Note: Added update 10/11/23

Hello all, one of my YT viewer advised me that there's still no guide about WireGuard with Omada so I am posting one here.  I also made a step-by-step guide video, you can find the configuration starting at Part 4  (the video has more info as it also covers ACL and InterVLAN). Find more info about WireGuard  at wireguard dot com. Download their client at wireguard dot com /install/

Please refer to your hardware's release notes if your system is supported.

Hardware tested :

• ER-7206 v2 with v1.3.x (or higher) firmware
• OC-300 with v5.9.x firmware

Update 10/11/23:

Supported Hardware

• ER-605 v1 does not support Wireguard. May never get this added since OG ER-605 is EOL :(
• ER-605 v2, ER-7206, ER-8411 - I personally have tested and works
• Other Gateways, please refer to their latest firmware for Wireguard support (high chance it is supported)

TP Link's VPN Clent (Includes Wireguard, OpenVPN, etc in one Client)

* There is a VPN Client for Windows released by TP Link which is much simpler to use.

End of Update 10/11/23

Note:
WireGuard supports many hardware and Operating Systems. But for this guide, I am only going to use Windows 10 Operating System for Client with ER-7206 as Server/interface.

Pre-requisites:

1. WAN IP or FQDN pointing to WAN IP
2. WireGuard Client installed

High Level Steps:

1. WireGuard Interface (server) Set Up (Omada)
2. WireGuard Client Set Up (Windows)
3. WireGuard Peers (client) Set Up (Omada)

WireGuard Interface (server) Set Up (Omada)

1. Settings > VPN > WireGuard
2. Click "+Create New WireGuard" 
3. Enter "Name:" i.e. wg0
4. Use your an unused LAN IP to fill up "Local IP Address"
5. Click "Apply" 
6. Copy the "Public Key", save it to text editor

WireGuard Client Set Up (Windows)

1. Launch your WireGuard client
2. Click "Empty Tunnel"
3. Give it a name i.e. OmadaWGS
4. Copy the "Public key" string that is just under the "Name" of the tunnel, save it to text editor
5. Under [Interface]
   1.  "PrivateKey" = Do not modify
   2.  "Address" = Add unused PrivateIP in CIDR format i.e. 10.1.1.1/24
   3.  "DNS" = Add well known public  i.e. 1.1.1.1 or 8.8.8.8
6. Under [Peer]
   1. "Public Key" - Enter the value copied in "Step 6" of the WireGuard Interface Set Up
   2.  "AllowedIPs" = use 0.0.0.0/0, ::/0
   3.  "Endpoint" = Use FQDN and/or WAN IP with :51820 port i.e. 172.20.110.102:51820
7. Save

WireGuard Peers (client) Set Up (Onada)

1. Settings > VPN > WireGuard > Peers
2. Give it a "Name" i.e. RemotePC
3. Select the "Interface" from the drop down
4. In "Allow Address" field, enter the same IP you entered in "Step 5.2" of the WireGuard Client Set Up with /32 (single IP) or /24 (subnet IP)
5. In "Public Key", enter the value copied in "Step 4" of the WireGuard Client Set Up
6. Click "Apply"

Testing:

1. Click "Activate" on the WireGuard Client.
2. In Omada, go to Insights > VPN Status > WireGuard VPN

For reference, below is how I have my lab set up in my video guide.

Happy hunting!