I've done a lot of professional work over the past few months† with WireGuard and can't think of a piece of information I've ever needed to troubleshoot it that it doesn't provide. You know about `dynamic_debug`, right?
There's also just not that much to debug! You've got keys, allowed IP lists, and endpoint addresses. There aren't a lot of other knobs to turn!
I think a thing that gets people into trouble with WireGuard is not understanding how modest its design is. The goal of WireGuard is to drop into the networking stack as just another interface. It doesn't intend to implement an entire new networking model on top of itself. My experience has generally been, if it's straightforward to express in the Linux networking model, it's straightforward with WireGuard.
I think this is a very good thing. I really don't want to have to think about what the OpenVPN developers believe about networking in general. I want to bring up secure transports and route packets over them the way I'd route over any other tunnel I want orthogonal, predictable interfaces that I (or Tailscale, or whatever) can build more complicated things on top of.
There's also just not that much to debug! You've got keys, allowed IP lists, and endpoint addresses. There aren't a lot of other knobs to turn!
I think a thing that gets people into trouble with WireGuard is not understanding how modest its design is. The goal of WireGuard is to drop into the networking stack as just another interface. It doesn't intend to implement an entire new networking model on top of itself. My experience has generally been, if it's straightforward to express in the Linux networking model, it's straightforward with WireGuard.
I think this is a very good thing. I really don't want to have to think about what the OpenVPN developers believe about networking in general. I want to bring up secure transports and route packets over them the way I'd route over any other tunnel I want orthogonal, predictable interfaces that I (or Tailscale, or whatever) can build more complicated things on top of.
† https://fly.io/blog/ipv6-wireguard-peering/