to sum up what I figured out last night: Wireguard point-to-point links are as easy to set up as the reverse-proxy apps ('frp' and 'rathole') I've used in the past, and likely more reliable, performant, and secure. I used this guide to set up such a link:

How to Install Wireguard VPN on Debian 12 Complete Guide | Vultr Docs

Learn how to install and configure Wireguard VPN on Debian 12 with our step-by-step guide. Secure your connection with this modern, efficient VPN s...

I replaced my existing tunnels with this, and I'm pleased that upon finally taking the time to look into it, #Wireguard proved very simple to use. as for my claims of its likely superiority: * more reliable due to more highly proficient eyes on the codebase and a bigger userbase smoking out bugs * more performant due to less copying bytes to/from userspace * more secure because one point of Wireguard is to have as small a codebase as possible, and again (being in the kernel in part) it has more smart sets of eyes on it; further, it makes use of existing IP networking security practices. this is a major step forward for Surfhosting. I had a big mental block on deploying Wireguard for quite a while, and now I'm past it. 🧑‍💻 #ReverseProxy #Homelab