I use a similar setup. The VPN is needed because it is the only port accessible outside my network. Wireguard is easy to setup right, and I already need it for accessing other stuff on my home network.
If I understand GP correctly, the goal is to SSH into an RPi on a home network. Since they mention DDNS, it's implied that they're connecting directly to their home router. What I'm saying is why not port forward directly to the RPi?
I use a similar setup. The VPN is needed because it is the only port accessible outside my network. Wireguard is easy to setup right, and I already need it for accessing other stuff on my home network.
Wireguard needs an endpoint
If I understand GP correctly, the goal is to SSH into an RPi on a home network. Since they mention DDNS, it's implied that they're connecting directly to their home router. What I'm saying is why not port forward directly to the RPi?
Yes you are right. If just connecting to the Pi, port forwarding is fine (and I use this).
When adding more devices at home (IP cameras etc.) and not connecting just to the Pi then the Wireguard VPN comes in.