Oh, that makes so much more sense. Thank you.
Wireguard is better and easier. Never used tailscale, to be honest I don’t really get it.
It is Wireguard with extra features. It has username and password on top of the normal public/private key authentication.
It also has tools for network ACLs.
Also, it has NAT Traversal in order to establish successful connections with all clients.
Basically, it adds a lot of very useful security and network tools that Wireguard doesn’t natively have.
I personally think that not having to deal with config files when you set it up or in every device every time you want to change something is already a huge advantage for someone just looking for something you can set up and forget about it.
The issue here (pre Edit 2) is that without being able to set a static MAC address, which looks to be possible, a WoL packet won’t be delivered to the intended destination as WoL typically requires L2. A L3 VPN only works for this use-case because the router allows static MAC addresses mappings.