I have been playing and experimenting with my router now for weeks (literally!), but I can't get my desired setup to fully work as intended, so please allow me to ask for your help.
I did quite some searching for past forum discussions, but none of the ones I found seems to fit my problem, at least I couldn't make any sense in a way that lead me to a solution.
I have the following components that I need to work together:
WG port (I chose to go with 1195) is open in the firewall.
What I got to work:
I can connect to the WG interface with various clients from external networks
The peers can connect to the router IP 10.0.0.1
The peers can connect to the Internet
What I did not succeed in getting to work so far:
A WG peer connected to the WG interface, able to access the router IP 10.0.0.1 as well as the Internet, cannot connect to the Raspberry on either internal IP.
What am I doing wrong? I am stuck, please help me!
If you are using 10.0.0.1/16 on the LAN interface then you can't use 10.0.1.1/24 on the wireguard interface since they are overlapping. Devices on the LAN won't be able to talk to wireguard peers. Either you use 10.0.0.1/24 on the LAN, or you use for example 10.1.0.1/16, which don't overlap whith 10.0.1.1/24.
You can keep the address, just change the subnet mask to /24. The reason they are overlapping is that you are using a /16 on that interface. Unless you actually need to access 65K hosts on your network, the /16 is just unnecessary.
Also, in your firewall, add forwarding from Wireguard > LAN.
If that doesn't work, please post your WG configs (both on the OpenWrt side and one of the remote peers; sanitize by removing keys and public IP addresses, but don't change your private IP addresses and please make it very clear what you have redacted as to avoid confusion).