Setting Up Networking on Kali in an OVH Server VM

Similar to my post on Ubuntu guest VM networking on OVH Hosting, networking for guest VM’s is a little complex on OVH hosting. When you rent the use of an IPv4 address range, you need to use a /32 address and custom gateway route. This differs from typical DHCP behaviour.

The procedure outlined here begins with a temporary solution. This allows us to get a working SSH terminal, moving away from web consoles from hypervisors like Proxmox. We can then get NetworkManager to ensure changes will persist through a reboot.

Temporary Networking Fix for Kali

You can run commands like these, with your IP address and gateway address from OVH Hosting:

sudo ip addr add X.X.X.X/32 dev eth0
sudo ip route add Y.Y.Y.Y/32 dev eth0
sudo ip route add default via Y.Y.Y.Y dev eth0 onlink

That works until reboot. On Ubuntu we used netplan, but on Kali things need to look a little different.

Temporary DNS Fix

Since the static route/gateway setup is manual at first, DNS may fail. Created a temporary /etc/resolv.conf:

nameserver 1.1.1.1
nameserver 8.8.8.8

You should now be able to install any packages you need, and access your server. I used Tailscale as a network overlay, and had to use systemctl enable --now ssh to get the OpenSSH server to start up. After this, I was able to connect via a proper terminal.

Persistent NM Profile for /32 Address

Using nmcli, inspect and then modified the connection:

sudo nmcli connection modify eth0 ipv4.method manual \
  ipv4.addresses "X.X.X.X/32" \
  ipv4.gateway Y.Y.Y.Y \
  ipv4.dns "1.1.1.1 8.8.8.8"

X.X.X.X/32 is the public IP OVH assigned. In my case, it was rented as part of a /30 block (4 addresses).

Y.Y.Y.Y refers to the gateway you must route via and mark as on-link.

DNS is added so resolv.conf gets managed by NM.

IPv6 disabled as it was unused

Then:

sudo nmcli connection down eth0 && sudo nmcli connection up eth0

Post-Reboot Checklist

After a reboot the interface should come up automatically with:

  • The correct /32 address
  • The special /32 gateway route
  • Default route via that gateway
  • DNS correctly served via the NM profile

Final Note on Network Overlay

In my case, I was using a network overlay. At some point, Tailscale put itself in charge of DNS. This was not an issue.