[nurettin]

If you trust your vps dns, easiest way would be autossh -D<port> <user@host> and set your browser's socks5 proxy to localhost:<port> and tell it to use remote dns when resolving domains. This requires no wireguard setup, no certificate generation or anything.

[bouncycastle]

I've been doing both and have to say Wireguard is much more performant and stable than an ssh tunnel. Besides, it shouldn't be too hard to set it up on a VPS.

[GordonS]

As a counter point about reliability, I've been tunnelling my HTTP traffic (and DNS) through SSH (to get around corporate restrictions and monitoring) for 10 years or so - I don't think I've ever had any reliability issues.

[bouncycastle]

I've had a lot of problems: latency, ssh tcp connections dropping packets and whole connection becoming unstable, manually configure proxy / browser each time & also sometimes you may forget to start the tunnel. You also need to start a new ssh connection for each port you want to forward, so you end up managing a bunch of ssh connections if you want to expose some services for example. Wireguard is more deeper down the layers and just works without jumping through hoops - none of the apps are aware of it and when it's on, it just stays on). Of course, when all you have is ssh to get around pesky restrictions, then I guess that will do fine too! ;-)

[GordonS]

A good point about switching proxies and apps that don't support SOCKS natively.

I guess I've been dealing with those issues for so long they don't bother me anymore!

Also, I use a great extension for Firefox, so I can switch to/from the proxy in 2 clicks, "Proxy Switcher and Manager".

[lisk1]

WireGuard doesn't use certificates it works similar way to SSH with keys, also they have open source clients for Android and iOS a few clicks configuration

[nurettin]

You don't generate a key pair to share with the client? How does that even work when you want to disable a key or set a password?

[lisk1]

What i meant generating keys is not equal to generating certificate in the common sense of this word, it only works with randomly generated keys , passwords are not save way to encrypt data unless you can remember random sequence of characters for every client you have. If look at WireGuard protocol will get all the answares.

[nurettin]

I got my answers, it is pretty much openvpn with a different wireprotocol and there are key pairs.