WireGuard: client can only access LAN, not internet

I have WireGuard running on an OpenWrt device connected to my home WiFi (nothing on LAN/WAN wired ports, setup using this guide. I have the firewall disabled.

I can connect to WireGuard from other clients on my WiFi, but they can't access the internet just other devices on my LAN (192.168.x.x). Even if I set their DNS servers to

Any ideas?

check your firewall rules. is traffic from the wireguard interface allowed to wan?

The firewall service is disabled. The WWAN zone is where the wlan device is, the WAN zone has nothing AFAIK. Also which zone should WireGuard be assigned? I've tried both WAN and LAN, as well as none.

Enable it.

Depends on the level of trust and the need of masquerading.
Assuming it is your own router which is the main gateway for lan network and you have only trusted clients, lan zone should suit well enough.

I enabled the firewall and assigned wg0 to the lan zone, but still no luck.

Everything is happening behind my LAN BTW (behind another firewall). Once I get WireGuard working and test the speed, I plan to forward a WAN port to the OpenWrt WireGuard server.

My network looks like this:

[modem] -> [WiFi router] -> [WireGuard server] + [other devices]

where one of the other devices is the WG client in this test.