Page 1 of 1

EFA on Hetzner cloud unreachable

Posted: 26 May 2020 02:25
by ronaldr
I've just up an EFA instance on Hetzner cloud.
First I tried with full recursion, this didn't work. I did a re-install without recursion and I'm running into the same issues.

After install I noticed unbound wasn't starting. I managed to fix this by:
nano /etc/unbound/conf.d/forwarders.conf
in there "forward-addr" was empty. Just to try it out I filled both with 1.1.1.1 and 1.0.0.1.
After this unbound did start.

However when I try to do a nslookup for google.com or any other domain (server set to 127.0.0.1) it immediately fails with SERVFAIL.
If I do the same but set nslookup to resolve from my external IP it timesout, as I expected.

Trying to go to the webinterface with http://externalIP or https://externalIP I just get server cannot be reached.

HTTPD access log is empty, error log has some logs but they're all notices. Unfortunately I'm unable to copy since I'm unable to access SSH aswell.

Not being able to access SSH happened on the first install as well.

I really don't know how to go from here. During setup I used all default values. IP/Gateway had all been filled in.
I didn't enable IPv6 in this install though.

Re: EFA on Hetzner cloud unreachable

Posted: 30 Jun 2020 10:30
by walter54
Same here.
Just did a fresh install of EFA 4.
Everything worked according to the book up until the final reboot after the initial config.
Now the machine is unreachable from the outside, neither port 22 (SSH) nor 80/443 (HTTP(S)) respond.

I assume it's a networking issue...

Will keep digging.

Cheers,
Mathias

Re: EFA on Hetzner cloud unreachable

Posted: 30 Jun 2020 14:23
by walter54
Well, it turned out the solution was pretty simple.
During the initial configuration process simply tell EFA to *not* configure IPv4 or IPv6.
Everything else can be enabled (including DNS over IPv6 and DNS Recursion), but the IPv4 and IPv6 network settings are already properly configured when the cloud machine is booted the first time, so there is no reason for EFA to mess with that part of the machine configuration.

Cheers,
Mathias

Re: EFA on Hetzner cloud unreachable

Posted: 30 Jun 2020 15:15
by darky83
Yep, hetzner cloud has a auto ip config in the image they use.

(Note that if you use an custom ISO image for re-installation that you can use the IP configuration :))