I am in the process of switching from OpenVPN to Wireguard and so far everything but this issue have been smooth.
Previous setup:
OpenVPN Client: 10.0.0.2 and I had many other devices in that /24.
LAN: 10.1.0.0/24 and despite none of the traffic being router over VPN, I was able to access the devices on the OpenVPN's subnet.
Changes I made consists of setting up wireguard with the config below (which I copy pasted into WG interface), setting wireguard interface to same firewall rule OpenVPN used.
Issue now is, if I enable VPN PBR for lets say 10.1.0.10 that client is able to access 10.0.0.0/24 subnet absolutely fine. However without routing all traffic over Wireguard no other client in the LAN can, even the router cant ping 10.0.0.1 despite being connected to it.
If this is an Wireguard server, then you don't want to have allowed IPs 0.0.0.0/0, as that will route all your traffic to the WG interface.
Change it to 10.0.0.0/24,fd42:42:42::/64
Change the prefix lengths to 10.0.0.2/24,fd42:42:42::2/64
Router is a client and that configuration also belongs to it. I never thought about issue being on the WG side. So if I want to access 10.1.0.0/24 on a different device that is connected to the WG server (which runs on 10.0.0.0/24) I need to change allowed IPs on both server and client configs?
Consider the allowed_ips as an access list. You can send only to a destination address which belongs to that list and you permit received packets from addresses in that list.
In OpenWrt wireguard configuration you can enable or disable to add static routes for these allowed IPs.
In native wireguard configuration, which I suppose you are using, you need to add Table = off in the interface section to disable the route creation.
Coming back to the configuration, for the client you need at least: