Lan devices cannot connect to other wireguard vpn clients

I have a wireguard server on Ubuntu. The routers have OpenWrt 23.05.0-rc3.
Server configuration:

[Interface].
Address = 100.10.1.1/24
ListenPort = 55954
PrivateKey = ...

PostUp = iptables -I FORWARD -i %i -j ACCEPT
PostUp = iptables -I FORWARD -o %i -j ACCEPT
PostUp = ip route add 192.200.1.0/24 via 100.10.1.4 dev %i
PostUp = ip route add 192.168.1.0/24 via 100.10.1.3 dev %i
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = ip route delete 192.200.1.0/24 via 100.10.1.4 dev %i
PostDown = ip route delete 192.168.1.0/24 via 100.10.1.3 dev %i

[Peer].
PublicKey = ...
PresharedKey = ...
AllowedIPs = 100.10.1.3/32,192.168.1.0/24

[Peer].
PublicKey = ...
PresharedKey = ...
AllowedIPs = 100.10.1.4/32,192.200.1.0/24

2 routers with the same configuration are connected to it (only the ip address in the vpn network is different). VPN interface firewall-zone: lan

config interface 'wg_vpn'
        option proto 'wireguard'
        option private_key '...'
        list addresses '100.10.1.3/24' or '192.168.1.4/24' on another router

config wireguard_wg_vpn
        option description 'Imported peer configuration'
        option public_key '...'
        option preshared_key '...'
        option endpoint_host 'SERVER IP'
        option endpoint_port 'SERVER PORT'
        option route_allowed_ips '1'
        option persistent_keepalive '25'
        list allowed_ips '100.10.1.0/24'
        list allowed_ips '192.200.1.0/24' or '192.168.1.0/24' on another router

When I try to ping the network devices of one router from another router, everything is fine.

ICMP echo req (84 bytes) from 100.10.1.3 to 192.200.1.1 on wg0        
ICMP echo req (84 bytes) from 100.10.1.3 to 192.200.1.1.1 on wg0                                                    
ICMP echo rply (84 bytes) from 192.200.1.1 to 100.10.1.3 on wg0                                                      
ICMP echo rply (84 bytes) from 192.200.1.1 to 100.10.1.3 on wg0

But when I try to do the same thing from a computer connected to one of the routers, I get no ping reply.

ICMP echo req (60 bytes) from 192.168.1.169 to 192.200.1.1 on wg0                                                    
ICMP echo req (60 bytes) from 192.168.1.169 to 192.200.1.1 on wg0

Ping request from device 192.168.1.169 (router has address 100.10.1.3) goes only to 100.10.1.1 (server) and 100.10.1.3.

do the routers run openwrt ?

The routers have OpenWrt 23.05.0-rc3

This indicates that

router 1 has address 100.10.1.3/32 and subnet 192.168.1.0/24

router 2 has address 100.10.1.3/32 and subnet 192.200.1.0/24

Is that correct?

If not make a drawing with all subnets involved, note that all involved subnets have to be different so both routers, WG-subnet and server have to be on different subnets!

BTW 192.200.1.0/24 is not a private address you should changes this in e.g. 192.168.200.0/24

Thanks for the tip on 192.200.1.0/24.
My network topology:

Network topology2739×1279 196 KB

You should not need to add static routes on the vpn server as route Allowed IPs is on by default (unless you have added Table = off)

On router with subnet 192.168.1.1 you have to set as allowed IPs:
100.10.1.0/24 and 192.200.1.0/24
Make sure to enable Route allowed IPs and set the WG interface in the LAN zone

On router with 192.100.1.1 you have to set the allowed IPs to
100.10.1.0/24 and 192.168.1.0/24
Again make sure to enable Route allowed IPs and set the WG interface in the LAN zone

You did not specify the VPN servers subnet but that should be different from other subnets!

I didn't notice among the comments. Table = off