I like the idea of WireGuard as a simple tunnel, but I wish people would stop comparing it with VPNs. VPNs have lots of extra functionality that is necessary to support a variety of use cases, both functionally (like pushing routes or scripts to clients) and security-wise (like real key management and SSO).
I literally can't replace any VPN I currently use with Wireguard because I would lose needed functionality. I could maybe replace the tunnel to a bastion host, but even then I would actually be worse off security wise, because I'd be losing cert-based key management. (ex. https://smallstep.com/blog/use-ssh-certificates/)
An an ex-OpenVPN user, I consider the ability of the server to push arbitrary scripts to the client an antifeature and a security problem that needs to be carefully mitigated every time.
I literally can't replace any VPN I currently use with Wireguard because I would lose needed functionality. I could maybe replace the tunnel to a bastion host, but even then I would actually be worse off security wise, because I'd be losing cert-based key management. (ex. https://smallstep.com/blog/use-ssh-certificates/)