Im not using cloudflare, but I had to add docker container IP to trusted proxies in homeassistant config to allow connection from different domain. This might even not be related to your question, but might be helpful idk
Wireguard client is so simple to setup, just scan QR code and you can toggle it on/off with a button. Or you can copy paste few lines of config if you cant scan. Just check wireguard app for whatever OS you need (iOS, Android, Windows, Linux), it cant be more simple IMO
I dont have wifi SS but I do have another pair with micro usb port. I got magnetic micro usb cable since i forget im on charger when leaving table. You can plug in tiny peace and then just place cable close enough. Bit off topic but might be useful