I am having issues to reach truenas server and it seems to be because how Hetzner sets their network configuration.
Just installed TrueNAS Scale from current ISO version.
I have configured it with the 123.123.123.123 / 26
That makes the server available for everyone, except other servers in the same network and Hetzner support told me to update the config to 123.123.123.123 / 32 so it forces it to use default gw to reach any other IP.
But I can’t find how to do it.
In the console menu option 1 “Configure network settings” the interface was configured via dhcp (with the /26 network).
If I modify the interface, and set ‘dhcp’ to ‘no’, I don’t see how to set the IP/netmask. There is only option to add aliases, but not the IP itself.
If I delete the interface to add it again, there is no way to specify the IP
It’s weird/confusing naming in the UI. The “alias” is how you add one or more statically configured IP addresses.
Add an alias with 123.123.123.123 / 32 (leaving DHCP unchecked), then add your default gateway in the Global Configuration section of the Network Settings
That said…I don’t understand how the server would then know how to reach the default gateway if the interface is set with /32 netmask. Your default gateway has to be on your subnet to be reachable. Whatever, if hetzner have told you to set it that way it’s worth a try.
I was intrigued by this concept of having a /32 netmask on an interface and how it would work, so I did some research and it seems to be a valid configuration in specific circumstances.
Basically, if the interface is directly connected to another other host (in your case I assume it will be the gateway/router) the subnet mask doesn’t matter, it will always be able to communicate with it. This is most commonly used in PPP configurations.
This, I suspect, also explains why your server can’t communicate with other hosts that are apparently in the same /26. They’re not connected at a data link level. So all traffic, even if it’s on the same subnet, needs to go via the default gateway/router. I imagine this is an artifact of how hetzner engineers its virtual infrastructure.
If you have multiple servers in Hetzner in the same subnet and you want to make the communicate each other they ask you to setup the /32 so the machines thinks it is alone in the network and then everything should go through the default gateway that you must specify too.
Quoting Hetzner support message:
The main IP of a dedicated server is usually located in a /26 or /27 subnet.
In order to prevent the accidental use of a foreign IP address, our
infrastructure rejects any Ethernet packets that are not addressed to the gateway
address. In order to reach a server in the same subnet, our standard images
already have a static route in their network configuration. The static route
forwards the entire traffic to the subnet via the gateway. This is not the best
solution as duplicate and inconsistent information appears in the routing table. A
better way to reach a server in your subnet is to set the netmask to
255.255.255.255 (/32). The server assumes it is alone in this subnet and will not
send any packets directly. However, an explicit host route to the gateway is now
needed.
I tried to update as you said: Adding it as an alias 123.123.123.123/32.
Then truenas tells you it is going to delete the defaultgw (even when it is ok) unless you ‘skip’.
Then I tried adding a secondary static route to 0.0.0.0 using the gateway IP, while expecting it not to be deleted by the process. It didn’t, but then you fall into a ‘Test’ or ‘Revert Changes’ screen and it does not matter what I choose in any combination, the result is that it is not saved properly in any of the cases. and I have ended up with the /26 subnet instead the /32.
So the issue is still there and I can’t deliver the server
Yeah, so that’s what I thought would happen. If the default gateway is on a different network (which everything is with a /32 netmask) it (TrueNAS) assumes it’s unreachable.
Have you tried adding a static route to the /26 via the default gateway? This should take precedence over the entry that’s automatically added to the routing table when assigning the alias with a /26 to the NIC
The other option would be to add a specific route to <default_gateway_ip>/32 (an explicit host route) via your NIC (as the hetzner docs allude to)
I tried adding the host route to the gateway and the network /26 to the gateway.
In either case I was not able to modify the subnet of the interface.
I tried in a vm to install TrueNAS, expecting to find at some point an option to specify which static IP you want to configure it with. No luck.
It automatically used the dhcp assigned one and I have the same issue.
Also tried in the console, but I was not able to change the network mask though the UI nor the console…
I like a lot TrueNAS Scale, but I am close to give up on it.
Support for /32 can be iffy, it’s an special case that many do not implement the same way as others do.
The Hetzner guide quoted earlier specifically says that for this to work using /etc/network/interfaces you need to, among other things, add the keyword pointopoint [GW IP] - but TrueNAS doesn’t expose that option.
I have a question though, are you essentially trying to put your server directly accessible to everyone? No VPN or similar?
@neofusion So no TrueNAS supported in this use case. It is what I was thinking.
Unfortunately, and as you suspected, it is going to be “world facing”, but behind Hetzner’s firewall. I will not be providing any access to anyone other than my other servers in the through a gateway.
I have another truenases in the internal network, but this specific server does not allows to add a secondary 10G NIC, so I had bet all my horses to have it running behind Hetzner’s firewall.
To be honest my requirements in this case is:
Able to use ZFS raidz-2 with 4 disks
Able to manage iscsi with UI (it is always nicer than command line)
Usable from kubernetes to create/delete dynamically ISCSI pods volumes
TrueNAS was the best fit because I already know it, but this seems a no-go-through issue if Truenas do not allows to handle the network config.
