For your points:
a) We handle host discovery via the Netmaker server
b) We do NAT hole punching with our own implementation on the server
c) Yup, we do this too
d) No ACL's yet, but this is coming in the Enterprise version
e-f) We don't have a SaaS version at this point, but server deployment takes about 5 minutes, can be run on a $5/mo VPS, and uptime has been production level in our tests.
Router is obviously preferable when routing to LAN but is harder to support. If it's FreeBSD or OpenWRT, go router, but otherwise a client on a Linux node works fine as a router.
This is definitely geared more towards servers/VM's etc, but does work on Laptops as well. We have Windows support and you can even loop in your phones.
We do actually have a docker image for the client. We're not strictly tied to the kernel version of WireGuard, and you can use userspace wherever it is a necessity.
Router is obviously preferable when routing to LAN but is harder to support. If it's FreeBSD or OpenWRT, go router, but otherwise a client on a Linux node works fine as a router.
This is definitely geared more towards servers/VM's etc, but does work on Laptops as well. We have Windows support and you can even loop in your phones.
We do actually have a docker image for the client. We're not strictly tied to the kernel version of WireGuard, and you can use userspace wherever it is a necessity.