When you establish a VPN connection, you are connecting to some server somewhere
which then acts as your point of origin as far as any service you access is concerned.
From what I know, you configure the VPN software itself to be able to route traffic destined to the VPN endpoint … back to your machine.
A local firewall configuration is not the place to do it at.
It has to allow incoming connections though - something that is easy to achieve by not having that firewall at all (me thinks).
It is edge / access device which allows other devices on eth0 and wlan1 to connect to internet through wireguard/VPN.
The access device also provides DNS filters.
The connection to internet on the access device is fine with as well as without local firewall.
The issue is only with the internal devices connected on eth0 and wlan1 which do not have access to internet. I think that requires some NAT / IP Masquerading to get the traffic between the internal and external zone/interfaces.
… the “device” is running/initiating the VPN (as I understand it)
the device needs to then forward the connection attempts from the outside … to where they are supposed to be arriving
The local firewall can simply allow or deny any connection (in or out)
It can’t do anything about the things that are arriving at the “device” or how it handles these connections.