[aborsy]

Not intending to drag on comments, but I would argue running a basic Wireguard VPN on a central VPS (old hub and spoke) near your city, is more secure and faster. The attack surface is minimal, you have better control over firewall etc.

Mesh VPNs shine in small businesses with many users, where ACLs, SSO etc become useful. In home labs, a basic Wireguard server works fine.

[soraminazuki]

I think mesh VPNs and VPS-based solutions are the same in terms of privacy. They all involve third parties that you have to trust. Mesh VPNs might even be slightly better because it uses P2P connections whenever it can.

The best solution IMHO would be to use mesh VPNs and secure inter-node connections with an additional layer of encryption. SSH and TLS should cover most use cases here, and both are widely supported and easy to set up.

[mikojan]

WireGuard is a mesh VPN. It's dead-simple to set up this way, too. All my devices and containers (local and remote) talk to each other this way