Dedicated Server, Public Subnet, and Vswitch on Hetzner

March 4, 2026

system-administration virtualization gentoo networking

This tutorial supersedes my layer 2 solution as that method ended up transferring virtual mac addresses to the primary interface address. Dote! The key is to assign vlan id, subnet routes, and subnet gateway. Here are the steps to getting a subnet of addresses from Hetzner (for the vswitch).

  1. Head over to Hetzer vswitch area and create a new vswitch. The only mandatory fields are name and VLAN ID. I'll be using 4040 for my VLAN ID.
  2. After creating the vlan, expand the switch below and add your server.
  3. Click "IPs" and then "order additional IPs / nets
  4. Fill out the form and justify your need for the additional IP addresses. ipv4 addresses are getting harder to come by, so be reasonable.
  5. Once you have been allocated the subnet address, take note of the following values (by hovering over the subnet entry):
    • subnet address (X.X.X.A/N) where N is likley a 28 or 29
    • gateway
    • Broadcast
    • Usable IP address (the ones not used by the three addresses above

I ordered a /29. Let's start with a simple network configuration. Gentoo uses openrc so the netifrc git code is a wonderfully commented reference.

/etc/conf.d/net

config_enp4s0="..."
routes_enp4s0="..."

vlans_enp4s0="4040"
config_enp4s0_4040=null

mtu_enp4s0_4040="1400"

Verify the interface is up:

ip addr list
...
3: enp4s0: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 34:97:f6:5b:11:63 brd ff:ff:ff:ff:ff:ff
inet 203.0.113.252/26 scope global enp4s0
valid_lft forever preferred_lft forever
12: enp4s0.4040@enp4s0: mtu 1400 qdisc noqueue state UP group default qlen 1000
link/ether 34:97:f6:5b:11:63 brd ff:ff:ff:ff:ff:ff
inet6 fe80::3697:f6ff:fe5b:1163/64 scope link
valid_lft forever preferred_lft forever

LXC Configuration

Configure the container network interface:

lxc config edit [CONTAINER]
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: enp4s0.4040
    type: nic

Static IP Assignment

Statically assign your address in the container:

/etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 203.0.113.170/29
      gateway4: 203.0.113.169
      mtu: 1400

Disable cloud-init network configuration:

/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

network: {config: disabled}