The firewall rules... is this WG interface? The rules looks pretty weird...1. The "WG allow internet" rule is last match, causing that "reject private networks" will be hit before2. "allow S21" and "allow surface" rule´s source is a host IP, but you´re using /24 instead of /32 (but should not be the problem)3. there are two DNS rules. Why? 192.168.10.1 is "this firewall" / the sense´s LAN IP, correct? Use the sense´s WG IP instead (192.168.20.1 I guess)This are the rules for my WG (Roadwarrior) interface for reference:
For Windows client use allowed IPs / erlaubte IPs ) = 0.0.0.0/1, 128.0.0.0/1 as Windows don´t like to change the default route 0.0.0.0/0
It is wrong configuration or only another way to block traffic between interfaces and allow internet?
The VPN Connection works, ping to LAN devices works, but there is no interent.
I suggest to clean up the FW rules, maybe start with one rule "allow WG to any" as you are doing nothing else with those rules for the only two clients that can be connected to WG interface. If you need to block something, place those block rules before "allow any", everything first match.