I was looking for a way to quickly access the router from the phone either web or ssh. I tried Wireguard but the peer was never able to connect. My IP is CGNat'ed so port forwarding form WAN is no go either. I tried tailscale and was pleasantly surprised how easy it was to get it up and running though you are limited to 3 devices for the Free plan. What i didn't like is the high RAM usage at almost 50MB and 30MB of disk space with all the relevant dependent packages. The disk space is not yet a problem but the RAM is.
I wonder if anyone who has tried this package get similar RAM usage more important if there is an alternative package (hopefully near as simple) that you would recommend for the above.
If you have IPv6 connectivity, that might already be good enough to run plain wireguard over IPv6(-only as the tunnel endpoint/ gateway address). This approach works (well enough) for me, national 4g/ 5g services do have IPv6 (around here), international roaming might not - guest WLANs/ hotspots generally do not.
I haven't tried it myself, but there is an open source re-implementation of Tailscale called Headscale. I also can't find definite information if it works on OpenWRT, if you have a spare Pi around it will definitely work on that. I don't know if you still need at least once device that has a public IP running it, the documentation isn't too clear.
I had the same problem with mem consumption. Tailscale is the only one that can open connections through NATs without many problems.
You can replicate something similar using Netbird + upnpc, which will save memory (Netbird uses kernel wireguard), but Netbird is still a heavy Go binary.
If your router has at least 256MB RAM, I recommend editing /etc/init.d/tailscale to add the GOGC env var, which makes Tailscale consume less RAM.
Example:
# Starting with v1.48.1 ENV variable is required to enable use of iptables / nftables.
# Use nftables by default - can be changed to 'iptables' in tailscale config
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode" GOGC=10