Can't use external IP on Hetzner VPS

ubuntu ip vps hetzner
5,396

Solution 1

Hetzner had stopped assigning public IPv4 addresses to virtual servers. As far as I can tell this change happened when they changed the product name from VQ to CX. The usage of NAT is not mentioned in the product description though.

Eventually Hetzner introduced a newer cloud platform in which VMs get real public IPv4 addresses and a routed /64 IPv6 prefix. Both versions share the CX name.

Virtual servers ordered in 2012 and 2013 would keep their public IPv4 address until 2019 when the VQ line was discontinued. But virtual servers ordered in 2016 only have an RFC1918 address, and Hetzner will not route a public IPv4 address to such a virtual server.

They still allocated a dedicated public IPv4 address to each virtual server, which they NAT to the assigned RFC1918 address. Hetzner believed this was not a problem because it was a 1:1 NAT.

As you found out, this is error prone when configuring the server. You have to know about this NAT. And you have to look up the mapping whenever you configure something. For the first virtual server we got in such a configuration it got misconfigured twice in the first couple of days due to this.

Any software which relies on knowing the public IPv4 address will either break or need special configuration. Additionally some VPN and IP-tunnel can have problems because tunneled packets won't be NATed.

If you have established that these potential problems do not affect your intended usage, and if you are comfortable with having to take the mapping between public and private addresses into account when making configuration changes, you can accept the situation.

However be aware that most NAT implementations are stateful. If the NAT is indeed stateful, you may experience TCP connections stalling when state is lost.

I do not know whether the NAT used by Hetzner is stateful or stateless. The most obvious way I could think of testing for statefulness is to tunnel connection establishment and disable the tunnel once a TCP connection is established. Alas this kind of tunneling is exactly what won't work, so in order to perform this experiment one would have to replicate their 1:1 NAT configuration first. I did not attempt this rather complicated experiment.

These are the options you have:

  • Upgrade to the newer CX line on which Hetzner will give you a real IPv4 address and a routed /64 IPv6 prefix.
  • Accept that your traffic will go through a 1:1 NAT with the drawbacks that introduces.
  • Do all your important traffic on IPv6 - as Hetzner do route IPv6 traffic properly with no NAT.
  • Switch to a dedicated server (assuming those still get a public IPv4 address, which is hard to figure out since the usage of NAT is not mentioned anywhere in the product description).
  • Switch to a different provider.

Solution 2

As you're renting from Hetzner, i guess you're german speaking so heres the answer directly from Hetzner's support wiki:

Warum hat meine VM die IP 172.31.1.100?

oder auch:

Warum hat meine VM eine andere IP als im Robot angegeben?

Warum hat meine VM eine private IP?

Bei den CX Modellen ist die IPv4-Adresse im vServer eine private IP, die 1:1 per NAT auf die öffentliche IPv4 Adresse umgesetzt wird. Aktuell ist die private IP bei allen gleich: 172.31.1.100. Die öffentliche IP wird im Hetzner Robot angezeigt.

In English:

Why does my VM have the IP 172.31.1.100?

Or also:

Why does my VM have a different IP from the one shown in the Robot?

Why does my VM have a private IP?

With the CX models the IPv4 address of the virtual server is a private IP, which is configured 1:1 via NAT on the public IP. Currently the private IP is the same for all: 172.31.1.100. The public IP is displayed in the Robot.

Share:
5,396

Related videos on Youtube

bakatrouble
Author by

bakatrouble

Just an ordinary mandarin orange passing by

Updated on September 18, 2022

Comments

  • bakatrouble
    bakatrouble over 1 year

    I've changed my virtual server model on Hetzner recently. The new one has an external IPv4 address on which it's accessible from the internet (as it should). But I can't use this external IP in configuration: iptables rules have no effect, openvpn server can't bind a listener on any port using this IP etc. I've found a 'local' IP address (172.31.x.x) in ifconfig output, and if I use it in configuration, everything works like a charm.

    On my old server I've been able to use it anywhere. So I'm just wondering: why could external IP don't work for my new server? OS is Ubuntu 15.04

    • EEAA
      EEAA over 8 years
      Seems like a perfect thing to ask your vendor about.
    • Frederik
      Frederik over 8 years
      Seems like the external IP you got is NAT'ed to your VPS.
  • bakatrouble
    bakatrouble over 8 years
    No, I'm not German speaking, but I've got the same answer from support (It's normal behaviour because CV-models are placed behind NAT).
  • Michael Hampton
    Michael Hampton about 8 years
    Nothing changed on Hetzner dedicated servers. They still have public IPv4 addresses routed to them, and still have MAC address restrictions too.
  • Anthony Geoghegan
    Anthony Geoghegan almost 7 years
    By happy coincidence, I stumbled across this answer while researching how to best configure time synchronisation on a Hetzner VPS. I had been considering upgrading from VQ to CX so this answer has been very helpful for outlining potential drawbacks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Port can't open on Ubuntu 16.04
GtkWarning: could not open display
How to find out if Ubuntu is using DHCP (Ubuntu 12.04 LTS GUI)
Add domain to VPS (DNS?)
Could not create the Java Virtual Machine on Ubuntu VPS with all the ram allocated to it
Spoofing internet ip on ubuntu
explanation of the output's command "ifconfig ppp0"
Environment variable for ip address
Setting up a Linux server with a public Static IP
bash No space left on device