TCP connections failing via Wireguard

You have a complicated per interface --clamp-mss-to-pmtu and it might not be catching everything ? Try adding a blanket rule, ie
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

1 Like

Good catch @paravz , fix mtu is not supposed to be in lan zone, only in wan.