PBR with wireguard works on laptop wifi but not cell phone

I have a few sites that are blocked while abroad example homedepot.com so I have wireguard setup and routes in PBR created. They work perfectly over wifi when browsing from my laptop but as soon as I try hitting them from my phone(oneplus 13) they get the geo block error. It doesn't make any since to me as both are using the same wifi network.

Is the phone using your home DNS ?

Yea both my laptop and cell are set for dhcp

That's not an answer to the question asked.

Temp map google.com to 0.0.0.0, try pinging it from the laptop.

Is your wg interface bound to a SSID? Trying to understand your setup.

I also think there are a few PBR options that prevent DNS leaks. As an example, here is the diff of my config.

--- pbr	2025-05-24 07:17:42.439915196 -0400
+++ live-pbr	2025-05-22 17:50:26.000000000 -0400
@@ -1,28 +1,29 @@
+
 config pbr 'config'
-	option enabled '0'
+	option enabled '1'
 	option verbosity '2'
 	option strict_enforcement '1'
 	option resolver_set 'dnsmasq.nftset'
 	list resolver_instance '*'
 	option ipv6_enabled '0'
 	list ignored_interface 'vpnserver'
+	option nft_file_support '0'
 	option boot_timeout '30'
 	option rule_create_option 'add'
+	option procd_boot_delay '0'
 	option procd_reload_delay '1'
 	option webui_show_ignore_target '0'
-	option nft_rule_counter '0'
 	option nft_set_auto_merge '1'
-	option nft_set_counter '0'
+	option nft_set_counter '1'
 	option nft_set_flags_interval '1'
 	option nft_set_flags_timeout '0'
-	option nft_set_gc_interval ''
 	option nft_set_policy 'performance'
-	option nft_set_timeout ''
 	list webui_supported_protocol 'all'
 	list webui_supported_protocol 'tcp'
 	list webui_supported_protocol 'udp'
 	list webui_supported_protocol 'tcp udp'
 	list webui_supported_protocol 'icmp'
+	option secure_reload '1'
 
 config include
 	option path '/usr/share/pbr/pbr.user.aws'
@@ -32,12 +33,6 @@
 	option path '/usr/share/pbr/pbr.user.netflix'
 	option enabled '0'
 
-config dns_policy
-	option name 'Redirect Local IP DNS'
-	option src_addr '192.168.1.5'
-	option dest_dns '1.1.1.1'
-	option enabled '0'
-
 config policy
 	option name 'Ignore Local Requests'
 	option interface 'ignore'
@@ -55,3 +50,14 @@
 	option interface 'wan'
 	option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
 	option enabled '0'
+
+config policy
+	option src_addr '10.9.4.0/24'
+	option interface 'wg1'
+	option name 'wg1 redirect'
+
+config policy
+	option src_addr '10.9.3.0/24'
+	option interface 'wg2'
+	option name 'wg1 redirect'

config pbr 'config'
        option enabled '1'
        option verbosity '2'
        option strict_enforcement '1'
        option resolver_set 'dnsmasq.nftset'
        list resolver_instance '*'
        option ipv6_enabled '1'
        option boot_timeout '30'
        option rule_create_option 'add'
        option procd_reload_delay '1'
        option webui_show_ignore_target '1'
        option nft_rule_counter '0'
        option nft_set_auto_merge '1'
        option nft_set_counter '0'
        option nft_set_flags_interval '1'
        option nft_set_flags_timeout '0'
        option nft_set_policy 'performance'
        list webui_supported_protocol 'all'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'

config include
        option path '/usr/share/pbr/pbr.user.aws'
        option enabled '0'

config include
        option path '/usr/share/pbr/pbr.user.netflix'
        option enabled '0'

config policy
        option name 'HD'
        option dest_addr 'homedepot.com'
        option interface 'wg_proton_va'
        option src_addr '192.168.78.0/24'

config policy
        option name 'experian'
        option src_addr '192.168.78.0/24'
        option dest_addr 'usa.experian.com'
        option interface 'wg_proton_va'

config policy
        option name 'ck'
        option src_addr '192.168.78.0/24'
        option dest_addr 'creditkarma.com'
        option interface 'wg_proton_va'

config policy
        option name 'lowes'
        option src_addr '192.168.78.0/24'
        option dest_addr 'lowes.com'
        option interface 'wg_proton_va'

config policy
        option name 'lan to vpn'
        option src_addr '192.168.78.0/24'
        option interface 'wan'

config policy
        option name 'Ignore Local Requests'
        option interface 'ignore'
        option dest_addr '10.0.0.0/24 10.0.1.0/24 192.168.100.0/24 192.168.1.0/2                                                                                                             4'
        option enabled '0'

config policy
        option name 'Plex/Emby Local Server'
        option interface 'wan'
        option src_port '8096 8920 32400'
        option enabled '0'

config policy
        option name 'Plex/Emby Remote Servers'
        option interface 'wan'
        option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.em                                                                                                             by.media'
        option enabled '0'

Only a few sites route through the WG interface, the rest go through the WAN. But the sites work perfectly fine over wifi just not over wifi on my phone which makes no sense.

I am not sure how to bind WG to an SSID

One client works the other not so look for the differences, it is usually related to IPv6 or DNS.

Thanks I'll be back later and test setting my cell to static. But yea it seems to be something like that on the android side with ipv6

It seems problem with your lifeguard config archive in the phone

Cha k that you are really directing all traffic through lifeguard when active.

Doublecheck yf there are differences in the files in your laptop and phone.