OPNsense built in wireguard and virtual network

[Homeservesuper]

Hello, I am trying to setup a wireguard tunnel between a desktop system and a virtual machine server with OPNsense installed on it. I have followed the documentation on setting up as a road warrior (long term intent is using my phone instead of desktop)and have no ability to access the VLAN behind opnsense. I am using the built in wireguard interface. I can ping/curl between desktop and opnsense, desktop and wireguard instance, and VLAN and opnsense. Wireguard shows handshake connected. I cannot ping/curl between desktop and VLAN. This seems to be the opnsense firewall blocking the traffic. I have changed all rules to allow traffic in both directions. No improvement. I inadvertently created a rule allowing WAN outbound traffic and had success in reaching the VLAN. I then modified a NAT rule (trying to eliminate unnecessary rules) and it stopped working. I reverted OPNsense via restore a backup, and still nothing works. I actually went through 18 instances of backups looking for he one that worked, and even though I found the configuration that worked, it would not allow traffic to my VLAN. This seems to me that it should be a very simple setup, and I thought I understood the necessary networking requirements, but for some reason this is simply not working. Does anyone have some thoughts as to what I could be missing?