Настроил на сервере с IP XXX.XXX.XXX.XXX wireguard. На роутере с OpenWRT поставил
kmod-wireguard luci-proto-wireguard wireguard wireguard-tools
# cat /etc/wireguard/wg0.conf
[Interface]
Address = YYY.YYY.YYY.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = AAAAAAAAAAAAAAAAAAAAAAAAAAA
[Peer]
PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBB
Endpoint = XXX.XXX.XXX.XXX:51820
AllowedIPs = YYY.YYY.YYY.1/24