As far as I understand, wireguard is designed so that it can’t be portscanned. Replies are never sent to packets unless they pass full auth.
This is both a blessing and a curse. It unfortunately means that if you misconfigure a key then your packets get silently ignored by the other party, no error messages or the likes, it’s as if the other party doesn’t exist.
EDIT: Yep, as per https://www.wireguard.com/protocol/
In fact, the server does not even respond at all to an unauthorized client; it is silent and invisible.
OpenWRT tends to support devices longer and better than the OEM, but it depends on the popularity of the chipset inside the router.
Many different routers by different companies are almost identical internally, because they use the same chipset. Eg the RT-AC3100 seems to be a bcm53xx variant, of which OpenWRT supports a few dozen products. Support will probably only be dropped when every single one of those devices goes EOL and several years pass (ie no people left contributing/maintaining it and the builds break somehow).
Router chipsets can be very long lived. Many new devices use decade old chipset designs. Some chipset families have almost identical chips released every few years with slightly different peripherals, clocks & pinouts; but are supported by the same kernel drivers.
(This is all much better than the world of mobile phone hardware support. Maybe it’s because of different market pressures? Not to mention you don’t have a monopoly that benefits from keeping the hardware fractured. Imagine if people could make a competitor to Android that works across most devices out there)