0. lightweight, and able to run completely headless
1. Deal with all the NAT traversal magic
2. Preserves most wireguard flexibilities. (e.g. I want to freely pick any CIDR to use, and assign any IP to any client)
3. Able to forward traffics thru the server in case NAT traversal is not possible
4. Compatible with vanilla wireguard client (in this case of course NAT traversal won't work so just let server forward all the traffic)
5. (Optional) support multiple servers for fallback.