This how-to describes the method for setting up WireGuard client.
========================================
Here we take 1803 (i.e. Falcon) as example.
The WireGuard server tested in this paper was created on Ubuntu 16.04.7 LTS.

1) make menuconfig and select "CONFIG_PACKAGE_wireguard-tools" and save your new configuration.
   make kernel_menuconfig and select "CONFIG_WIREGUARD" and save your new kernel configuration.
And then rebuild：make -j8 V=99

2) Key management
	Generate and exchange keys between server and client.

	# Generate keys
	wg genkey | tee /tmp/wgserver.key | wg pubkey > /tmp/wgserver.pub
	wg genkey | tee /tmp/wgclient.key | wg pubkey > /tmp/wgclient.pub

	WG_KEY="$(cat /tmp/wgclient.key)"	# Client private key
	WG_PUB="$(cat /tmp/wgserver.pub)"	# Server public key

3) Firewall
	Consider VPN network as public. Assign VPN interface to WAN zone to minimize firewall setup.

	# Configure firewall
	uci rename firewall.@zone[0]="lan"
	uci rename firewall.@zone[1]="wan"
	uci del_list firewall.wan.network="vpn"
	uci add_list firewall.wan.network="vpn"
	uci commit firewall
	/etc/init.d/firewall restart


4) Network
	Configure VPN interface and peers.

	# Configure network, WG_ADDR is the address of the WireGuard client,
	# WG_KEY is the private key of the WireGuard client generated in 2)
	uci -q delete network.vpn
	uci set network.vpn="interface"
	uci set network.vpn.proto="wireguard"
	uci set network.vpn.private_key="${WG_KEY}"
	uci add_list network.vpn.addresses="${WG_ADDR}"

	# Add VPN peers, WG_PUB is the public key of the WireGuard server generated in Ubuntu 16.04.7 LTS.
	# WG_SERV is the public IP address of the WireGuard server.
	# WG_PORT is the wireguard udp port you use.
	uci -q delete network.wgserver
	uci set network.wgserver="wireguard_vpn
	uci set network.wgserver.public_key="${WG_PUB}"
	uci set network.wgserver.endpoint_host="${WG_SERV}"
	uci set network.wgserver.endpoint_port="${WG_PORT}"
	uci set network.wgserver.route_allowed_ips="1"
	uci set network.wgserver.persistent_keepalive="25"
	uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
	uci commit network
	/etc/init.d/network restart



5) Testing
	Add the public key and IP address of the WireGuard client to server to establish the VPN connection.
	# WG_ADDR is the address of the WireGuard client
	# CLIENT_PUBLIC_KEY is the public key of the WireGuard client generated in 2), you can query it by "cat /tmp/wgclient.pub".
	sudo wg set wg0 peer "${CLIENT_PUBLIC_KEY}" allowed-ips "${WG_ADDR}"

	Use ping or traceroute to verify your WireGuard client can be accessed to server.