Architecture accès SSH — WireGuard hub-and-spoke
Réseau privé · wg0: Transmission · wg1: 10.99.0.0/24 · wg2: 10.100.0.0/24 · Tunnel chiffré WireGuard
INTERNET
You → SSH :22
SSH :22
VPS-Bastion OVH
213.32.19.68 (public)
WireGuard hub · wg0: Transmission · wg1: 10.99.0.1 · wg2: 10.100.0.1
● WireGuard HUB
══ WireGuard wg1 — btjp.fr (10.99.0.0/24) ══
BHS4-Bastion VM
Proxmox · NEW
10.99.0.2
NEW
BHS4-PVE
10.4.8.2
BHS4-Plex
10.4.8.10
BHS4-Web
freed · no longer jump
HOU-Bastion VM
Proxmox · NEW · dynamic IP → WG
10.99.0.3
NEW
HOU-PVE
10.0.40.20
HOU-LLM
10.0.30.20
HOU-DEV
10.0.30.12
HOU-WEB
freed · no longer jump
PF-DATA128
existing
10.99.0.4
PVE-STOR-1
10.47.1.11
Storage
existing
10.99.0.5
PVE-STOR-2
10.48.1.11
══ WireGuard wg2 — LORVA (10.100.0.0/24) ══
LORVA-Bastion VM
Proxmox KS-16 · VLAN 30
10.100.0.2 · 10.10.30.x
NEW
LORVA · OVH KS-16
lorva-infra
10.10.10.10
GitLab · NetBox
taskori-prod
10.10.20.10
Taskori SaaS
lorva-public
10.10.30.10
Traefik · Mail
BHS4 · Canada Est
HOU · Houston
PF · Data
Storage
── SSH LAN interne (btjp.fr) ──
── SSH LAN interne (LORVA) ──
VPS-Bastion (hub public)
Bastion VM btjp.fr (new)
Bastion VM LORVA (new)
Noeud existant WG
Hôte LAN cible
WG wg0 — Transmission (VPN)
WG wg1 — btjp.fr (10.99.0.0/24)
WG wg2 — LORVA (10.100.0.0/24)
SSH LAN interne
Hôte libéré (freed)