Very different solutions.

• DuckDNS: you expose your HA to the internet like a public website and register it’s address with DuckDNS so you can look it up.
• Wireguard: you VPN to inside your firewall and can access anything on your private network.

Wireguard all the way. Exposing just a VPN endpoint that can’t be connected to without the right cryptographic keys is a much more secure and maintainable attack surface.

BTW I assume that’s what you meant by “DuckDNS”. Using that service is orthogonal to making HA visible externally, but is (I think) the common pairing.

• Slurm cluster
• MPI development

Trademark infringment suit coming in 3…2…1…