429 google drive errors back for anyone using Hetzner, even with cloudflare or google dns used?

PogMoThoin22 · April 7, 2023, 4:43pm

Hi, what DNS server are you using on Hetzner, have you static entries in your host file? I had this VPN working well using the same VPS provider using Cloudflare DNS but then 2 weeks later it started giving 429s

smoon · April 7, 2023, 6:00pm

Hey,

i´m using the CF DNS Servers on every one of my servers, regardless if they are at Hetzner or on other locations. I do NOT have static entries in my hosts files.

If you get the 429s again it shows that the traffic is not routed through wireguard.

In the meantime I rented a second VPS and now I´m splitting the traffic through both VPS ... with that I have 80TB of traffic each month

PogMoThoin22 · April 7, 2023, 6:18pm

Ok, I am watching it here and not all my uploads to googleapis.com are going over the tunnel. This is from my wg-client.conf

AllowedIPs = 172.26.3.155/16,142.250.0.0/15,172.217.0.0/16,216.58.192.0/19

And here is the output of a lookup
Non-authoritative answer:
Name: www.googleapis.com
Address: 142.250.185.234
Name: www.googleapis.com
Address: 172.217.16.138
Name: www.googleapis.com
Address: 142.250.186.138
Name: www.googleapis.com
Address: 172.217.18.10
Name: www.googleapis.com
Address: 142.250.181.234
Name: www.googleapis.com
Address: 142.250.185.170
Name: www.googleapis.com
Address: 142.250.186.170
Name: www.googleapis.com
Address: 142.250.186.106
Name: www.googleapis.com
Address: 172.217.16.202
Name: www.googleapis.com
Address: 142.250.186.42
Name: www.googleapis.com
Address: 142.250.185.74
Name: www.googleapis.com
Address: 142.250.185.202
Name: www.googleapis.com
Address: 142.250.185.138
Name: www.googleapis.com
Address: 142.250.186.74
Name: www.googleapis.com
Address: 142.250.184.202
Name: www.googleapis.com
Address: 142.250.185.106

smoon · April 7, 2023, 6:39pm

So do you have IPv6 enabled on your network interface from your server? If yes, the IPv6 traffic won’t be routed via wireguard if you have not configured wireguard for IPv6 also.

Disable IPv6 on your server or add IPv6 support to your wireguard setup.

PogMoThoin22 · April 7, 2023, 6:50pm

Ok that was it, I disabled ipv6, all going over the tunnel now

smoon · April 8, 2023, 8:34am

For the future I would recommend to enable IPv6 via Wireguard also as you will have more connections to googles API when using v4 and v6 simultanously.

PogMoThoin22 · April 8, 2023, 8:45am

Yeah, that's the plan, I've just not got my head around IPV6 yet

Fma965 · April 11, 2023, 6:07pm

gist.github.com

https://gist.github.com/Fma965/515c7add093bdc4fa4fa155b2fa35ba6

WIREGUARD.md

# WIREGUARD Setup based on jshanks24/homescripts-fork

Configuration and steps for configuring a Wireguard client to only route traffic when from specific IP address.

## Server Installation/Configuration
https://github.com/angristan/wireguard-install

```bash
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
```

This file has been truncated. show original

Here is a quick guide i made based on googling, research and other guides

David_M · April 15, 2023, 11:41am

still perfect on my hetzner... since adding the like 5 original ips someone suggested to add in the hosts file... like 2 months ago... haven't even had to add/change those...

how is everyone else doing atm?

smoon · April 19, 2023, 7:14am

Still fighting the 429s without wireguard ...

alneven · May 4, 2023, 9:40pm

And what is your upload speed to Google?

David_M · May 5, 2023, 12:39am

like 100 megs if i want to... but i alwats cap my bandwidth at 35 megs so as not to interfere with streaming etc : )

still working perfectly with the first batch of ips the first one that suggested the hosts file edit....

i'm convinced there is another variable here...

alneven · May 5, 2023, 6:16am

I have two servers @ hetzner

1st with modified dns servers and the hosts file hack (as I got 429 errors as many of us):

2nd, brand new box, no modification, out of the box ubuntu linux install with the latest rclone (--bwlimit 15M):

but no 429 google drive errors on both

RoboticPro · May 5, 2023, 5:52pm

@alneven can you tell me more details about the instance that works? I have two dedicated auction servers (One in FSN-DC1 and one in HEL1-DC2) from hetzner and they are both getting the 429 error.

I tried the above mentioned fixes bit haven't found one which works.

I also have an oracle cloud instance (the free one) as the alternative planned but it's ARM based and i don't have the best experience with it at the moment.

alneven · May 5, 2023, 7:17pm

It is an auction server, and it is located in FSN1-DC11 (the other one is DC7)

H4v0k · May 13, 2023, 7:17am

I started noticing this problem today,
I don't know if it's been affecting me longer, as it wasn't until I jumped on my server to troubleshoot a different issue, and tailed syslog, that I saw all these errors.
Sure enough vfc/stats shows a queue of uploads that it's waiting to process.
My server is in HEL1-DC3, in case anyone's interested.
Think I'm going to go down the VPS split tunnel route to resolve this, and possibly look to move away from Hetzner completely if google are going to block whole IP ranges for a few bad apples.

random404 · May 13, 2023, 1:13pm

I just started getting this issue now too

alneven · May 13, 2023, 5:04pm

geez, now I had this on my new server last night as well

PogMoThoin22 · May 17, 2023, 8:23am

I had issues yesterday (noticed yesterday could've been an issue for days) started getting 429s while using VPN. I quickly uncommented the googleapis IP addresses in the host file to get it working as I don't have time to diagnose. I'll investigate at the weekend

H4v0k · May 20, 2023, 8:55am

Did everyone else who was getting 429's also get slapped with the "Pooled storage limit exceeded" emails.
I'm wondering if Google is taking a stance against Hetzner users, or if I was just unlucky.