Native WireGuard support in ChromeOS?

[nexsteppe 23]

Has anyone had success setting up native WireGuard for AirVPN on ChromeOS?
Following these steps using values from AirVPN-generated WireGuard configs produced what appeared to be a complete profile but attempting to connect immediately failed with an error -126 (whatever that is) on the current Stable channel release (15183.69.0), and I am not acquainted enough with ChromeOS to know how to troubleshoot further.
The Chromebook I was tasked with setting up is not to have any Play Store (Android) or Crostini (Linux) apps, hence the strong preference for built-in support.

[nexsteppe 23]

I'll follow this up in case this helps even one person, because it proved annoying and more broken than expected.
A new profile created using the wireguard command in crosh will fail because it doesn't set a working subnet address, and it appears it is not actually possible to set a subnet mask or CIDR for the interface with the wireguard command currently included with ChromeOS.  Sigh.
So the better way to make a new WireGuard profile is to use the Built-in VPN config (Settings), since you can at least set the subnet mask.
However, any keepalive value set with Built-in VPN isn't saved to the profile, so you must use the wireguard command (in crosh) to set the persistent-keepalive value.
With this, I was able to finally create a working WireGuard connection to AirVPN.

But there are two big caveats:
1) Unlike the native OpenVPN support in ChromeOS, the native WireGuard support does nothing for IPv6, leaving you completely exposed on this side if your connection supports it.
2) If WireGuard defaults to an MTU too large for your connection and you need to set a smaller value, you're currently screwed.  You can't set the MTU with Built-in VPN.  You can set the mtu value with wireguard in crosh, but the subnet mask set earlier with Built-in VPN gets erased.  If you set the MTU in crosh then re-set the subnet mask from Built-in VPN, the mtu value then gets erased.  Sigh.

In summary, native WireGuard support in ChromeOS (as of 15278.64.0 Stable) isn't fit for use, yet.  You're better off installing Eddie or another Android app via Play Store if you really want to use WireGuard on ChromeOS right now.  Since we were looking to avoid enabling ARCVM or Crostini, this is a non-starter so we will stick to native OpenVPN even if it does not currently offer any way to enable tls-crypt.  (In other words, you'll need to pick an Entry IP of 1 or 2 when using the AirVPN Config Generator for ChromeOS until this is addressed by Google.)

[nexsteppe 23]

As of latest Stable channel release (15474.61.0), the Built-in VPN config and the crosh wireguard command no longer respectively erase the mtu and subnet mask values when making changes to a WireGuard profile.  In short: A useable native WireGuard connection to AirVPN is now possible by using the Built-in VPN config to create a new WireGuard profile, then using the crosh wireguard command to set the mtu and persistent-keepalive values for that profile.
However, the issue with IPv6 "leaking" through your provider remains if your connection support it.  Oh-so-close...