Exploratory work on using DERP (Designated Encrypted Relay for Packets) servers as the transport mechanism instead of UDP. You may find miniwg also useful.
WireGuard is fantastic but it requires a direct UDP connection between peers. You may run wg in environments where UDP is completely blocked. Yes, you could add NAT/Firewall traversal techniques but what will always work is using a DERP server to route the traffic (at the cost of network performance).
There is currently a lot of exploratory work in userspace but you have a working version of a sidecar (stanza) which you can use to send your wg traffic over DERP. You just need to run the stanza process and point your wg configuration to use stanza instead of the peer endpoint.
Still under heavy development but I wanted to put it out there to get feedback. It is already functional and useful.
This project also includes a WebAssembly implementation that runs WireGuard entirely in the browser using DERP as transport. It is broken and I am still trying to figure out what is going on.
In my tests I am using Tailscale's DERP servers. Tailscale has rate limits and other techniques to avoid abuse. Be respectful and consider running your own DERP server if you are going to send a lot of data.
Tailscale is great, the folks are good people and you should consider using them.