Help Setup remote wireguard outbound nat rules

[camsec]

Hello,

Networking newb here. !

I got this setup:

ISP router -> local home lan -> ESXI (opnsense) -> wireguard instance to remote in + wireguard instance to VPN provider

In the opnsense their is 2 Gateways:

- WAN to home network/ISP (WAN)
- Wireguard out to VPN provider (WG)

When I remote in, I am succesful in connecting, but depending on the NAT outbound rule I get these behaviors:

If NAT outbound is applied to WAN interface for incoming remote connection, I can only acces local ressources, no internet
If NAT outbound rule is applied to WG interface, I get internet, but no local resources access

Ideally, I would want to have WAN gateway with internet and local ressources access.

I just dont know where to look further at this point.