wg-quick script is not installed on the router by default. I doubt it can work.
You can run commands manually to start udp2raw program, before or after enable wiregurd will work.
- Wireguard server(445 is TCP listen port to accept remote connection, 51820 is wireguard server listen port) :
sudo -g nonevpn ./udp2raw_arm -s -l 192.168.10.160:445 -r 127.0.0.1:51820 -k "W0ee0z6/rcwql8ZNRLP1GQQiYDOxRHzSIIkp+xLhcyY="
- Wireguard client(51820 is listened by udp2raw to accecp connection from wireguard client, 445 is the remote TCP server):
sudo -g nonevpn ./udp2raw_arm -c -l 127.0.0.1:51820 -r 192.168.10.160:445 -k "W0ee0z6/rcwql8ZNRLP1GQQiYDOxRHzSIIkp+xLhcyY="
The wireguard client config is like this.
Only Endpoint option is modified to adapt udp2raw usage.
[Interface]
Address = 10.0.0.2/24
PrivateKey = uO9HGgNOl/pS57VPQkD/A8ng41ttrT3wnjHDK/pZ9Ew=
DNS = 64.6.64.6
MTU = 1200
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 127.0.0.1:51820
PersistentKeepalive = 25
PublicKey = WGhD4/sMyr1c932GdA+mmDjO/Tr9BArkGoY9txLE71Q=
Notes of the command:
- adding “sudo -g nonevpn” is to mark udp2raw traffic to not use VPN, for the purpose of avoid route loop.
- I removed the original -a parameter in the guide, Because I found it add drop iptables rule, that should be a bug.
WireGuard Over TCP | Pro Custodibus
So manually opening port 445 at the server firewall is necessary.