Apart from some smaller projects building on top of WireGuard, there's Tailscale [1]. One of the founders is Brad Fitzpatrick who worked on the Go team at Google before and built memcached and perkeep in the past.

Outside of the WireGuard ecosystem there's ZeroTier [2] which has been around for a while and they're working on a new version; and Nebula [3] from Slack, which is likely to be maintained as long as Slack uses it.

There might be others, but with tinc these four are the ones I've seen referred to most often.

[1] https://tailscale.com

[2] https://www.zerotier.com

[3] https://github.com/slackhq/nebula

+1 for Tailscale, the product is great. I've used it in a very limited scale but can vouch for quality and performance. No CPU issues at all (even on rPi).

Similar to Tailscale is the Innernet project, which has similar goals but is fully open source (also built on Wireguard). I've heard that set-up is a bit more painful, but for those who are interested in FOSS or self-hosting, it might be worth looking into.

[1] https://github.com/tonarino/innernet

NoCode: fly.io with its 6pn (out-of-the-box private networking among clusters in the same org).

DIY: envoyproxy.io / HashiCorp Consul for app-space private networking over public interfaces.

LowCode: Mesh P2P VPN network among your clusters with FOSS/SaaS like WireTrustee / tailscale.io / Slack Nebula.

What kind of loads are we talking about here? How many requests per seconds? Or is each request response large?

Have you noticed whether it is worse for lots of small requests vs large data transfers?

I use a very similar setup, but haven't seen tinc CPU usage matter yet, though for very low traffic.