Wireguard is fairly easy to add between two machines, which allows you to set up a client/server setup which all traffic routes through
You can add a new machine, so to set up the third machine takes 10 minutes, the fourth takes 10, the fifth 10, etc
If machine 3 wants to talk to machine 6, packets are routed via the single central "vpn concentrator" machine.
However to really benefit from wireguard, you don't want to tunnel all the traffic through a single machine - both from a security perspective and performance perspective.
To add 3 machines is fine, you need to set up 3 tunnels, from machine 1-2, 2-3 and 1-3.
A fourth machine needs 3 new tunnels - 1-4, 2-4 and 3-4. A fifth machine needs 4 new tunnels.
You then need to manage all those keys and cycle through them (you should change private keys regularly)
Things like tailscale automate all this. You want to add 19th a machine, you simply add one entry and it handles the rest.
You can add a new machine, so to set up the third machine takes 10 minutes, the fourth takes 10, the fifth 10, etc
If machine 3 wants to talk to machine 6, packets are routed via the single central "vpn concentrator" machine.
However to really benefit from wireguard, you don't want to tunnel all the traffic through a single machine - both from a security perspective and performance perspective.
To add 3 machines is fine, you need to set up 3 tunnels, from machine 1-2, 2-3 and 1-3.
A fourth machine needs 3 new tunnels - 1-4, 2-4 and 3-4. A fifth machine needs 4 new tunnels.
You then need to manage all those keys and cycle through them (you should change private keys regularly)
Things like tailscale automate all this. You want to add 19th a machine, you simply add one entry and it handles the rest.