Hi,
Nevermind, I figured it out. I was just missing a route to send traffic for 10.100.0.0/24 to the Wireguard interface.
I have an existing external Wireguard server. I configured OPNsense (25.7.5 at the moment) as a Wireguard client for this server and the connection works. I can ping the Wireguard server from OPNsense (although not the other way around) over the VPN. The Wireguard peer is configured to only allow 10.100.0.0/24, which is my VPN network.
What I have no idea how to do is how to set up OPNsense in a way that my local clients can reach hosts in the Wireguard network. I need this for hosts that cannot run Wireguard themselves. I do *not* want to route *all* their traffic over Wireguard, only traffic going to 10.100.0.0/24. I also have no need to reach LAN hosts through Wireguard, outbound only is fine.
Can anyone here maybe point me in the direction of a tutorial for this? My own searches didn't come up with something useful. I did see the "Selective routing" guide (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) but this doesn't help me, because I don't want to route all traffic from particular hosts through the VPN.