fabian2k

Are there any simple tools to manage a small WireGuard VPN with a handful of servers and something like low double-digit number of clients? By servers I mean Linux servers/VMs that expose some web services and clients are simply desktop/notebooks that need to access the servers, but don't expose services to the VPN.

From the description, this tool isn't what I want. I have configured a simple version by hand with Wireguard, but it did seem like raw WireGuard is too low-level for my purpose and my networking knowledge. Setting up the keys does need some level of automation for anything larger than a sandbox. And I didn't figure out a way to resolve domains within the VPN without interfering with the DNS on the clients for everything else.

411111111111111
I've never used it myself, but a sister comment mentioned related projects working with wireguard and innernet seems to be exactly that use case from a casual glance. You can specify full cidr rules, so it should be possible to prohibit connections between nodes by segmenting the IPs

https://github.com/tonarino/innernet

There are easier options around if all you wish is ssh access to your servers though. Personally I'd recommend gravitational teleport, mainly because the name is so hilarious

https://goteleport.com/