Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Providers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Very disappointing limitation in Hetzner Cloud: max 100 servers per private network

2»

Comments

  • fadedmaplefadedmaple Member

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:

    @jar said:
    Just bind internal services to the VPN issued IP, no firewall needed.

    @Neoon said:
    Usually you bind your services to the VPN IP, so it should not listen publicly.
    Firewall is just there to make 100% sure nothing goes outside.

    I don't want to take any risks. I use k3s as Kubernetes distribution because it's lightweight and fast to install, and I don't want to be constantly monitoring what its devs do to ensure that no services are bound to 0.0.0.0 for whatever reason.

    How is that different though? It's not like your servers with Hetzner's private network don't have public interfaces. You're doing something to disable traffic over the public IP already, same work only mildly different at most.

    The difference is that if I use their private network then I can use their firewall with just 5-6 rules to manage and protect the whole cluster

    Why can't you use their firewall in the other scenario?

    There is a limit to the number of rules etc

    Right but you don't have to firewall off services on the VPN IP any more than you have to firewall off services on the private network IP. Those services are equally hidden from public traffic in both cases.

    If you're afraid of things accidentally binding to 0.0.0.0 then you have to firewall them off on the public interface the same way in both cases, or they're equally publicly accessible in either case.

    However, in k8s, most servers only need private network, so op don't even need to care about their firewalls

  • vitobottavitobotta Member

    @jar said:

    @vitobotta said:
    I was just reading about Headscale. Does anyone have experience with it?

    Basically the same thing we were talking about, a VPN.

    My main concern with VPNs was if I would have to dynamically maintain a firewall on each node and update it whenever I add/remove nodes. This is not required with Headscale, is it?

  • jarjar Patron Provider, Top Host, Veteran

    @vitobotta said:

    @jar said:

    @vitobotta said:
    I was just reading about Headscale. Does anyone have experience with it?

    Basically the same thing we were talking about, a VPN.

    My main concern with VPNs was if I would have to dynamically maintain a firewall on each node and update it whenever I add/remove nodes. This is not required with Headscale, is it?

    Should be identical work. How do you add a new client on your private network to the firewall? Same step for a VPN client.

  • vitobottavitobotta Member
    edited June 2023

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:
    I was just reading about Headscale. Does anyone have experience with it?

    Basically the same thing we were talking about, a VPN.

    My main concern with VPNs was if I would have to dynamically maintain a firewall on each node and update it whenever I add/remove nodes. This is not required with Headscale, is it?

    Should be identical work. How do you add a new client on your private network to the firewall? Same step for a VPN client.

    I just create the node and attach it to the private network, nothing else. There is a single static rule that allows all traffic in the private network

  • jarjar Patron Provider, Top Host, Veteran

    @vitobotta said:

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:
    I was just reading about Headscale. Does anyone have experience with it?

    Basically the same thing we were talking about, a VPN.

    My main concern with VPNs was if I would have to dynamically maintain a firewall on each node and update it whenever I add/remove nodes. This is not required with Headscale, is it?

    Should be identical work. How do you add a new client on your private network to the firewall? Same step for a VPN client.

    I just create the node and attach it to the private network, nothing else. There is a single static rule that allows all traffic in the private network

    So like an "allow all from 192.168.0.0/24" internal rule for your private network. Your VPN is assigning private IPs on the same subnet to new connecting clients just the same.

  • vitobottavitobotta Member

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:

    @jar said:

    @vitobotta said:
    I was just reading about Headscale. Does anyone have experience with it?

    Basically the same thing we were talking about, a VPN.

    My main concern with VPNs was if I would have to dynamically maintain a firewall on each node and update it whenever I add/remove nodes. This is not required with Headscale, is it?

    Should be identical work. How do you add a new client on your private network to the firewall? Same step for a VPN client.

    I just create the node and attach it to the private network, nothing else. There is a single static rule that allows all traffic in the private network

    So like an "allow all from 192.168.0.0/24" internal rule for your private network. Your VPN is assigning private IPs on the same subnet to new connecting clients just the same.

    Gotcha. I am very happy because I just read that k3s supports Tailscale in experimental mode and next month a new release will support Headscale! So this seems like the solution I was looking for. Thanks everyone!

    Thanked by 2jar Erisa
  • angeliusangelius Member

    I'm using Nebula (from Slack) for this exact requirement, getting a cross cloud private network, not limited by Hetzner or anyone else.

    Thanked by 1dodheimsgard
  • chiccorossochiccorosso Member

    Talk with support and you find a solutions

    Thanked by 2dodheimsgard commercial
  • vpsvpsvpsvps Member
    edited July 2023

    What kind of project deploys or needs a private network of 100 servers in only one provider?

  • vitobottavitobotta Member

    @vpsvps said:
    What kind of project deploys or needs a private network of 100 servers in only one provider?

    Kubernetes clusters. I have worked with clusters made of up to 3000 nodes :)

  • TimboJonesTimboJones Member

    @vitobotta said:
    Do you always ready ALL the available documentation BEFORE using any service?

    :facepalm:

    Not for basic stuff, but anything I'd sink a significant amount of time or resources I would be negligent if I didn't. I didn't expect such a comment from you, I thought you were an actual engineer.

    One of the best developers I've ever worked for had a signature, "if you fail to plan, you plan to fail".

  • TimboJonesTimboJones Member

    @vpsvps said:
    What kind of project deploys or needs a private network of 100 servers in only one provider?

    Time for highendtalk.com.

Sign In or Register to comment.