Hetzner Proxmox + Opnsense VM configuration with a single public IP

[isanonymat]

Hi everyone,
I'm currently working on a project which consists of installing proxmox and an opnsense VM on a dedicated Hetzner server. I used a configuration inspired from this project: https://github.com/kpma1985/ansible_proxmox_hetzner.
I configure the hetzner server and the opnsense server in such a way that the hetzner port receive a fake address, and the opnsense VM has the real mac address and the Main public IP.

#
# https://github.com/kpma1985/ansible_proxmox_hetzner
#

auto lo
iface lo inet loopback


###
#  Fake macaddress for real interface
###
auto {{ ansible_default_ipv4.interface }}
iface {{ ansible_default_ipv4.interface }} inet manual
        hwaddress ether {{ '52:54:00' | random_mac }}

###
#  Bridge opnsense VM to WAN
###
auto {{ hetzner_pve_opnsense_vm_settings.wan_bridge }}
iface {{ hetzner_pve_opnsense_vm_settings.wan_bridge }} inet static
        bridge-ports {{ ansible_default_ipv4.interface }}
        bridge-stp off
        bridge-fd 0
        bridge_maxwait 0

###
#  {{ hetzner_pve_network_vm_lan_ip }} used by opnsense
###
auto {{ hetzner_pve_opnsense_vm_settings.lan_bridge }}
iface {{ hetzner_pve_opnsense_vm_settings.lan_bridge }} inet static
        address {{ hetzner_pve_network_lan_ip }}/{{ hetzner_pve_network_lan_subnet }}
        gateway {{ hetzner_pve_network_vm_lan_ip }}
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge_maxwait 0
source /etc/network/interfaces.d/*

The configuration of the opnsense VM:

- name: OPNsense - Create OPNsense VM
  shell: |
      qm create {{ hetzner_pve_opnsense_vm_settings.id }} \
      --onboot 1 --agent 1 --name opnsense \
      --memory {{ hetzner_pve_opnsense_vm_settings.memory }} \
      --net0 virtio={{ hostvars[inventory_hostname].ansible_default_ipv4.macaddress }},bridge={{ hetzner_pve_opnsense_vm_settings.wan_bridge }},link_down=1 \
      --net1 virtio,bridge={{ hetzner_pve_opnsense_vm_settings.lan_bridge }} \
      --args "-serial tcp:127.0.0.1:{{ hetzner_pve_opnsense_vm_settings.id }},server,nowait \
              -drive file=fat:rw:/tmp/qemu_{{ hetzner_pve_opnsense_vm_settings.id }}_vfat/,if=none,id=drive-usb0,format=raw,cache=none \
              -device usb-storage,id=drive-usb0,drive=drive-usb0,removable=on"

....
- name: OPNsense - Stop OPNsense, enable WAN interface and creating backup
  ansible.builtin.shell: |
    qm stop {{ hetzner_pve_opnsense_vm_settings.id }}
    qm set {{ hetzner_pve_opnsense_vm_settings.id }} \
            --net0 virtio={{ hostvars[inventory_hostname].ansible_default_ipv4.macaddress }},bridge={{ hetzner_pve_opnsense_vm_settings.wan_bridge }} --args ""
    vzdump {{ hetzner_pve_opnsense_vm_settings.id }}

This configuration worked before (I used it since one year), now for some reasons, I'm unable to share the main IP and the real mac address with the OPNsense VM. I'm unable to reboot the system once this configuration is set up. My hypothesis is that Hetzner blocked it, but I'm not sure, before in this configuration we suppose that everything is NATted so the Hetzner router should only see the OPNsense VM interface.

My idea is to have some VMs services running on it and everything is routed thanks to Opnsense.

Can you explain what is wrong here? Is my hypothesis true? and if yes, which alternatives can I use in order to configure my virtualized network?