In one of my older posts, I talked about using Shadowsocks in conjunction with Wireguard to bypass firewall. That works, sure, but when considering what people usually use Wireguard for, the redundency of this setup becomes apparent. People use Wireguard to visit geo-blocked websites! (or hide IPs in general) I mean yes, Wireguard can do this.
Is your Wireguard server not as fast as you thought? Does it suffer from constant disconnects and packet drops? Sometimes, it is simply caused by Wireguard using UDP instead of TCP. In some public networks, the ISP loves interrupting UDP traffic. With a technique called Quality of Service, they deliberately slow down UDP traffic to avoid network congestion in busy hours.
Wireguard sure is nice. It is both easy to use and has quite good network performance. It is almost unambiguously better than its predecessor, OpenVPN. Moreover, Wireguard is already deployed everywhere (yes, Cloudflare Warp is pure Wireguard). So, what’s the problem? If Wireguard is so good, just use a Wireguard VPN everywhere, and you can forget about leaking your IP addresses or being DDoSed.
Update Mar 23 ‘21: Improve the stability of IPv6 tunnel. I like IPv6, but Cox’s IPv6 network is suboptimal. I like the idea of a VPN providing millions of IPv6 addresses to its clients. Wireguard, it seems, is the obvious choice for creating an IPv6 VPN. Yes, I did set up Wireguard servers before using Debian, /etc/network/interfaces and wg-quick.