How to setup Proxmox with Hetzner vSwitch and Public IP

Hetzner’s services are great, but their networking topology and setup is … not ideal.

In this article you will learn how to properly setup your Proxmox server in order for the Proxmox VMs to be able to use IPs from a Public IP class that’s assigned to a vSwitch. Because Hetzner’s vSwitches have a 1 TB monthly traffic limit we will also create a secondary vSwitch for internal use/traffic.

Prerequisites and examples:

  • Your Proxmox server (named here as “Host”) has a Public IP, initially assigned by Hetzner. In this example we’ll use 1.1.1.1 and name it “Host IP”;
  • You’ve created a vSwitch with VLAN ID 4000. This vSwitch will be used by VMs for Public/internet traffic. VMs will be able to use this vSwitch in order to access the Internet. We’ll name it “Public vSwitch”;
  • You’ve purchased an extra IP Class for the “Public vSwitch”. In this example we will use 2.2.2.1/27 and name it “Public IPs”;
  • You’ve created a vSwitch with VLAN ID 4001. This vSwitch will be used for LAN traffic exclusively. VMs will be able to use this vSwitch in order to connect to each other but will not be able to access the internet via this vSwitch. We’ll name this “Private vSwitch”;
  • Your Proxmox Host’s NIC is named eth0.
  • We’re having a VM that has two NICs. eno1 is used for Public access (internet) and eno2 is used for Private access (LAN).

Before continuing please make sure that you have your Host IP noted down, your vSwitches are created and that the “Public IPs” class is assigned to the “Public vSwitch” (4000).

Setting up the Proxmox Host

First we’re going to add the Host IP address (1.1.1.1) to the Proxmox Host. Remember that this is the IP provided by Hetzner upon deployment. This is not the IP that’s assigned to the Public vSwitch.

We’re going to assign the Host IP address to a bridge (vmbr0), not directly to the NIC (eth0), as this is recommended by Proxmox. Please note that the mtu is not optional and imposed by Hetzner.

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 1.1.1.1
        netmask 255.255.255.0
        gateway 1.1.1.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
# Proxmox Host

Next we’re going to create the “Public IP” interface (eth0.4000) and link it to a bridge (vmbr4000). This bridge will be used by VMs in order to access the Internet. VM IPs will be assigned from the “Public IPs” class via “Public vSwitch” (4000).

iface eth0.4000 inet manual
auto vmbr4000
iface vmbr4000 inet manual
        bridge_ports eth0.4000
        bridge_stp off
        bridge_fd 0
        mtu 1400
#Public vSwitch

Lastly we’re going to create the Private IP interface (eth0.4001) and link it to a bridge (vmbr4001). This bridge will be used by VMs in order to connect to each other exclusively, via “Private vSwitch” (4001). VM IPs will be assigned manually from a LAN IP class.

iface eth0.4001 inet manual
auto vmbr4001
iface vmbr4001 inet manual
        bridge_ports eth0.4001
        bridge_stp off
        bridge_fd 0
        mtu 1400
#Private vSwitch

Setting up the VM

When creating the VM you should add two NICs. Set NIC1 (eno1) to use the Host’s vmbr4000 bridge and NIC2 (eno2) to use the Host’s vmbr4001 bridge. As a result VM NIC1 will be connected to the “Public vSwitch” and VM NIC2 will be connected to the “Private vSwitch”.

Now we’re going to add a Public IP (2.2.2.2) to NIC1/eno1 and a Private IP (192.168.1.10) to NIC2/eno2. Please note that the mtu is not optional and imposed by Hetzner.

Example – CentOS / RHEL

Public IP settings:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
DEVICE=eno1
ONBOOT=yes

IPADDR=2.2.2.2
PREFIX=27
GATEWAY=2.2.2.1
DNS1=213.133.98.98
DNS2=213.133.99.99
DNS3=213.133.100.100
MTU=1400

Private IP settings:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno2
DEVICE=eno2
ONBOOT=yes

IPADDR=192.168.1.10
PREFIX=24
MTU=1400

Example – Ubuntu / Debian

Public IP settings:

auto eno1
iface eno1 inet static
        address 2.2.2.2
        netmask 255.255.255.224
        gateway 2.2.2.1
        mtu 1400
# Public NIC

Private IP settings:

auto eno2
iface eno2 inet static
        address 192.168.1.10
        netmask 255.255.255.0
        mtu 1400
# Private NIC

That’s it! Congratulations, you’ve successfully configured both your Proxmox Node and your Proxmox VMs!

Was this tutorial useful? Buy me a drink by using the “Donate” button below. :)

Leave a Comment

Your email address will not be published. Required fields are marked *