I run a headscale/Tailscale based VPN for my makerspace's fleet of servers and other devices. After the initial setup, everything is just chugging along.
Occasionally with some of my systems I end up having to debug the DNS resolver because of MagicDNS but that's nothing too serious compared to actually being able to roll my own VPN now within a few hours.
The challenge has been showing my colleagues why they should learn how to use a VPN beyond privacy protection. So I have been rolling out Jellyfin and other stuff to get them into it.