Also what additional security measures have you implemented?
I have two wireguard servers and a reverse proxy (Traefik).
I have setup my services so that they are only accessible from one wireguard VPN. No matter i am on LAN or WAN.
Second wireguard server is to connect to different vpn networks that i usually need to push some code or access the dev or prod servers for my projects. I have build wg-easy manually to install many vpn clients within it’s image and configure routes so that they work without problems simultaniously. It all works GREAT. Openvpn, Openconnect, pptp and barracuda VPN.
I had this setup on my router but i was given this barracuda vpn client which can’t work on devices except X86. Sadly my router is not x86 and i just moved everything and installed all these vpn clients with that barracyda vpn client inside docker container with wg-easy.
I wish you had separated Tailscale and traditional VPNs