FYI
disable MSS clamping :-[
Problem was caused by bad config, probably i had followed some tutorial or this is not necessary anymore.
@ Firewall: Settings: Normalization
I had a setting for the WG-Group enforcing a max MSS.
Disabling this resolved all problems with WG
Clients did not reach LAN in a site to site setup.
Symptoms were with opn being the "client" i.e. initiating the connection to another "server".
( Client <-> WG relay server <-> opn <-> LAN )
While opn being the "server" was working fine, but not a reliable option due to dynamic IP.
( Client <-> opn <-> LAN )