Anyone know of good tools for using WireGuard in large server fleets? I'm currently trying to pitch an alternative to OpenVPN at work, paid solutions being pretty much out of the question. ZeroTier (w/ open license network controller) might work but it doesn't look like mutual authentication is supported. Ideally we'd like to use X509 auth which OpenVPN is already capable of...
Have you looked into https://github.com/slackhq/nebula? It uses X509 cert for auth.
Although for my home lab, using X509 is more of a minus than a plus due to complexity involved.