Hi there - I've been using the excellent guidance at https://openwrt.org/docs/guide-user/services/vpn/wireguard/client to configure OpenWrt 18 with WireGuard from a client perspective. All works well there, so I've pushed on and can even get things working using network namespaces.
Where I'm a little perplexed is whether UCI allows me to express ip netns configuration, or whether I must go through the ip netns based approach as described by https://www.wireguard.com/netns/#ordinary-containerization. If I can take the UCI approach then an example would be great.
After a day of thinking on this, I've concluded that UCI network configuration doesn't cover off network namespaces, and that I've actually got to configure the namespace on each reboot anyhow. Here are the commands I ended up using in case this helps someone:
ip netns add container
ip link add wg0 type wireguard
ip link set wg0 netns container
ip -n container addr add 192.168.9.2/32 dev wg0
ip netns exec container \
wg set wg0 \
listen-port 51820 \
private-key ./wgclient.key \
peer <some-endpoint-public-key> \
allowed-ips 0.0.0.0/0 \
endpoint <some-endpoint>
ip -n container link set wg0 up
ip -n container route add default dev wg0