Some people install Tailscale/Wireguard in its own jail using host networking
Others run it in host mode
Others add the right caps
