This keeps getting complicated. The 10.0.0.1 IP is what I intend to configure on my OpenBSD server on which I will have my private wiki running. I intend that my users will VPN into the server and be able to use those websites - as stated in the first post of mine.
To access the web console I enter a private IP on my browser URL (
http://172.16.0.13). This is routed so that it is reachable from the 3 locations where I access the server console from. All 3 locations are being provided connectivity from the same ISP. The web console isn't just a console for only my OpenBSD server. It has a list of other servers which the ISP uses as well, to which I require access as I am consulting them for some systems of theirs. I just select the appropriate server from the list on the URL and get console access. None of the consoles are being accessed by anyone but me and the NOC Managers of the ISP (not even my users). I do not perceive a threat to my server from them.
As a fallback, in case I am not on the ISP provided network and I need to urgently access any of the consoles, I have to call up NOC support and they quickly patch an Internet connected cheap firewall to the same switch where the VPS resides onto which I VPN.
The specific reason I'm not using the ISP infrastructure for VPN for my OpenBSD VPS is because a few months down the line I intend to move my VPS out of there - or - I just don't wish to be reliant on 3rd party provided VPN solutions, they may not be able to add/remove/disable internal users of mine and I'll have to keep raising support tickets with the ISP for my users. Like you rightly said, I may not require VPN at all. I'm still reading up after getting inputs from your end. The list of articles is lengthy. I'm slow. It's taking a bit of time.