So is this for the ability to have encrypted internet access for all of the devices using the router? Is the wireguard connecting to a VPN provider server? If it is one tunnel only, don’t you lose all internet access if the tunnel goes down?
I have an ER707-M2 along with the OC300 controller.
I have the same needs as you but a different approach was taken. I wish I could use openvpn but as far as I understand that protocol won’t work properly for this.
My need was to have outgoing internet access with encryption for all the devices, but to be able to turn on and off the encryption for each device, and also to utilize a number of VPN tunnels at the same time to avoid losing all connectivity when a tunnel goes down. This is all done through routing policies and the different devices grouped and also the multiple VPN tunnels grouped.
I wanted to do this using the best possible secure protocol, which from what I can tell is openvpn which can also allow you to in its configuration make some URLs not through the VPN and other URLs go through the VPN - so for example certain banking websites or other IRS tax websites things like that that you cannot be using a VPN for Access could still be used…
Unfortunately I learned that OpenVPN tunnels are configured only when established by the server end so it is impossible to have routing policies to change things from the client end. From what I understand from TP-Link, if you wanted separate OpenVPN tunnels, each would have to be on a separate vlan (and the devices to utilize such would have to be on those vlans).
The next best and only other protocol that I could find would ‘fit the bill’ was L2TP/IPSEC.
So I signed up with two VPN service providers (that offer L2TP/IPSEC - many do not these days) - both of which also don’t have their headquarters in any nine-eyes country, and then set up 5 VPN client tunnels in different cities worldwide with each VPN service provider that is not in any nine eyes country. I also selected cities which are also in non-corrupt and stable countries.
Once I had my devices in groups then I set up routing policies for the devices where any of those policies can contain all 10 (or any number) of the VPN tunnels (each policy can have many to many connections).
The VPN server connections do go down from time to time, but that’s only 2 or three at a time, never all 10 of course. So not only is my connection secure, but running a browser showing whoer.net of whatismyip.com, hitting refresh will show my location changing as the tunnel that responds first to the request responds 
I would like to be able to use a more secure newer faster protocol, or a better way of doing things but this seems to be fairly stable now… I’d love to figure out how to do this with OpenVPN instead… Your thoughts?