Ran into the real ip problem too in prod where we needed ip6 too and the podman version is too old to have anything newer. But running the proxy with network=host and anything behind is listening on 127.0.0.1:x is working well so far. It’s not so elegant as it could be, but it works smoothly.
The raw ovpn and wg config files do integrate well into most(?) network manager GUIs now. But for me auto-connect only worked well there with ovpn and not wg for some reason. It’s quicker to switch than with systemd imo.
this could be interesting if “collaborative” meant that different instances could federate