Disclaimer: Total noob here!
I have setup WireGuard on a TP-Link Archer C60 router running OpenWRT v21.02.0. I can connect to the VPN and ping all of the devices (I can even login to the camera's web interface), but I can't see the cameras' streaming whatsoever, it gives me a timeout/port error.
I have lowered the MTU to 1280, but still can't see the streaming.
Thanks for your patience 
Can you elaborate on the connection between your camera and router? Is it connected via wired ethernet to your router, etc.?
Try to enable masquerading on the firewall zone which the cams are connected to.
Sorry, I forgot some details. The camera is connected via ethernet cable in on of the LAN ports of the router. Is an Amcrest IP2M-841. It can work with IPv6, but my ISP doesn't support it (and I really don't understand IPv6 yet, so I guess it's okay). It has PTZ capabilities and I am able to hear, as well as send audio to it. All those features work fine while connected to any Wi-Fi network through the WireGuard VPN, but as soon as I'm connected with 4G/LTE, it doesn't work. My modem is in bridge mode, and the WAN interface works with a PPPOE configuration. The LAN interface is set to 10.x.x.1 and the IP camera has 10.x.x.50.
There is no need to redact/obscure RFC1918 addresses. Are you using just a single LAN or do you have multiple networks/VLANs?
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
The WireGuard interface uses the same firewall zone as the WAN interface. I enabled masquerading, but it didn't work 
The WG interface should be either part of the lan zone or on a separate zone, depending on your trust level of the VPN tunnel.
Here's the output of the commands:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdca:ae32:3c52::/48'
config interface 'wan'
option device 'eth1'
option proto 'pppoe'
option username 'xxx'
option password 'xxx'
option ipv6 'auto'
option peerdns '0'
list dns '45.90.28.167'
list dns '45.90.30.167'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.12.20.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0t'
config interface 'wg0'
option proto 'wireguard'
option listen_port '12345'
list addresses '12.10.20.1/24'
option private_key 'xxxx'
option mtu '1420'
option delegate '0'
config wireguard_wg0
option description 'Android device'
option route_allowed_ips '1'
list allowed_ips '12.10.20.2/32'
option preshared_key 'xxxx'
option public_key 'xxxx'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wg0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'WireGuard'
list proto 'udp'
option src 'wan'
option src_dport '9600'
option dest 'lan'
option dest_ip '10.12.20.1'
option dest_port '9600'
config rule 'wg'
option name 'WireGuard'
option src 'wan'
option proto 'udp'
option target 'ACCEPT'
Okay, I'll search how to create a separate firewall zone for the VPN. Thanks for the tip!
is this your actual address in here, or did you obscure this? You should not be using non-RFC1918 addresses.
These are wrong.
It should look more like this:
config rule
option name 'Allow-Wireguard-Inbound'
list proto 'udp'
option target 'ACCEPT'
option src 'wan'
option dest_port '12345'
Yeah, that's the LAN address. I put the x's because sometimes I can't remember it and change the digits. Sorry about that.
just to be clear, what is the WG interface address/subnet?
I just inverted the LAN address and put 12.10.20.1/24
You can't use that reliably. You should only use RFC1918 addresses.
Okay, I have a port forward rule which I created from a video tutorial, and also a traffic rule for the which I copied from the OpenWRT wiki. I don't know which one is better to use?
PD: Please, don't get mad. I'm still new to this.
Isn't 10.x.x.x an RFC1918 address? I thought I shouldn't use 192.168.x.x.
Remove two firewall rules I called out and add in the one I provided. If you're creating it via LuCI, you'll see it in Traffic Rules.
10.x.x.x is indeed RFC1918. You said that you inverted the LAN and made it 12.10.20.1/24 on the WG interface -- if this is the case, it is not valid -- it is not an RFC1918 address.
If you are using 10.12.20.1/24 on the WG, this is also not valid because it overlaps with your LAN network. you must use a different subnet. You could make it 10.12.21.1/24 if you wanted.
Oh, you are right! Thanks for pointing that out. I'll change it right away! Do you think that's something to do with the problem of not being able to see the camera's streaming?