To install wireguard do:
opkg update
opkg install kmod-wireguard wireguard-tools
If you get errors like this:
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for kmod-crypto-lib-blake2s found, but incompatible with the architectures configured
* pkg_hash_fetch_best_installation_candidate: Packages for kmod-crypto-lib-chacha20 found, but incompatible with the architectures configured
* pkg_hash_fetch_best_installation_candidate: Packages for kmod-crypto-lib-poly1305 found, but incompatible with the architectures configured
* pkg_hash_fetch_best_installation_candidate: Packages for kmod-crypto-lib-chacha20poly1305 found, but incompatible with the architectures configured
* pkg_hash_fetch_best_installation_candidate: Packages for kmod-crypto-lib-curve25519 found, but incompatible with the architectures configured
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-wireguard:
* kernel (= 5.4.102-1-c35b4a8fb802d19ed524238972acff38)
* opkg_install_cmd: Cannot install package kmod-wireguard.
Then that means you are running an old snapshot. You will not be able to install kernel modules if your running snapshot version is not in sync with the latest snapshot version. From the OpenWRT wiki:
snapshots are built daily, and that sets time limits to installing new packages with opkg. Due to kernel version checksums, you can only install “kmod” kernel modules and other kernel version dependent modules from the exactly same snapshot build. So, a few hours after flashing the firmware you may not be able to install new modules with opkg any more (as the next snapshot has been built into the download repo and has different checksums). from https://openwrt.org/releases/snapshot
If you later need to install more kernel modules there is a nice complete guide here or you can use the following quick guide.
Make sure to download the correct image for your router! The following assumes you are using the Xiaomi Redmi AC2100.
On the router:
cd /tmp
# Download sysupgrade image
wget https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-xiaomi_redmi-router-ac2100-squashfs-sysupgrade.bin
# Get the checksums file
wget https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/sha256sums
# Calculate the checksum for the downloaded file
sha256sum openwrt-ramips-mt7621-xiaomi_redmi-router-ac2100-squashfs-sysupgrade.bin
# Show the correct checksum from the file
grep openwrt-ramips-mt7621-xiaomi_redmi-router-ac2100-squashfs-sysupgrade.bin sha256sums
# Manually verify that the two checksums are identical.
# Run the upgrade
# Do _not_ unplug or reboot the router during the upgrade
sysupgrade -v openwrt-ramips-mt7621-xiaomi_redmi-router-ac2100-squashfs-sysupgrade.bin
If you get errors like this:
Device xiaomi,mir3g-v2 not supported by this image
Supported devices: xiaomi,mir3g-v2 - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA
Then this is likely because OpenWRT recently switched from using swconfig to using DSA. This means there is no way to upgrade without losing some of your configuration. Specifically the part the controls the built-in ethernet switch. Take a manual backup of your /etc/config directory before proceeding. The upgrade should otherwise work fine if you add --force to the sysupgrade command but note that you do risk bricking your device so proceed at your own risk. I had to do this when upgrading a xiaomi_mi-router-3g-v2 and it worked for me.
After the router reboots itself do:
opkg update
opkg list-upgradable
If there are any upgradable packages you may want to run opkg upgrade <packagename> for each of them.