What I'd really like to see, and didn't as of a few months ago, is a userspace docker/linux wireguard that doesn't require any special kernel privs or capabilities.
Yes, and it's pretty adamant that it's not to be run on linux. (like, you have to edit some source to add something like "yes I really mean to do this")
Once you blow past the warnings about compiling it on linux, it still failed to actually work in my testing. Fair enough.
It doesn't seem like it should be an insurmountable problem, but I'm a level or two from being able to make it work by sheer force of code.
I'm pretty sure he's just trying to get you to run the more performant kernel version on Linux, especially since the goal is to mainline it into the Linux kernel. I can't see a substantive reason for it to be a bad idea there.