How to access VPN via WiFi without config change

What I am trying to do is to access local VPN (ncserv) while connected through WiFi, at client side the WAN IP is set as the VPN server ip, is it a way to access the VPN without change the server ip?

My WiFi is at 172.10.3.0/24 (2.4 G) and 172.10.4.0/24 (5G), and VPN is at 10.100.3.0/24. For now when I come home from outside to get the WiFi connection, the VPN must have to be disconnected first, before I can get the home WiFi.

The ideal situation would be, when I got home, the WiFi connected automatically while sill connected to the VPN.

Could you post here the network, dhcp, wireless, firewall, and VPN server and client configs?
uci export network; uci export dhcp; uci export wireless; uci export firewall

Here are the configs I am currently use:
dhcp

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option limit '100'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'guest0'
        option start '100'
        option limit '150'
        option interface 'guest0'
        option leasetime '1h'

config dhcp 'guest1'
        option start '100'
        option limit '150'
        option interface 'guest1'
        option leasetime '1h'

network:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd10:f8f4:959b::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config interface 'guest0'
        option proto 'static'
        option ipaddr '172.10.3.1'
        option netmask '255.255.255.0'

config interface 'guest1'
        option proto 'static'
        option ipaddr '172.10.4.1'
        option netmask '255.255.255.0'

config interface 'vpn'
        option ifname 'vpns+'
        option proto 'static'

wireless

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'US'
        option channel '157'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option network 'guest0'
        option key 'xxx'
        option ssid 'xxxx'
        option encryption 'psk2+ccmp'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
        option country 'US'
        option channel '6'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option network 'guest1'
        option key 'xxx'
        option ssid 'xxxxx'
        option encryption 'psk2+ccmp'

firewall

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config zone
        option network 'guest0'
        option forward 'REJECT'
        option name 'guest0'
        option output 'ACCEPT'
        option input 'REJECT'
        list device 'wlan0'

config zone
        option network 'guest1'
        option name 'guest1'
        option output 'ACCEPT'
        option input 'REJECT'
        list device 'wlan1'
        option forward 'REJECT'

config forwarding
        option dest 'wan'
        option src 'guest0'

config forwarding
        option dest 'wan'
        option src 'guest1'

config redirect
        option dest_port '13761'
        option src 'wan'
        option name 'eMule TCP Incoming'
        option src_dport '13761'
        option target 'DNAT'
        option dest_ip '192.168.1.224'
        option dest 'lan'
        option proto 'tcp'

config redirect
        option dest_port '25624'
        option src 'wan'
        option name 'eMule UDP Incoming'
        option src_dport '25624'
        option target 'DNAT'
        option dest_ip '192.168.1.224'
        option dest 'lan'
        option proto 'udp'

config rule
        option dest_port '53'
        option src 'guest0'
        option name 'Allow Guest0 DNS'
        option target 'ACCEPT'
        option proto 'tcp udp'

config rule
        option dest_port '53'
        option src 'guest1'
        option name 'Allow Guest1 DNS'
        option target 'ACCEPT'
        option proto 'tcp udp'

config rule
        option src_port '67-68'
        option src 'guest0'
        option name 'Allow Guest0 DHCP'
        option target 'ACCEPT'
        option dest_port '67-68'
        option proto 'udp'

config rule
        option src_port '67-68'
        option src 'guest1'
        option name 'Allow Guest1 DHCP'
        option target 'ACCEPT'
        option dest_port '67-68'
        option proto 'udp'

config zone
        option network 'vpn'
        option name 'vpn'
        option output 'ACCEPT'
        list device 'vpns+'
        option input 'REJECT'
        option forward 'REJECT'
        option family 'ipv4'

config forwarding
        option dest 'wan'
        option src 'vpn'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'vpn'
        option src_dport '443'
        option name 'VPN Forward'
        option dest_port '4443'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port '443'
        option name 'vpn'
        option family 'ipv4'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '443'
        option name 'vpn'
        option family 'ipv4'

config rule
        option dest_port '53'
        option src 'vpn'
        option name 'Allow VPN DNS'
        option target 'ACCEPT'
        option family 'ipv4'

And the VPN configuration?

Right, here they are:

root@OpenWrt:~# cat /etc/config/ocserv

config ocserv 'config'
        option dpd '120'
        option max_clients '8'
        option max_same '2'
        option enable '1'
        option zone 'lan'
        option auth 'plain'
        option ipaddr '10.100.3.0'
        option netmask '255.255.255.0'
        option compression '1'
        option default_domain 'lan'
        option split_dns '1'
        option _ca '-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
'
        option port '4443'

config ocservusers
        option name 'xxx'
        option password 'xxxxxxx'

config dns
        option ip '10.100.3.1'

config dns
        option ip '8.8.8.8'

The client config is missing.

A few remarks.
The vpn rule for tcp/443 is never used, as you are doing DNAT on 443 towards vpn zone. Since you are using port 4443 on the vpn server, you should open that one on the firewall for tcp and udp and remove the DNAT.
You don't have tcp and udp 4443 allowed from the guest networks.
The IP address and the netmask used in the VPN are wrong. For 8 clients you can use:

option ipaddr '192.168.1.248'
option netmask '255.255.255.248'

Make sure you have added in /etc/sysctl.conf the following line:
net.ipv4.conf.all.proxy_arp=1 and reloaded with sysctl -p

New I deleted the port forwarding rule, and changed the server port to 443, and allowed rules for the guest network.

Still I cannot access the vpn while I am using WiFi, hence the same WAN ip.

Assume my WAN ip is aa.bb.cc.dd, my vpn client on my iPhone is accessing the service through aa.bb.cc.dd:443. How can I connect the vpn service while the iPhone is on WiFi (has the same WAN ip aa.bb.cc.dd)?

I believe it would be easier to use a domain to resolve the internal IP when it is connected inside your network. You are using some name to connect to the server, right?

How would this help with the vpn exactly?

Look, I am relatively new to Linux, just started learning, and I didn't read similar advice from other places. I guess that's why I am asking.

It's proxy arp for the pseudo-bridge.

Why are you looking in other places and not in the official documentation?

I was following Forwarding Approach of this, and apparently totally missed the official documentation you referred to.

You are using the option zone 'lan' and I was under the impression that you want the proxy-arp approach.
In any case the documentation in the github is 4 years old, so I would be better to follow something more recent, or switch to something more commonly used, like OpenVPN or Wireguard.