Wireguard site-2-site, config: how to force all internet traffic from host A of site 1 to be routed to site 2 and finally reach the internet

Hi everybody,
I have two subnet that I'm going to connect each other via wireguard using a VPS. Both of them have openWrt routers.
Now, only for host A of subnet Site_1, I want that all and only of its extranet traffic reach internet via the main router of subnet Site_2.
I draw this in the following picture (where the route is in orange :slight_smile: ):

Host A has a DCHP address obtained from Router @Site_1.
So I have to config:

  1. Router@Site_1: wireguard, firewall? and/or zone/routes on openWrt. This router has to be installed yet so I have no config file to show you... by the way, it is a d7800 and will have a vanilla installation.
  2. VPS: wireguard (almost done, for now we can skip this step that is no openWrt related)
  3. Router_1@Site_2: wireguard and firewall/routes on openWrt: here I create a zone for the wireguard interface, configured as in fig in luci;
  4. Router_2@Site_2: this is the main router of subnet SITE_2, I dont think I have to do anything here.

Considering all of this, the only thing I miss is how to force all non-local traffic from host A to go through the wireguard tunnel of its router, Router@Site_1. I'm trying to see the doc or similar thread but the uci sintax is not clear to me.
I think - and, for analogy with Router_1@Site_2, I prefer - to have to do two config:

  1. create a "rule/config" to intercept packets from host A to internet;
  2. create on Router@Site_1 a zone for the wireguard interface, to forwarding traffic through wan.

Is it my analysis right? Might you give me some help? This is the most ambitious config I've ever tried :open_mouth:
Thanks in advice!