" with the networking, so I am documenting what I had to do, so I know what to do in future, and hopefully others won't go through the same pain.

Steps

Hetzner offers Debian 10 servers, so I picked one of those and used my tutorial on setting up KVM on Debian 10.

Now that we have a KVM hypervisor, we need to set up our network bridge and our guests to be able to access the internet.

Backup Your Network Interfaces File

In case anything goes wrong, create a backup of your interfaces file.

sudo mv /etc/network/interfaces /etc/network/interfaces.original

If anything goes wrong, it's pretty easy to request a KVM spider be connected to your server and connecting to it through that. Hetzner have been amazingly responsive with connecting these to my server, but I've always been putting my requests in at the weekends which may be quieter.

Set The Interfaces File

Create a file at /etc/network/interfaces.bridge with the following content:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

# deliberately no configuration for enp35s0 here

auto  kvmbr0
iface kvmbr0 inet static
    address <primary IP here>
    netmask <netmask here>
    gateway <gateway IP here>
    bridge_ports enp35s0
    bridge_stp off
    bridge_fd 1
    bridge_hello 2
    bridge_maxage 12

This assumes your network interface is called enp35s0, be sure to check yours at /etc/network/interfaces.original and change if necessary.

If you need to look up your primary IP, netmask, and gateway, you can just hover over the IP in the web interface and a tooltip will appear with the details as shown below:

If you have multiple IPs, your primary one will be the one that doesn't have a symbol by it for configuring the MAC address.

Reboot!

It turns out that you need to reboot your server for the changes to apply successfully. If you just perform a sudo service networking restart, then you will lose access to your server.

Request A Single IP

When I started, I knew that I wanted to create multiple guests, so I requested a subnet with multiple IPv4 addresses. This was a mistake because I wanted the guests to have a direct connection to the internet, without having to be routed through the host's IP/MAC. For security, Hetzner filters network traffic by MAC addresses it recognizes, so we need to use a MAC address they provide us with, which can only be done when requesting a single IP not a subnet.

To request a single IP use the web interface as shown below:

Wait for Hetzner to assign an IP to you and notify you via email. Once they have done this, it will appear in the web interface. They are pretty quick at doing this (within hours, not days).

Get MAC Address

Once Hetzner has assigned you another IP, find it's mac address by hovering over the IP as shown below:

Also make note of the gateway IP address as you will need this later.

Configure Guest

If you haven't already, install your first guest to the KVM. For me, this is just a matter of running my KVM command generator tool.

After having installed a guest, we need to edit it's network settings to: 1. Use our bridge 2. Set its MAC address to one given to us by Hetzner.

sudo virsh edit $GUEST_IDENTIFIER

Find the interface section and change:

  1. interface type to bridge
  2. The MAC address to the one provided for the static IP you requested.
  3. the source network= to source bridge=,
  4. Set the value to kvmbr0 to match our interfaces bridge name.

Now boot up your guest, and edit it's /etc/network/interfaces file to match the following (filling in the details found earlier when getting the MAC address of your new IP)

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address <IP Address>
    netmask 255.255.255.255
    pointopoint <gateway IP>
    gateway <gateway IP>

If you are using a server that uses netplan, such as Ubuntu 18.04 or higher, then you would want the following:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    ens2:
        addresses:
            - <IP Address>/32
        routes:
          - to: 0.0.0.0/0
            via: <gateway IP>
            on-link: true
        nameservers:
            addresses:
                - 8.8.8.8
                - 8.8.4.4

Now reboot your guest, or restart the networking service, and it should now have a normal direct internet connection.

Last updated: 21st June 2020
First published: 14th June 2020