Incoming traffic on WG interface behind ISP modem

The Wireguard tunnel is working correctly, in the sense that any host in the wglan zone can connect to any host in the pfSense network. So there actually is a route to anywhere in the tunnel already (because of the list allowed_ips ' Or am I not understanding your point correctly?

This is the routing table:

My thinking is, OpenWrt actually receives the ping over wgwan, but the reply is sent via the main routing table to the gateway. Although that wouldn't explain why it works in my second setup.