Since Wireguard uses UDP and peers only reply to a received packet if it's expected and valid, it won't show up in port scans and barely increases your attack surface.
Tailscale and Zerotier are quite nice, but personally I dislike NAT-punching protocols.
Since Wireguard uses UDP and peers only reply to a received packet if it's expected and valid, it won't show up in port scans and barely increases your attack surface. Tailscale and Zerotier are quite nice, but personally I dislike NAT-punching protocols.