I did this with @pixeldreams.tokyo just as a fun project but it turned out to be extremely useful too!
This will forward everything above Layer 3, so no mDNS etc by default. You can use stuff like avahi for reflection etc but that's outside of the scope today.
Router A has a LAN of 192.168.1.0/24, router B has 192.168.8.0/24. Both run OpenWRT. Only one of the routers needs to have a publicly-accessible IP address for this. The goal is to have both subnets accessible to all devices connected to any of the routers.
Anyways, start by creating a new WG interface on both routers and generating new keys. Assign the IPs to the interfaces, we chose 10.0.1.2/24 for A and 10.0.1.8/24 for B but you can choose whatever works for you.
The keys can be generated with
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickeyif you're using the CLI
Then disable "Use default gateway" in advanced settings (why is this on by default???) and add your routers to each other's peers. Add the subnets you wanna to allowed IPs along with the aformentioned interface IPs to the allowed IPs list in the peer panel as well, and enable "Route allowed IPs" for them.
The persistent keepalive is needed if one of your routers doesn't have a static public IP so that they both can stay connected. Router B has it set at 25.
Also, don't forget to assign the interface to a firewall zone (I'd either use lan or make a new one depending on your tastes and goals)
Your final configs should look similar to this:
root@router_a:~# uci show network.@wireguard_wg_b[0]
network.@wireguard_wg_b[0]=wireguard_wg_a
network.@wireguard_wg_b[0].description='A'
network.@wireguard_wg_b[0].public_key='REDACTED='
network.@wireguard_wg_b[0].route_allowed_ips='1'
network.@wireguard_wg_b[0].allowed_ips='10.0.1.8/24' '192.168.8.0/24'
root@router_b:~# uci show network.@wireguard_wg_a[0]
network.@wireguard_wg_a[0]=wireguard_wg_a
network.@wireguard_wg_a[0].description='Connection to A'
network.@wireguard_wg_a[0].public_key='REDACTED='
network.@wireguard_wg_a[0].endpoint_host='REDACTED'
network.@wireguard_wg_a[0].persistent_keepalive='25'
network.@wireguard_wg_a[0].allowed_ips='10.0.1.2/24' '192.168.1.0/24'
network.@wireguard_wg_a[0].route_allowed_ips='1'
Restart both interfaces and you should be done, yay! :3
