I have followed the basic setup steps for wireguard described at https://openwrt.org/docs/guide-user/services/vpn/wireguard/basic On two of my routers it works fine. On the third one it did until a few days ago, when I made some changes (created a second wg device). After that, communication was totally blocked. The router wouldn't even accept packages from any local device. I couldn't SSH to it anymore, not even ping it. Strangely, and fortunately, the web interface could still be reached. So I restored a backup of the config from before I had made the changes, but as soon as I had reinstalled the wireguard packages, the same would happen. I have no idea what's going on. I turned on logging for the LAN firewall zone, but I don't see any notices of rejected packages either (does it report only rejected or also dropped packages when you turn on logging through LUCI?)
The repeatable way of blocking all traffic between the LAN and the rest of the world is to add the wg0 device to the lan firewall zone, then restart the firewall and the network services. After that, everything is reliably blocked, and I don't see the slightest hint in the log as to why this might be the case. Does anyone have any suggestion?