simplest tool to backup to Google drive

Without the need for versioning, I think rclone fits the description. For backup into USB drive / remote SSH server I would recommend rsync.

Wireguard config already includes “::/0”

That is what I was thinking, yes.

In my case just disable IPv6 in WiFi is enough.

sysctl looks like the most universal way.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

I tried the same setup with Ubuntu 24.04.1 desktop live system and I can replicate this IP leak issue, I guess I will have to disable IPv6.

Do you have ::/0 as an Allowed IPs entry in the Wireguard peer configuration on the laptop?

Yes it’s in config, The line is AllowedIPs = 0.0.0.0/0, ::/0, but looks like it doesn’t prevent IP leak.

You setup Wireguard server on the VPS with both IPv4 and IPv6. Then you connect both your computer and IPv6-only server to the Wireguard server. After connection, you can connect to the VPN through IP address assigned by wireguard.

Personally have good experience with https://github.com/Nyr/wireguard-install, there are other script that are available by searching “wireguard setup script github”.

Note: By default Wireguard config generated will route every bit of traffic through Wireguard (which will be slower and probably not wanted in this situation), to change that change AllowedIPs field in Wireguard config, lets say all your machines are assigned 1.2.3.xxx as IP address, to only access other 1.2.3.xxx IP through wireguard, change the config to AllowedIPs = 1.2.3.0/24.

Host a website that needs to be accessible from your own machine or public?

Former situation: Can be solved by setup reverse proxy on the other VPS, or join machines to a VPN server (like tailscale, Zertoier or Wireguard server)

Later situation: Cloudflare or other CDN, setup reverse proxy on the other VPS.

Less accessible option but available for public: Tor or I2P

Great, if you need to SSH into Ipv6 only machine, SSH has -J flag which can be used to specify “jump host” (basically run SSH through SSH)