You cannot run SCTP on the Internet anyway. Too many routers block anything that's not TCP/UDP/ICMP.
Another option would be to run insecure QUIC or SCTP on top of WireGuard,
Don't use the tools. There's a library around that you can use to do all of the heavy lifting via netlink sockets. You'll also need the privilege to assign addresses and routes to the WG interfaces.I'm also wondering how easy this would be to program. It would clearly be much
more heavyweight than simply opening a socket, but I guess it can be done via
invocations of the `wg` or `wg-quick` tools.
If you go the netlink route, you do need one process that has the appropriate privilege, which means root at install time (but not runtime).Ideally we wouldn't need root
Well, the WG wire protocol is supposed to be stable by now. Switching away from it would require new code on your side anyway, so you can implement the exact method of switching at that time.
Once the network is live, we'd need the transport protocol to be relatively
stable, or at least be easily upgradeable
-- -- Matthias Urlichs