Or you could just use sshuttle with far less steps: https://github.com/sshuttle/sshuttle
Agreed. You're already setting up SSH and deleting it soon so why bother setting up the IPs, adding your public key, getting the server's public key, configuring iptables, and configuring wireguard locally when you could just SSH?
Only benefit I'd see is wireguard would be easier to use on a mobile device, but the setup requires the ability to run ansible and do ssh already so... that's not really practical.
> why bother
Last I checked, wireguard had much better performance than sshuttle. May or may not matter for your use case, but it's a reason.
Yes! Last time I used sshuttle (bypassing content blocks in India by tunneling to a server in the US), my bandwidth dropped from 10mbps to 1mbps. Back then wireguard didn’t exist, but IPSEC could easily saturate the 10mbps link. I suspect it’s a combination of TCP-over-TCP and a horrible default buffer size that makes sshuttle unusably slow.
Apps that manipulate TCP packets locally to break fingerprinting [0] like GoodbyeDPI (Windows) [1], GreenTunnel (cross platform CLI) [2], Intra (Android) [3] have been adequate.
[0] https://nitter.net/vinifortuna/status/1304189371688660992 (https://twitter.com/vinifortuna/status/1304189371688660992)
[1] https://github.com/ValdikSS/GoodbyeDPI