Setting Up A Hetzner Dedicated Server KVM
I run KVM servers at home for hosting multiple personal websites, but it's gotten to the point now where I need a dedicated server at a data-center to act as a KVM. I decided to go with Hetzner because they were the cheapest nearby (e.g. Europe, not America) provider, that offered an easy/flexible way to add ipv4 addresses.
I had a few "teething issues" with the networking, so I am documenting what I had to do, so I know what to do in future, and hopefully others won't go through the same pain.
Hetzner offers Debian 10 servers, so I picked one of those and used my tutorial on setting up KVM on Debian 10.
Now that we have a KVM hypervisor, we need to set up our network bridge and our guests to be able to access the internet.
Backup Your Network Interfaces File
In case anything goes wrong, create a backup of your interfaces file.
sudo mv /etc/network/interfaces /etc/network/interfaces.original
Set The Interfaces File
Create a file at
/etc/network/interfaces.bridge with the following content:
source /etc/network/interfaces.d/* auto lo iface lo inet loopback iface lo inet6 loopback # deliberately no configuration for enp35s0 here auto kvmbr0 iface kvmbr0 inet static address <primary IP here> netmask <netmask here> gateway <gateway IP here> bridge_ports enp35s0 bridge_stp off bridge_fd 1 bridge_hello 2 bridge_maxage 12
enp35s0, be sure to check yours at /etc/network/interfaces.original and change if necessary.
If you need to look up your primary IP, netmask, and gateway, you can just hover over the IP in the web interface and a tooltip will appear with the details as shown below:
If you have multiple IPs, your primary one will be the one that doesn't have a symbol by it for configuring the MAC address.
It turns out that you need to reboot your server for the changes to apply successfully. If you just perform a
sudo service networking restart, then you will lose access to your server.
Request A Single IP
When I started, I knew that I wanted to create multiple guests, so I requested a subnet with multiple IPv4 addresses. This was a mistake because I wanted the guests to have a direct connection to the internet, without having to be routed through the host's IP/MAC. For security, Hetzner filters network traffic by MAC addresses it recognizes, so we need to use a MAC address they provide us with, which can only be done when requesting a single IP not a subnet.
To request a single IP use the web interface as shown below:
Wait for Hetzner to assign an IP to you and notify you via email. Once they have done this, it will appear in the web interface. They are pretty quick at doing this (within hours, not days).
Get MAC Address
Once Hetzner has assigned you another IP, find it's mac address by hovering over the IP as shown below:
Also make note of the gateway IP address as you will need this later.
If you haven't already, install your first guest to the KVM. For me, this is just a matter of running my KVM command generator tool.
After having installed a guest, we need to edit it's network settings to: 1. Use our bridge 2. Set its MAC address to one given to us by Hetzner.
sudo virsh edit $GUEST_IDENTIFIER
Find the interface section and change:
- interface type to
- The MAC address to the one provided for the static IP you requested.
- Set the value to
kvmbr0to match our interfaces bridge name.
Now boot up your guest, and edit it's
/etc/network/interfaces file to match the following (filling in the details found earlier when getting the MAC address of your new IP)
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address <IP Address> netmask 255.255.255.255 pointopoint <gateway IP> gateway <gateway IP>
If you are using a server that uses netplan, such as Ubuntu 18.04 or higher, then you would want the following:
# This file describes the network interfaces available on your system # For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: ens2: addresses: - <IP Address>/32 routes: - to: 0.0.0.0/0 via: <gateway IP> on-link: true nameservers: addresses: - 220.127.116.11 - 18.104.22.168
Now reboot your guest, or restart the networking service, and it should now have a normal direct internet connection.
First published: 14th June 2020