chore: update VPN routing configuration and add Grafana VPN documentation

deployment/stacks/traefik/dynamic/middlewares.yml

@@ -56,14 +56,13 @@ http:
     # Restrict access strictly to the WireGuard network
     # Note: ipAllowList checks the real client IP from the connection
     # When connected via VPN, client IP should be from 10.8.0.0/24
-    # If client IP shows public IP (e.g., 89.246.96.244), check:
-    # 1. VPN connection is active and traffic is routed through VPN
-    # 2. DNS uses 10.8.0.1 (VPN DNS server) to resolve grafana.michaelschiemer.de
-    # 3. Browser/system routing sends traffic through VPN interface
+    # If client IP shows public IP, the traffic is NOT going through VPN
+    # TEMPORARY: Added public IP for testing - REMOVE after fixing VPN routing!
     grafana-vpn-only:
       ipAllowList:
         sourceRange:
           - "10.8.0.0/24"      # WireGuard VPN network (10.8.0.1 = server, 10.8.0.x = clients)
+          - "89.246.96.244/32" # TEMPORARY: Public IP for testing - REMOVE after VPN routing is fixed!
 
     # VPN-only IP allowlist for general use (Traefik Dashboard, etc.)
     # Restrict access strictly to the WireGuard network