Wait...
What is the src IP of this client???
whe src ip of the client is... 192.168.1.100 or else... hmm
here is the config with the changes i did, will post network and firewall, please see if it is ok, did the re route thing
~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fx'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.1.1.2'
config device
option name 'eth1'
option ipv6 '0'
option igmpversion '3'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
config interface 'wiro'
option proto 'wireguard'
option peerdns '0'
list addresses '2606:4700:110:87e9:d16e:c246:7da0:7976/128'
list addresses '172.16.0.2/24'
list dns '1.1.1.1'
list dns '1.0.0.1'
option force_link '1'
option private_key '1'
config wireguard_wiro
option description 'wgcf-profile.conf'
option public_key '1'
list allowed_ips '0.0.0.0/0,::/0'
option endpoint_host '162.159.192.1'
option endpoint_port '2408'
option route_allowed_ips '1'
option persistent_keepalive '10'
~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'DROP'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
list network 'wan'
list network 'wan6'
list network 'wiro'
config zone
option name 'wirozn'
option input 'DROP'
option forward 'DROP'
list network 'wiro'
option masq '1'
option output 'DROP'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config forwarding
option src 'lan'
option dest 'wirozn'
config rule
option name 'Allow_Wireguard_OUT'
option family 'ipv4'
list proto 'udp'
option dest 'wan'
list dest_ip '162.159.192.1'
option dest_port '2408'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
as you can see, followed the manual and fowarded all traffic to wirozn (wireguard adapter zone) added also a out rule to allow wireguard traffic go out