Hi JoeCool
I'm another one at sea adrift with hetzner and their weird setup,
I though ovh was bad but they seem worse.
Anyway I've followed their wiki pages but they give no info on how to configure the router vm, I know there are many os you could use for it but some basics I could use.
Im working on linux now but if you could let me know your windows setup (or how you are setup) it would be great.
Somehow nice to see I'm the third person this month haveing the same tssue 
I'm having the same problem, and Hetzner is no help, they simply say "we dont support vsphere".... I've followed the instructions on their wiki page combined with this, but can't get the routing to work.
These are the IP addresses I got from Hetzner:
Main server IP :
xxx.xxx.116.98
"Single IP", i.e. the IP that should be used for the routervm:
IP: x.x.116.122
Gateway: x.x.116.97
Netmask: 255.255.255.224
MAC: xx:xx:xx:xx:0F:2F
"Subnet"
Subnet: xx.xx.229.128 /29
Netmask: 255.255.255.248
Broadcast: xx.xx.229.135
Usable IP addresses: xx.xx.229.129 to xx.xx.229.134
I've created the switch as explained:
I've created the routervm based on Centos 6.6 minimal with the two NIC's such as explained.
In this routervm I configured network as follows:
# pwd
/etc/sysconfig/network-scripts
# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
HWADDR=xx:xx:xx:00:0F:2F
IPADDR=x.x.116.122
NETMASK=255.255.255.224
# cat route-eth0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=x.x.116.97
# cat ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=x.x.229.128
NETMASK=255.255.255.248
# route -v
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
x.x.229.128 * 255.255.255.248 U 0 0 0 eth1
x.x.116.96 * 255.255.255.224 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
default static.97.116.x 0.0.0.0 UG 0 0 0 eth0
#
I can ping this routervm from the internet and it can ping out, i.e. at least eth0 and routing seems to have been set up correct
I then created a testvm, still based on Centos 6.6. minimal, and with the next IP i the allocated range:
# pwd
/etc/sysconfig/network-scripts
# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=x.x.229.129
NETMASK=255.255.255.248
# cat route-eth0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=x.x.229.128
# route -v
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
x.x.229.128 * 255.255.255.248 U 0 0 0 eth1
link-local * 255.255.0.0 U 1002 0 0 eth0
#
So, I think everything is set up as explained, yet the pinging it from anywhere throws a "Destination Host Unreachable" and pinging anything from it "connect: Network is unreachable".
I realize this is an old thread, but it's the most promising thread I've been able to find about this problem on the Internet, and it's already halfway there, so I hope someone will jump in and fill the gaps to help me understand how to do this, Already pulled out most of my hair.
Adding a Subnet to my existing Hetzner server was very frustrating. I had no problem setting up a second IP and NATing into a private subnet. If you can do that, then getting around the confusing parts of different sources of information is the hard part. Mixing in directions for IPv6 also makes it hard to decipher where parts apply to IPv4. Making one change in any of the four main configuration areas can cause you to chase your tail for hours! This post provided another set of clues that helped me slowly figure out what I was doing wrong, so even though this post is old, I felt obligated to try to help here. *** BOLD will be things you have to do ***. The rest is trying to make sense of it all.
The main four configuration areas:
- Hetzner
- ESXi6 Host
- Firewall VM Guest
- Linux or Windows VM Guest
Hetzner:
I assume you have a server and you have ESXi installed with the default vSwitch. Your host has an IP and you have a second IP from Hetzner that you have assigned a MAC address.
X.X.197.230 is the main ESXi IP for the host. x.x.197.251 is my production setup and is used on a VM firewall to NAT to a private LAN. It is the production side, so I did not want to mess up my current setup, just add a new subnet. For this doc, we will be using the x.x.197.222 IP to route our new /29 subnet x.x.208.176.
Let us look at the email and robot screens from Hetzner:
Email:
Dear Mr
Below you will find the IP subnet added to your server #123456, and statically routed on the IP x.x.197.222.
Subnet: | x.x.208.176 /29 |
Netmask: | 255.255.255.248 |
Broadcast: | x.x.208.183 |
Usable IP addresses:
x.x.208.177 to x.x.208.182
Instructions for configuring additional IP addresses can be found in our wiki:
http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en
If you have any questions or requests, please send us a support request via your Robot administration interface (https://robot.your-server.de).
Please log in to the Robot using your master login and click on "Requests" in the menu on the left. There you can select your server and the request type, or simply send a general request.
We shall reply to your support request as soon as we can.
Best regards
Your Hetzner Online Team
Robot Screen:
We now have our new subnet details and which IP it will be routed out of. Other than their technical notes mentioned in other posts, that is about all of the help you will get from them. I made a cross reference from the example Subnet to my Subnet. I suggest you do the same, makes it easier when it is using your data!
Subnet Details:
x.x.208.176/29 (255.255.255.248)
Netmask: 255.255.255.248
Gateway: x.x.197.222
1. Assign a separate MAC to your IP in Robot. You will use this in your Firewall VM for x.x.197.222. (Click the Blue Screen/NIC icon.)
2. Go the firewall section in Hetzner and open it up for your IPs. I am still testing this, but I use my firewall VMs to secure the VMs.
We are done with Hetzner.
ESXi6 Host:
vSwitch0 is the default one created when you install ESX and uses the main server IP of x.x.197.230.
vSwitch1 is my production one that I didn’t want to mess up.
vSwitch2 is the one we are using for the new subnet.
1. Create vSwitch2. Click Add Networking
2. Connection Type: Virtual Machine
3. Network Access: Create a vSphere standard switch
4. Connection Settings: Subnet (Or any name you want)
5. Summary should show you Subnet and no adapters. Finish.
That’s it. Leave the ESX host alone now. I know it seems wrong, and believe me I messed it up many times working through this!
Firewall VM Guest
I use IPFire for my VM firewalls: http://www.ipfire.org/ You can use others, such as pfSense but you will need to figure out where to configure it to match.
I will glaze over this since you are probably already familiar with creating VMs. If you need help installing and configuring IPFire, I can help in another post.
1. Create your IPFire VM with two nics. Assign one to your Public network and the other to your Subnet.
2. In ESX, on the public NIC you need to give it the MAC address of your Hetzner Robot MAC you created. *** VERY IMPORTANT. ***
3. Install IPFire, take note of your MAC addresses, since you will need to match up the NICs with the Red/Green interface assignment part of the installation process. When setting up the Red interface, just use DHCP. It will be easier. You can set It statically later once you see what happens. It should give you IP: x.x.197.222, Mask: 255.255.255.224, Gateway: x.x.197.193, Broadcast: x.x.197.223 matching your second Hetzner IP that your subnet will route out of.
4. Here is where it didn’t make sense to me, since I am so used to NATing. Your Subnet will be assigned to the Green interface. I gave it the last IP of the useable subnet range when setting this up because I was trying to follow the Hetzner document to the letter. I was going insane. I gave it x.x.208.182. I also setup DHCP on the Green interface and gave it the range of x.x.208.177 to x.x.208.181. It is easy to set static assignments in IPFire by MAC addresses, and you can speed up guest installations by using DHCP. You can always set it statically later and change your IPFire DHCP pool.
5. Do any firewall setup you need for your VMs. I allow HTTP/S to a webserver. If you are used to doing NATing, don’t here. Just assign the IP. One thing I have noticed and working through is that you will not be able to PING the subnet unless you open everything up on the firewall. Made me think I had it setup wrong at first! When you use MY IP in a browser it will show the x.x.197.222 second IP address.
Your firewall should be all set and happy.
Linux or Windows VM Guest
Now the guest part will be easy if you set IPFire to use DHCP. When you create your VM, just assign the NIC to your Subnet and it will get an IP in the x.x.208.177 to x.x.208.181 range.
IP Config from a Windows VM:
This is my first How-to so it is probably all over the place. I hope it helps!