Is staying a KMP an issue?

You are right.
Presently, in openSUSE 15.1 it is implemented as KMP (DKMS?), but the KDE NetworkManager is not yet up-to-date to support it. So one would have to setup all via CLI.
But in openSUSE 15.2, the newer NetworkManager (with integrated wireguard-setup-support) should be used and therefore I would assume that easy wireguard-management should work, even as KMP.

On the other hand: If wireguard is properly backported to older kernels, the chances might be higher, that wireguard will be implemented in existing / running devices like Firewalls.
The better the implementation and the wider the spread of wireguard, the better for us.

KMP just means that the module is compiled and loaded using dkms kernel interface, the interface towards the userspace should be the same.

It should theoretically work when you update NM, but as all things NM, it may fail horribly too, in any case it's NM fault.

That's somewhat unlikely as most hardware is not using upstream kernels anyway but some random fork.
Apart from NXP SoCs where the firmware SDK is an up-to-date OpenWrt so they support this already (see below).

That said, they can use a userspace daemon to do that too (as they do with all other VPNs), and it's still ridicolously faster than stuff like OpenVPN.
It's already used in this way by some VPN vendors https://www.veeam.com/powered-network.html

OPNSense (a FreeBSD-based firewall distro that is less strict than pf-sense) uses this too https://wiki.opnsense.org/manual/how...rd-client.html

And OpenWrt (A Linux router/firewall/wireless/embedded) distro has merged the wireguard patches since a long while and added support for it to its web interface https://danrl.com/blog/2017/luci-proto-wireguard/

You can already use on 5.4. Just get the patch and compile: https://github.com/clearlinux-pkgs/linux?files=1

Yes, but I had more "professional" Firewalls in mind. The likes of ZyXEL ZyWALLs, Fortnet Fortigates, SonicWalls, etc.

But hopefully, they soon also upgrade their OS's to support wireguard.

Thanks. but No. I am an (advanced) user but not that advanced. Could educate myself to do it, but:
The system in question is my production notebook, heavily used "everywhere", with lots of fine tuning to run fine.
I choose openSUSE LEAP for stability purpose.
And even there I had some hassle to get RemoteDesktop to a virtualized machine (through a VPN connection) working - using Remmina. Because every other update from either Remmina or freeRDP was again breaking my system. Now it runs stable for about 7 months.
It was also a challange, to get all the different NAS' and Fileservers properly running with automount.

I could use a newer than the LEAP 15.1 standard kernel (4.12.x) from the appropriate repository.
Or use openSUSE Tumbleweed. But chances are much higher to run into some hickups.

So I try to stick as close as possible to the standard repositories and don't add other repos when not necessary. (As doing a while to get Remmina/freeRDP working.)

And as starshipeleven mentioned / indicated in #13, openSUSE 15.1 already runs fine wireguard with KMP / DKMS. (Except the missing NetworkManager GUI integration, due to older KDE Plasma Version.)

As I said, having Wireguard in mainline kernel is completely irrelevant for them as all VPNs they already offer (OpenVPN and IPSec for example) are userspace applications and there is a Wireguard client/server application too they could use since 2017 at the very least.

For the more "businness-y" products the consensus seems to be that Wireguard isn't significantly faster/lighter than IPSec with AES-NI acceleration (and all their hardware supports that as it's a bigass rack with Intel CPUs inside) and it is also not yet out of beta (which is true, they didn't yet reach a "release" status) therefore they don't care much.

I assure you that it is faster and easier than doing all that you said.

Hey, Tumbleweed is not that bad. I've yet to get any significant breakage in around 2 years I installed it. At most I get some "papercuts" but nothing that breaks desktop or applications.

Then again I don't use Remmina or FreeRDP but commercial applications like TeamViewer and VMWare, I would say that the distro can't fix it if upstream sucks.

Install gentoo