Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Create a client server for your private Cloud Network using cloud-config

profile picture
Author
riwin
Published
2023-03-31
Time to read
4 minutes reading time
Table of Contents

Introduction

This tutorial explains how to add a new client server to a private Cloud Network with a self-hosted gateway. At server creation, we will use a cloud-config script which adds a new route to the server so that all outgoing traffic is sent to the Hetzner gateway (10.0.0.1). The Hetzner gateway then forwards this traffic to your self-hosted gateway. You don't need a public interface (no public IP address), or configure any static routes to your self-hosted gateway. If your gateway has a DNS server, it will be used by your new server.

Prerequisites

  • Self-hosted gateway in your private Cloud Network

    There is another tutorial available that covers the setup of a pfSense server as a gateway/firewall.

  • This tutorial uses the "Ubuntu 22.04" image provided by Hetzner

Example terminology

  • Private Network: 10.0.0.0/24
  • pfSense server: 10.0.0.2
  • DNS nameservers: 185.12.64.1 and 185.12.64.2

Step 1 - Prepare "netplan" configuration

We want cloud-config to create a file (/etc/netplan/51-netcfg.yaml) to set a default route.

network:
  version: 2
  ethernets:
    ens10:
      dhcp4: true
      routes:
      - to: 0.0.0.0/0
        via: 10.0.0.1

ens10 is the interface name of our private Network. We need to send all outgoing traffic to the Hetzner gateway (10.0.0.1). If you used the tutorial linked in "Prerequisites", the Hetzner gateway should already be configured to send all traffic to the pfSense server.

Step 2 - Prepare "resolved" configuration

In this example, we are using Hetzner DNS servers, but you can also use other DNS servers. Change the /etc/systemd/resolved.conf file:

[Resolve]
DNS=185.12.64.2 185.12.64.1

Step 3 - Build the cloud-config script

Now we need to combine both configurations from the first two steps in one cloud-config script. After the two files were written, the cloud-config script will reboot the server.

#cloud-config
write_files:
  - path: /etc/netplan/51-netcfg.yaml
    permissions: '0644'
    content: |
      network:
        version: 2
        ethernets:
          ens10:
            dhcp4: true
            routes:
            - to: 0.0.0.0/0
              via: 10.0.0.1
  - path: /etc/systemd/resolved.conf
    content: |
      [Resolve]
      DNS=185.12.64.2 185.12.64.1
runcmd:
  - reboot

Step 4 - Create a new Server

Open the Hetzner Cloud Console and create a new Ubuntu 22.04 server. Add the server to your private Network only. We don't need any public interfaces.

Use the cloud-config script from "Step 3". Make any necessary changes to fit your environment and paste it into the "Cloud config" configuration text box at the bottom of the wizard. Create your server and give it some time to reboot.

Step 5 - Verify your configuration

If you have a VPN connection to your pfSense, you should be able to SSH into the created server.

If not, you need to use the VNC console in the Hetzner Cloud user interface Cloud Console.

  • Verify DNS Server

    resolvectl status

    You should see your configured DNS server.

  • Verify Default Route

    ip route

    You should see a default route:

    default via 10.0.0.1 dev ens10 proto static onlink

Conclusion

You have configured a new server with cloud-config to use the Hetzner gateway as a default route for outgoing traffic, and to use your own DNS servers.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue
Try Hetzner Cloud

Get €20/$20 free credit!

Valid until: 31 December 2025 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue