Hey r/homelab,
I’ve got a 3-node Proxmox cluster at home and am gearing up to set up a Proxmox box at a remote site. My main concern is the trustworthiness of the network there, and I want to ensure maximum isolation.
This box will primarily serve as an off-site backup solution and I’ll be utilizing Tailscale, since I have zero access to the firewall or router of the remote site network and I’m also behind CGNAT on both sites.
Specifically, I want to configure the Proxmox box (and the iLO4 on my HP ProLiant ML310e Gen8) so that nobody on the remote network can access them.
Any tips or best practices on securing both Proxmox and iLO4 in this context? I’m especially interested in insights on network isolation and additional security measures.
Thanks a bunch for your help!
Honestly, I wouldn’t stick any OOB management thing on any network I couldn’t trust. And it sounds like you have no ability to ensure that someone on the remote side can’t just go and change what your box is plugged into arbitrarily.
With that in mind… I’d probably do Tailscale, bare metal (no virtualization), and set up the machine’s local firewall to drop all incoming connections from the ethernet port. Tailscale would connect out to establish its tunnel and then everything coming in via Tailscale would be fine.