fast kernelspace VPN

See https://www.wireguard.com/ and https://wiki.archlinux.org/title/WireGuard for more info.

See also https://www.procustodibus.com/blog/2021/05/wireguard-ufw/ on how to setup common configurations.

When using a firewall such as UFW, the following ports need to be opened:

• wireguard tunnel port (ex: 51872/udp)
• any other ports from wireguard network to machine (ex: 22/tcp for ssh)

See ufw on how to configure firewall for use with wireguard.

Sometimes SSH connections can fail due to packet fragmentation (?), sometimes a fix is to lower MTU to 1400.
sudo ip link set dev wg0 mtu 1400 and reset inet.