Bare metal CHR on Hetzner Dedicated

Joni · August 31, 2018, 5:20pm

Tried this on Hetzner dedicated (bare metal, EX series, I know bm isn’t officially supported but I don’t want the virtualization maintenance overhead) however everything except routing (public ip subnets, ie forwarding) works, at least I can’t get it working with any config. Sort of sad. (neither 6.40.9 (Bugfix only) or 6.42.7 (Current) or 6.43rc66 (Release candidate))

Either working completely or not was my impression too, until I tried this.

The intention is to provide public IP addresses to another mikrotik router behind NAT over L2TP VPN, via EoIP (nevermind overhead). L2TP works (if assigned to can internally ping each other with the public subnet IPs), EoIP (if assigned to can internally ping each other with the public subnet IPs) works but traffic from internet to the public subnet doesn’t even enter Ether1-WAN (or anywhere else for that matter, torch).

Hetzner provides public IPs / subnet upon order https://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en#Subnets and trying any combination of “every” mikrotik forum suggested way of getting them forwarded, as in routing, doesn’t work. “Obviously” the server doesn’t have internal physical interfaces (uncertain if nor why it should matter). Hetzner support has verified the public subnet (/29) is routed to the public WAN IP. There are no firewalls etc, just plain routing. (https://wiki.mikrotik.com/wiki/Simple_Static_Routes_Example etc)

@Chupaka I’m happy to provide you (reputation) with the RouterOS logins / details to the “empty” test installation if you care to test it yourself, as I surely have exhausted all theories on why it shouldn’t work.

Joni · September 1, 2018, 5:37am

To be specific, even assigning a one additional IP to the ether1-WAN interface doesn’t respond to ping, with Linux it works without anything more than

ip address add a.b.c.d/32 dev eth0

Joni · September 1, 2018, 7:51am

Exact same issue http://forum.mikrotik.com/t/multiple-public-subnets/103645/1
and almost same, except I can’t ping out… http://forum.mikrotik.com/t/two-public-ip-on-wan-interface/75455/1

Chupaka · September 3, 2018, 9:46am

Ping me at Skype

izumin · October 25, 2019, 4:05pm

Did you anyhow solve the problem?

Joni · October 26, 2019, 3:40pm

Unfortunately no.

izumin · October 31, 2019, 10:27am

its a pity, i have the same problem. Just move with my CHR to hetzner and there is no route(s) that can make it be online. But neighbor VM’s is pinging but no hypervisor.

Joni · October 31, 2019, 4:14pm

Duh… Forgot to mention that Hetzner Cloud works for CHR…

normis · November 1, 2019, 8:39am

Yes, Hetzner Cloud works fine like this: https://wiki.mikrotik.com/wiki/Manual:CHR_Hetzner

aniston · December 11, 2020, 9:47am

Not sure if this is related , but i managed to get the CHR 7.1B3 running on Hetzner vCloud as per the quick and simple doc at https://wiki.mikrotik.com/wiki/Manual:CHR_Hetzner.
That was fast and to the point, but after adding a private network and connecting it to the CHR I still could not activate it under IP > Addresses in WinBox although in the configuration I can select ether2 as the Interface , in the terminal I get that the Interface ether2 is invalid

 ip address/print 
Flags: I - INVALID, D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
  #     ADDRESS          NETWORK      INTERF
  0  I  192.168.1.2/24   192.168.1.0  ether2
  1  D  a.b.c.d/32  172.31.1.1   ether1

under Interfaces i see that there is no link, in the Hetzner rescue system I can see the Inteface is present as

 ip -a

shows me eth0 and eth1 present.

Basically I’m Trying to use the CHR as a simple WAN/LAN Firewall and expose only certain resources from another Hetzner vCloud server which is coupled internally to the LAN ether2 interface , so how do we get the second Interface up and available on a CHR in Hetzner vCloud , is this possible ?