Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
Attention
This article was written on 03-27-2024, the issue is now resolved.
Why can’t Google Cloud reach my Hetzner Server?
At this time it’s unknown, it has been suggested that this is related to a Google Cloud blacklist. It hasn’t been confirmed from Google Cloud specifically.
What’s the actual issue?
Traffic from Google Cloud fails to some Hetzner IP addresses fails, the following has been confirmed.
- Not all Hetzner IP’s are affected, only a select few within their 5.161.0.0/16 netblock.
- The issue was confirmed using Google Cloud network range 35.224.0.0/12
- Traffic leaves Google Cloud and reaches Hetzner.
- Traffic from Hetzner to Google Cloud does not reach Google Cloud instances.
- Hetzner IP’s incremented up an down from an affected IP are not affected.
How does this relate to GridPane?
If you have a Hetzner server with an affected IP, you may not be able to provision GridPane on the server. This also affects already provisioned servers, it might occur days, weeks or months after first deployment.
The only response from GridPane is the following.
You may share these results with Hetzer support and specifically ask them to change the IP since their IP reputation with Google is poor for this particular IP.
Note that this is a known issue and many users in the past have already changed their server IP with the assistance of Hetzner support.
Update
Here’s an update from the person that was experiencing the issue.
So just as a follow-up here…
Traffic from Google to my server was fine. Traffic from my server back to Google was not getting there.
We figured out that IP was not the issue.
I contacted Hetzner about this and they asked me to run traces of packets and send them a report. Thanks for @jtrask and his help we realized that all of a sudden traffic was getting through.
I went into my GP server and was able to now reconnect the server.
Thoughts
It’s really hard to have an opinion on this matter, due to the fact that there is no insight from GCP or Hetzners side as to what happened. But I would take a guess that Hetzner had some sort of issues, however it’s possible that Google was blocking inbound traffic and Hetzner reached out to correct it. Either way, the only solution is to bug Hetzner as this is something they can address either internally or by reaching out to GCP.