I'll try to be clear as possible but I have a pretty weird setup.
I am trying to setup a separate subnet/lan/wifi ssid to have all traffic directed through a wireguard vpn/VPS. I have set up the wireguard interface and setup a separate vlan interface and that works fine. I know the wifi works because it can get a dhcp address from the router. The issue is I can't access the tunneled internet on this separate subnet. What makes it more complicated is I am currently using mwan3 to have failover betweeen 2 wan connections. I've tried setting up a separate mwan3 policy where any source address 192.168.40.0/24 from this separate subnet goes through the wireguard vpn. Is there something I am doing wrong? Should the traffic be passing through my wan instead?
I have a similar use case in that I selectively route certain traffic over a wireguard tunnel.
I'm talking from memory here, but you need to make sure that there is a default route configured for each of the interfaces, otherwise the mwan3 scripts won't work properly. Your WAN connections will have one, but your wg0 may not....
The output of a ip route show on my router looks as follows
ip route show
default via [wan ip] dev eth0 proto static src [wan ip] metric 10
default via [wan2 ip] dev eth1 proto static src [wan2 ip] metric 20
default dev wg0 proto static scope link metric 40