Switched my servers (home and VPS) over from tailscale to wireguard this weekend. Works nicely on #FreeBSD in particular. #Debian was a little less straightforward but still not bad.
Next task is to figure out DNS rather than hardcoding the IP addresses. Not entirely sure what the right option is: I only want it for the sake of three addresses, and in particular don't want to send all my DNS through the VPS. I'd even just put everything in /etc/hosts, but I'd like it to distinguish between the VPN being up or down.