I am surprised how easily WireGuard can be blocked by firewalls. Changing port does not help, as they might be using some kind of deep packet inspection.
Is there any solution for this on OpenWrt? I saw a project named udp2raw but looks like it is not available on OpenWrt repository.
Shadowsocks could help, but you might want to experiment first to see if you can use wireguard without such a solution first, as things like shadowsocks and udp2raw add overhead. It would help if you could give us more details about what difficulty you're up against exactly.
Some things you can try:
If you are dealing with a firewall or nat that is aggressive about releasing the port bind, try setting wireguard's persistent_keepalive to a lower value. The default is 25 seconds, but some cgnats can release the bind in as little as 10 seconds. Also, it is possible to bypass a nat if you can use ipv6.
If you are dealing with some corporate firewall that doesn't like udp applications, you could try using udp port 53. As long as the firewall doesn't check the payload for a well-formed dns message or restrict the destination ip, there's a good chance you can get through. Other udp ports you can try are 123 (ntp) and 443 (quic).
If you are dealing with government censorship such as the great firewall of China which tries to prevent the smuggling of counter-revolutionary propaganda over udp, then something like shadowsocks or udp2raw is probably what you will have to use.
I don't have a 22.03 openwrt so I tested it on alpine linux with nftables. The same iptables rules works.
With nftables, iptables is a symbolic link to a nft variant, xtables-nft-multi. Looks like it has no problem recognizing legacy iptables rules. The kernel code also works regardless userland is legacy iptables or nftables.
Back then I built it for 22.03 rampips, but didn't have a 22.03 device to test. I built and tested it on a 19.07 device though.
Anyway, I downloaded the 22.03.3 x86_64 SDK and got a VM to test. It builts OKAY and runs OKAY. Pre 22.03 there was /etc/firewall.user to run custom firewall script. With fw4, /etc/firewall.user is gone, however, the legacy iptables command is still there with default 22.03.3 installation. To use it, ssh into openwrt, manually execute two iptables command to add two rules to mangle table, as describe in xt_wgobfs readme.
I really think you may wanna finish getting this officially added. It's really hard to guess what steps you intend version 22.03.x users to perform to make it work.
It is in x86_64 version of 22.03.3, or installing the two ipk packages pulled iptables as dependence. The kernel module is automatically loaded during my test. And yes, use these two iptables command as in https://github.com/infinet/xt_wgobfs#usage.
I had to setup a connection for someone on low end Broadcom equipment and he needed the speed of WireGuard vs OpenVPN.
WireGuard was blocked by the ISP.
I used DDWRT to set this up as DDWRT has the ability to use obfuscation out of the box via the GUI:
But it must be possible to use it also for OpenWRT
Yes it is, you must have missed the rest of the thread:
the developer only makes it available for OpenWrt for x86_64
The developer of the software you linked is one of the posters and responders in this thread
Developer says they did indeed compile, test, etc. on OpenWrt
Developer explains how
Developer has not further explained if they want to make it compatible with a default user experience or simple install/setup methods of OpenWrt's package repository, etc.