Two physical sites, joined by a single OpenVPN P2P tunnel.
[Internet]
|
[pfSense RZ 10.100.0.1] ─── ESXi-RZ (RZ Hetzner)
|
| OpenVPN P2P (tun, shared key, 10.233.100.0/24)
|
[pfSense Home 10.100.100.1] ─── VE-IO-01 (Home Proxmox)
─── SV-IO-02 (Synology NAS)
These are deliberate cost/energy trade-offs — see
Standards / No-compromises baseline. Update 2026-05-04: DC ist mid-migration RZ ESXi → HM Proxmox; Ziel-IP 10.100.100.10 (siehe policies/ip-allocation-hm für die per-VLAN DNS-Matrix).
Cleanup-Hinweis 2026-05-04: per-VLAN-DNS-Matrix steht in policies/ip-allocation-hm. Hetzner-DNS-API-Token siehe reference/hetzner-dns-api.